This optional module is used to assign organization roles
module "organization-iam-bindings" {
source = "terraform-google-modules/iam/google//modules/organizations_iam"
organizations = ["my-organization_one", "my-organization_two"]
mode = "authoritative"
bindings = {
"roles/resourcemanager.organizationViewer" = [
"serviceAccount:my-sa@my-project.iam.gserviceaccount.com",
"group:my-group@my-org.com",
"user:my-user@my-org.com",
]
"roles/resourcemanager.projectDeleter" = [
"serviceAccount:my-sa@my-project.iam.gserviceaccount.com",
"group:my-group@my-org.com",
"user:my-user@my-org.com",
]
}
conditional_bindings = [
{
role = "roles/editor"
title = "expires_after_2019_12_31"
description = "Expiring at midnight of 2019-12-31"
expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")"
members = ["user:my-user@my-org.com"]
}
]
}
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bindings | Map of role (key) and list of members (value) to add the IAM policies/bindings | map(list(string)) | <map> |
no |
| conditional_bindings | List of maps of role and respective conditions, and the members to add the IAM policies/bindings | object | <list> |
no |
| mode | Mode for adding the IAM policies/bindings, additive and authoritative | string | "additive" |
no |
| organizations | Organizations list to add the IAM policies/bindings | list(string) | <list> |
no |
| Name | Description |
|---|---|
| members | Members which were bound to organizations. |
| organizations | Organizations which received bindings. |
| roles | Roles which were assigned to members. |