AI 助理
备案控制台
文档
输入文档关键字查找
首页 Terraform 资源列表 KMS Resources alicloud_kms_policy

alicloud_kms_policy

更新时间:
我的收藏

Provides a KMS Policy resource. Permission policies which can be bound to the Application Access Points.

For information about KMS Policy and how to use it, see What is Policy.

-> NOTE: Available since v1.210.0.

Example Usage

Basic Usage


variable "name" {
  default = "terraform-example"
}

resource "alicloud_kms_network_rule" "networkRule1" {
  description       = "dummy"
  source_private_ip = ["10.10.10.10"]
  network_rule_name = format("%s1", var.name)
}

resource "alicloud_kms_network_rule" "networkRule2" {
  description       = "dummy"
  source_private_ip = ["10.10.10.10"]
  network_rule_name = format("%s2", var.name)
}

resource "alicloud_kms_network_rule" "networkRule3" {
  description       = "dummy"
  source_private_ip = ["10.10.10.10"]
  network_rule_name = format("%s3", var.name)
}


resource "alicloud_kms_policy" "default" {
  description          = "terraformpolicy"
  permissions          = ["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]
  resources            = ["secret/*", "key/*"]
  policy_name          = var.name
  kms_instance_id      = "shared"
  access_control_rules = <<EOF
  {
      "NetworkRules":[
          "alicloud_kms_network_rule.networkRule1.network_rule_name"
      ]
  }
  EOF
}

Argument Reference

The following arguments are supported:

  • access_control_rules - (Required) Network Rules in JSON struct.
  • description - (Optional) Description.
  • kms_instance_id - (Required, ForceNew) KMS instance .
  • permissions - (Required) Allowed permissions (RBAC)Optional values:"RbacPermission/Template/CryptoServiceKeyUser" and "RbacPermission/Template/CryptoServiceSecretUser".
  • policy_name - (Required, ForceNew) Policy Name.
  • resources - (Required) The resources that the permission policy allows to access.Use "key/${KeyId}" or "key/" to specify a key or all keys.Use "secret/${SecretName}" or "secret/" to specify a secret or all secrets.

Attributes Reference

The following attributes are exported:

  • id - The ID of the resource supplied above.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 5 mins) Used when create the Policy.
  • delete - (Defaults to 5 mins) Used when delete the Policy.
  • update - (Defaults to 5 mins) Used when update the Policy.

Import

KMS Policy can be imported using the id, e.g.

$ terraform import alicloud_kms_policy.example <id>

上一篇:alicloud_kms_network_rule下一篇:alicloud_kms_secret
文档推荐