» google_kms_crypto_key_iam_member

Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud KMS crypto key.

» Example Usage

resource "google_kms_crypto_key_iam_member" "crypto_key" {
  crypto_key_id = "your-crypto-key-id"
  role          = "roles/editor"
  member        = "user:alice@gmail.com"

» Argument Reference

The following arguments are supported:

  • member - (Required) The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

  • role - (Required) The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

  • crypto_key_id - (Required) The key ring ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider's project setting will be used as a fallback.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • etag - (Computed) The etag of the project's IAM policy.

» Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account. This member resource can be imported using the crypto_key_id, role, and member identity e.g.

$ terraform import google_kms_crypto_key_iam_member.member "your-project-id/location-name/key-name roles/viewer user:foo@example.com"