IAMAudit
Import
IAM member imports use space-delimited identifiers; the resource in question, the role, and the account. This member resource can be imported using the project_id, role, and member e.g.
$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig my_project "your-project-id roles/viewer user:foo@example.com"IAM binding imports use space-delimited identifiers; the resource in question and the role. This binding resource can be imported using the project_id and role, e.g.
$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig my_project "your-project-id roles/viewer"IAM policy imports use the identifier of the resource in question. This policy resource can be imported using the project_id.
$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig my_project your-project-idIAM audit config imports use the identifier of the resource in question and the service, e.g.
$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig my_project "your-project-id foo.googleapis.com"->Custom RolesIf you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. [projects/my-project|organizations/my-org]/roles/my-custom-role. ->Conditional IAM BindingsIf you're importing a IAM binding with a condition block, make sure
$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig to include the title of condition, e.g. `google_project_iam_binding.my_project "{{your-project-id}} roles/{{role_id}} condition-title"`Properties
Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google\_project\_iam\_audit\_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.