pulumi-gcp-kotlin/com.pulumi.gcp.organizations.kotlin/IamAuditConfigArgs

IamAuditConfigArgs

data class IamAuditConfigArgs(val auditLogConfigs: Output<List<IamAuditConfigAuditLogConfigArgs>>? = null, val orgId: Output<String>? = null, val service: Output<String>? = null) : ConvertibleToJava<IamAuditConfigArgs>

Allows management of audit logging config for a given service for a Google Cloud Platform Organization.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.IamAuditConfig;
import com.pulumi.gcp.organizations.IamAuditConfigArgs;
import com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var config = new IamAuditConfig("config", IamAuditConfigArgs.builder()
            .auditLogConfigs(IamAuditConfigAuditLogConfigArgs.builder()
                .exemptedMembers("user:joebloggs@hashicorp.com")
                .logType("DATA_READ")
                .build())
            .orgId("your-organization-id")
            .service("allServices")
            .build());
    }
}
Content copied to clipboard

Import

IAM audit config imports use the identifier of the resource in question and the service, e.g.

$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig config "your-organization-id foo.googleapis.com"
Content copied to clipboard

Constructors

Link copied to clipboard
fun IamAuditConfigArgs(auditLogConfigs: Output<List<IamAuditConfigAuditLogConfigArgs>>? = null, orgId: Output<String>? = null, service: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): IamAuditConfigArgs

Properties

Link copied to clipboard
val auditLogConfigs: Output<List<IamAuditConfigAuditLogConfigArgs>>? = null

The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below.

Link copied to clipboard
val orgId: Output<String>? = null

The numeric ID of the organization in which you want to manage the audit logging config.

Link copied to clipboard
val service: Output<String>? = null

Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google\_organization\_iam\_audit\_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.