Iam
Import
IAM member imports use space-delimited identifiers; the resource in question, the role, and the account. This member resource can be imported using the folder, role, and member e.g.
$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig my_folder "folder roles/viewer user:foo@example.com"IAM binding imports use space-delimited identifiers; the resource in question and the role. This binding resource can be imported using the folder and role, e.g.
$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig my_folder "folder roles/viewer"IAM policy imports use the identifier of the resource in question. This policy resource can be imported using the folder.
$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig my_folder folderIAM audit config imports use the identifier of the resource in question and the service, e.g.
$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig my_folder "folder foo.googleapis.com"->Custom RolesIf you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. organizations/{{org_id}}/roles/{{role_id}}. ->Conditional IAM BindingsIf you're importing a IAM binding with a condition block, make sure
$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig to include the title of condition, e.g. `google_folder_iam_binding.my_folder "folder roles/{{role_id}} condition-title"`Properties
Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google\_folder\_iam\_audit\_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.