AI 助理
备案控制台
文档
输入文档关键字查找
首页 Terraform 资源列表 Cloud SSO Resources alicloud_cloud_sso_access_configuration

alicloud_cloud_sso_access_configuration

更新时间:
我的收藏

Provides a Cloud SSO Access Configuration resource.

For information about Cloud SSO Access Configuration and how to use it, see What is Access Configuration.

-> NOTE: Available since v1.145.0.

Example Usage

Basic Usage


variable "name" {
  default = "terraform-example"
}

provider "alicloud" {
  region = "cn-shanghai"
}

data "alicloud_cloud_sso_directories" "default" {
}

resource "alicloud_cloud_sso_access_configuration" "default" {
  directory_id              = data.alicloud_cloud_sso_directories.default.directories.0.id
  access_configuration_name = var.name
  permission_policies {
    permission_policy_type     = "Inline"
    permission_policy_name     = var.name
    permission_policy_document = <<EOF
    {
        "Statement":[
      {
        "Action":"ecs:Get*",
        "Effect":"Allow",
        "Resource":[
            "*"
        ]
      }
      ],
        "Version": "1"
    }
    EOF
  }
}

Argument Reference

The following arguments are supported:

  • directory_id - (Required, ForceNew) The ID of the Directory.

  • access_configuration_name - (Required, ForceNew) The name of the access configuration. The name can be up to 32 characters long and can contain letters, digits, and hyphens (-).

  • session_duration - (Optional, Int) The SessionDuration of the Access Configuration. Unit: Seconds. Valid values: 900 to 43200.

  • relay_state - (Optional) The RelayState of the Access Configuration, Cloud SSO users use this access configuration to access the RD account, the initial access page address. Must be the Alibaba Cloud console page, the default is the console home page.

  • description - (Optional) The description of the access configuration. The description can be up to 1024 characters in length.

  • permission_policies - (Optional, Set) The Policy List. See permission_policies below.

  • force_remove_permission_policies - (Optional, Bool) This parameter is used to force deletion permission_policies. Valid Value: true, false.

  • NOTE: The permission_policies will be removed automatically when the resource is deleted, please operate with caution. If there are left more permission policies in the access configuration, please remove them before deleting the access configuration.

permission_policies

The permission_policies supports the following:

  • permission_policy_type - (Required) The type of the policy. Valid values: System, Inline.
  • permission_policy_name - (Required) The name of the policy.
  • permission_policy_document - (Optional) The configurations of the inline policy. NOTE: If permission_policy_type is set to Inline, permission_policy_document is required.

Attributes Reference

The following attributes are exported:

  • id - The resource ID in terraform of Access Configuration. It formats as <directory_id>:<access_configuration_id>.
  • access_configuration_id - The ID of the Access Configuration.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 5 mins) Used when create the Access Configuration.
  • update - (Defaults to 5 mins) Used when update the Access Configuration.
  • delete - (Defaults to 5 mins) Used when delete the Access Configuration.

Import

Cloud SSO Access Configuration can be imported using the id, e.g.

$ terraform import alicloud_cloud_sso_access_configuration.example <directory_id>:<access_configuration_id>

上一篇:alicloud_cloud_sso_access_assignment下一篇:alicloud_cloud_sso_access_configuration_provisioning
文档推荐