Google Cloud Healthcare Consent Store IAM

This page shows how to write Terraform for Cloud Healthcare Consent Store IAM and write them securely.

google_healthcare_consent_store_iam (Terraform)

The Consent Store IAM in Cloud Healthcare can be configured in Terraform with the resource name google_healthcare_consent_store_iam. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

The following arguments are supported:

  • consent_store_id - (Required) Used to find the parent resource to bind the IAM policy to

  • dataset - (Required) Identifies the dataset addressed by this request. Must be in the format 'projects/[project]/locations/[location]/datasets/[dataset]' Used to find the parent resource to bind the IAM policy to

  • member/members - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values:

    • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
    • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
    • user:[emailid]: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
    • serviceAccount:[emailid]: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
    • group:[emailid]: An email address that represents a Google group. For example, admins@example.com.
    • domain:[domain]: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
    • projectOwner:projectid: Owners of the given project. For example, "projectOwner:my-example-project"
    • projectEditor:projectid: Editors of the given project. For example, "projectEditor:my-example-project"
    • projectViewer:projectid: Viewers of the given project. For example, "projectViewer:my-example-project"
  • role - (Required) The role that should be applied. Only one google_healthcare_consent_store_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/[parent-name]/roles/[role-name].

  • policy_data - (Required only by google_healthcare_consent_store_iam_policy) The policy data generated by a google_iam_policy data source.

In addition to the arguments listed above, the following computed attributes are exported:

  • etag - (Computed) The etag of the IAM policy.

Explanation in Terraform Registry

Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:

  • google_healthcare_consent_store_iam_policy: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.
  • google_healthcare_consent_store_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.
  • google_healthcare_consent_store_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.

    Note: google_healthcare_consent_store_iam_policy cannot be used in conjunction with google_healthcare_consent_store_iam_binding and google_healthcare_consent_store_iam_member or they will fight over what your policy should be.

    Note: google_healthcare_consent_store_iam_binding resources can be used in conjunction with google_healthcare_consent_store_iam_member resources only if they do not grant privilege to the same role.

Frequently asked questions

Google Cloud Healthcare Consent Store IAM is a resource for Cloud Healthcare of Google Cloud Platform. Settings can be wrote in Terraform.

security-icon

Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.