pulumi-gcp-kotlin/com.pulumi.gcp.organizations.kotlin/IamAuditConfigArgs

IamAuditConfigArgs

data class IamAuditConfigArgs(val auditLogConfigs: Output<List<IamAuditConfigAuditLogConfigArgs>>? = null, val orgId: Output<String>? = null, val service: Output<String>? = null) : ConvertibleToJava<IamAuditConfigArgs>

Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account. This member resource can be imported using the org_id, role, and member e.g.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig my_organization "your-orgid roles/viewer user:foo@example.com"
Content copied to clipboard

IAM binding imports use space-delimited identifiers; the resource in question and the role. This binding resource can be imported using the org_id and role, e.g.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig my_organization "your-org-id roles/viewer"
Content copied to clipboard

IAM policy imports use the identifier of the resource in question. This policy resource can be imported using the org_id.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig my_organization your-org-id
Content copied to clipboard

IAM audit config imports use the identifier of the resource in question and the service, e.g.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig my_organization "your-organization-id foo.googleapis.com"
Content copied to clipboard

->Custom RolesIf you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. organizations/{{org_id}}/roles/{{role_id}}. ->Conditional IAM BindingsIf you're importing a IAM binding with a condition block, make sure

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig to include the title of condition, e.g. `google_organization_iam_binding.my_organization "your-org-id roles/{{role_id}} condition-title"`
Content copied to clipboard

Constructors

Link copied to clipboard
fun IamAuditConfigArgs(auditLogConfigs: Output<List<IamAuditConfigAuditLogConfigArgs>>? = null, orgId: Output<String>? = null, service: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): IamAuditConfigArgs

Properties

Link copied to clipboard
val auditLogConfigs: Output<List<IamAuditConfigAuditLogConfigArgs>>? = null

The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below.

Link copied to clipboard
val orgId: Output<String>? = null

The organization ID. If not specified for gcp.organizations.IAMBinding, gcp.organizations.IAMMember, or gcp.organizations.IamAuditConfig, uses the ID of the organization configured with the provider. Required for gcp.organizations.IAMPolicy - you must explicitly set the organization, and it will not be inferred from the provider.

Link copied to clipboard
val service: Output<String>? = null

Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google\_organization\_iam\_audit\_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.