IBM Cloud Docs
VPC resource attributes

VPC resource attributes

When you use Terraform or the IBM Cloud® Command Line Interface (CLI) to create, update, or delete IBM Cloud Identity and Access Management (IAM) access policies, you can specify the target VPC resource by using resource attributes.

Resource attributes are in the form of  name=value,name=value....

You can select a resource object by entering the ID of the object. Or, you can enter the wildcard * in value to denote all applicable objects. For example, the attribute vpcId:* set the access policy to be applicable to all the VPCs in the account. You can also specify which resource group the policy is applied to in the command.

The following example CLI command gives the user Viewer role for all the VPCs in the current account:

ibmcloud iam user-policy-create --roles Viewer --service-name is --attributes "vpcId=*"

For more information about using the CLI to create and modify IAM access policy, see ibmcloud iam user-policy-create.

For more information about using Terraform to create IAM access policies, see the resources attribute for the following IAM policies:

See Table 1 for the full list of VPC resource attributes.

Table 1. VPC resource attributes
Resource Resource Attribute
Auto Scale for VPC instanceGroupId:<instance-group-id>
Backup service backupPolicyId: <backup-policy-id>
Block Storage for VPC volumeId: <volume-id>
Bare metal server bareMetalServerId: <bare-metal-server-id>
Dedicated Host for VPC dedicatedHostId:<dedicated-host-id>
File Storage shareId: <share-id>
Floating IP for VPC floatingIpId: <fip-id>
Flow Logs for VPC flowLogCollectorId: <flc-id>
Image Service for VPC imageId:<image-id>
Load Balancer for VPC loadBalancerId: <load-balancer-id>
Network ACL networkAclId: <nacl-id>
Placement Group for VPC placementGroupId: <placement-group-id>
Public Gateway for VPC publicGatewayId: <pgw-id>
Reservations for VPC reservationId: <reservation-id>
Security Group for VPC securityGroupId: <default-sec-grp-id>
Snapshots snapshotId: <snapshot-id>
SSH Key for VPC keyId:<key-id>
Subnet subnetId: <subnet-id>
Virtual Network Interface virtualNetworkInterfaceId:<virtual-network-interface-id>
Virtual Private Endpoint for VPC endpointGatewayId:<endpoint-gateway-id>
Virtual Private Cloud vpcId: <vpc-id>
Virtual Server for VPC instanceId: <instance-id>
VPN for VPC vpnGatewayID: <vpn-gateway-id>