» IAM policy for a service account

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is used to add IAM policy bindings to a service account resource to configure permissions that define who can edit the service account.

There are three different resources that help you manage your IAM policy for a service account. Each of these resources is used for a different use case:

» yandex_service_account_iam_member

resource "yandex_iam_service_account_iam_member" "admin-account-iam" {
  service_account_id = "your-service-account-id"
  role               = "admin"
  member             = "userAccount:bar_user_id"
}

» Argument Reference

The following arguments are supported:

  • service_account_id - (Required) The service account ID to apply a policy to.

  • role - (Required) The role that should be applied. Only one yandex_iam_service_account_iam_binding can be used per role.

  • member - (Required) Identity that will be granted the privilege in role. Entry can have one of the following values:

    • userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
    • serviceAccount:{service_account_id}: A unique service account ID.

» Import

Service account IAM member resources can be imported using the service account ID, role and member.

$ terraform import yandex_iam_service_account_iam_member.admin-account-iam "service_account_id roles/editor foo@example.com"