Iam
data class IamAuditConfigArgs(val auditLogConfigs: Output<List<IamAuditConfigAuditLogConfigArgs>>? = null, val orgId: Output<String>? = null, val service: Output<String>? = null) : ConvertibleToJava<IamAuditConfigArgs>
Allows management of audit logging config for a given service for a Google Cloud Platform Organization.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.IamAuditConfig;
import com.pulumi.gcp.organizations.IamAuditConfigArgs;
import com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var config = new IamAuditConfig("config", IamAuditConfigArgs.builder()
.auditLogConfigs(IamAuditConfigAuditLogConfigArgs.builder()
.exemptedMembers("user:joebloggs@hashicorp.com")
.logType("DATA_READ")
.build())
.orgId("your-organization-id")
.service("allServices")
.build());
}
}Content copied to clipboard
Import
IAM audit config imports use the identifier of the resource in question and the service, e.g.
$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig config "your-organization-id foo.googleapis.com"Content copied to clipboard
Constructors
Link copied to clipboard
constructor(auditLogConfigs: Output<List<IamAuditConfigAuditLogConfigArgs>>? = null, orgId: Output<String>? = null, service: Output<String>? = null)
Properties
Link copied to clipboard
The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below.
Link copied to clipboard
Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google\_organization\_iam\_audit\_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.