VPC resource attributes
When you use Terraform or the IBM Cloud® Command Line Interface (CLI) to create, update, or delete IBM Cloud Identity and Access Management (IAM) access policies, you can specify the target VPC resource by using resource attributes.
Resource attributes are in the form of name=value,name=value....
You can select a resource object by entering the ID of the object. Or, you can enter the wildcard * in value to denote all applicable objects. For example, the attribute vpcId:* set the access policy to be
applicable to all the VPCs in the account. You can also specify which resource group the policy is applied to in the command.
The following example CLI command gives the user name@example.com Viewer role for all the VPCs in the current account:
ibmcloud iam user-policy-create name@example.com --roles Viewer --service-name is --attributes "vpcId=*"
For more information about using the CLI to create and modify IAM access policy, see ibmcloud iam user-policy-create.
For more information about using Terraform to create IAM access policies, see the resources attribute for the following IAM policies:
ibm_iam-access_group_policyibm_iam_service_policyibm_iam_user_policyibm_iam_user_invite- (
iam_policy.resource.attributes)
See Table 1 for the full list of VPC resource attributes.
| Resource | Resource Attribute |
|---|---|
| Auto Scale for VPC | instanceGroupId:<instance-group-id> |
| Backup service | backupPolicyId: <backup-policy-id> |
| Block Storage for VPC | volumeId: <volume-id> |
| Bare metal server | bareMetalServerId: <bare-metal-server-id> |
| Cluster networks for VPC | clusterNetworkId: <cluster-network-id> |
| Dedicated Host for VPC | dedicatedHostId:<dedicated-host-id> |
| File Storage | shareId: <share-id> |
| Floating IP for VPC | floatingIpId: <fip-id> |
| Flow Logs for VPC | flowLogCollectorId: <flc-id> |
| Image Service for VPC | imageId:<image-id> |
| Load Balancer for VPC | loadBalancerId: <load-balancer-id> |
| Network ACL | networkAclId: <nacl-id> |
| Placement Group for VPC | placementGroupId: <placement-group-id> |
| Private Path services for VPC | privatePathServiceGatewayId: <private-path-service-gateway-id> |
| Public Gateway for VPC | publicGatewayId: <pgw-id> |
| Reservations for VPC | reservationId: <reservation-id> |
| Security Group for VPC | securityGroupId: <default-sec-grp-id> |
| Snapshots | snapshotId: <snapshot-id> |
| SSH Key for VPC | keyId:<key-id> |
| Subnet | subnetId: <subnet-id> |
| Virtual Network Interface | virtualNetworkInterfaceId:<virtual-network-interface-id> |
| Virtual Private Endpoint for VPC | endpointGatewayId:<endpoint-gateway-id> |
| Virtual Private Cloud | vpcId: <vpc-id> |
| Virtual Server for VPC | instanceId: <instance-id> |
| VPN for VPC | vpnGatewayID: <vpn-gateway-id> |