pulumi-gcp-kotlin/com.pulumi.gcp.organizations.kotlin/IamAuditConfig

IamAuditConfig

class IamAuditConfig : KotlinCustomResource

Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account. This member resource can be imported using the org_id, role, and member e.g.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig my_organization "your-orgid roles/viewer user:foo@example.com"
Content copied to clipboard

IAM binding imports use space-delimited identifiers; the resource in question and the role. This binding resource can be imported using the org_id and role, e.g.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig my_organization "your-org-id roles/viewer"
Content copied to clipboard

IAM policy imports use the identifier of the resource in question. This policy resource can be imported using the org_id.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig my_organization your-org-id
Content copied to clipboard

IAM audit config imports use the identifier of the resource in question and the service, e.g.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig my_organization "your-organization-id foo.googleapis.com"
Content copied to clipboard

->Custom RolesIf you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. organizations/{{org_id}}/roles/{{role_id}}. ->Conditional IAM BindingsIf you're importing a IAM binding with a condition block, make sure

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig to include the title of condition, e.g. `google_organization_iam_binding.my_organization "your-org-id roles/{{role_id}} condition-title"`
Content copied to clipboard

Properties

Link copied to clipboard
val auditLogConfigs: Output<List<IamAuditConfigAuditLogConfig>>

The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below.

Link copied to clipboard
val etag: Output<String>

(Computed) The etag of the organization's IAM policy.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val orgId: Output<String>

The organization ID. If not specified for gcp.organizations.IAMBinding, gcp.organizations.IAMMember, or gcp.organizations.IamAuditConfig, uses the ID of the organization configured with the provider. Required for gcp.organizations.IAMPolicy - you must explicitly set the organization, and it will not be inferred from the provider.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val service: Output<String>

Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google\_organization\_iam\_audit\_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.

Link copied to clipboard
val urn: Output<String>