This optional module is used to assign subnet roles
module "subnet-iam-bindings" {
source = "terraform-google-modules/iam/google//modules/subnets_iam"
version = "~> 8.0"
subnets = ["my-subnet_one", "my-subnet_two"]
subnets_region = "my-region"
project = "my-project"
mode = "authoritative"
bindings = {
"roles/compute.networkUser" = [
"serviceAccount:[email protected]",
"group:[email protected]",
"user:[email protected]",
]
"roles/compute.networkViewer" = [
"serviceAccount:[email protected]",
"group:[email protected]",
"user:[email protected]",
]
}
conditional_bindings = [
{
role = "roles/compute.networkAdmin"
title = "expires_after_2019_12_31"
description = "Expiring at midnight of 2019-12-31"
expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")"
members = ["user:[email protected]"]
}
]
}
| Name |
Description |
Type |
Default |
Required |
| bindings |
Map of role (key) and list of members (value) to add the IAM policies/bindings |
map(list(string)) |
{} |
no |
| conditional_bindings |
List of maps of role and respective conditions, and the members to add the IAM policies/bindings |
list(object({
role = string
title = string
description = string
expression = string
members = list(string)
})) |
[] |
no |
| mode |
Mode for adding the IAM policies/bindings, additive and authoritative |
string |
"additive" |
no |
| project |
Project to add the IAM policies/bindings |
string |
"" |
no |
| subnets |
Subnetwork list to add the IAM policies/bindings |
list(string) |
[] |
no |
| subnets_region |
Subnetworks region |
string |
n/a |
yes |
| Name |
Description |
| members |
Members which were bound to the Subnetwork. |
| roles |
Roles which were assigned to members. |
| subnets |
Subnetworks which received bindings. |