ibm 1.85.0 published on Sunday, Nov 9, 2025 by ibm-cloud
ibm 1.85.0 published on Sunday, Nov 9, 2025 by ibm-cloud
Retrieve information about an IAM access group policy. For more information, about IAM role action, see managing access to resources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const accgrp = new ibm.IamAccessGroup("accgrp", {name: "test123"});
const policyIamAccessGroupPolicy = new ibm.IamAccessGroupPolicy("policy", {
accessGroupId: accgrp.iamAccessGroupId,
roles: ["Viewer"],
resources: {
service: "cloud-object-storage",
},
});
const policy = ibm.getIamAccessGroupPolicyOutput({
accessGroupId: policyIamAccessGroupPolicy.accessGroupId,
transactionId: "terrformAccessGroupPolicy",
});
import pulumi
import pulumi_ibm as ibm
accgrp = ibm.IamAccessGroup("accgrp", name="test123")
policy_iam_access_group_policy = ibm.IamAccessGroupPolicy("policy",
access_group_id=accgrp.iam_access_group_id,
roles=["Viewer"],
resources={
"service": "cloud-object-storage",
})
policy = ibm.get_iam_access_group_policy_output(access_group_id=policy_iam_access_group_policy.access_group_id,
transaction_id="terrformAccessGroupPolicy")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
accgrp, err := ibm.NewIamAccessGroup(ctx, "accgrp", &ibm.IamAccessGroupArgs{
Name: pulumi.String("test123"),
})
if err != nil {
return err
}
policyIamAccessGroupPolicy, err := ibm.NewIamAccessGroupPolicy(ctx, "policy", &ibm.IamAccessGroupPolicyArgs{
AccessGroupId: accgrp.IamAccessGroupId,
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
Resources: &ibm.IamAccessGroupPolicyResourcesArgs{
Service: pulumi.String("cloud-object-storage"),
},
})
if err != nil {
return err
}
_ = ibm.LookupIamAccessGroupPolicyOutput(ctx, ibm.GetIamAccessGroupPolicyOutputArgs{
AccessGroupId: policyIamAccessGroupPolicy.AccessGroupId,
TransactionId: pulumi.String("terrformAccessGroupPolicy"),
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var accgrp = new Ibm.IamAccessGroup("accgrp", new()
{
Name = "test123",
});
var policyIamAccessGroupPolicy = new Ibm.IamAccessGroupPolicy("policy", new()
{
AccessGroupId = accgrp.IamAccessGroupId,
Roles = new[]
{
"Viewer",
},
Resources = new Ibm.Inputs.IamAccessGroupPolicyResourcesArgs
{
Service = "cloud-object-storage",
},
});
var policy = Ibm.GetIamAccessGroupPolicy.Invoke(new()
{
AccessGroupId = policyIamAccessGroupPolicy.AccessGroupId,
TransactionId = "terrformAccessGroupPolicy",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAccessGroup;
import com.pulumi.ibm.IamAccessGroupArgs;
import com.pulumi.ibm.IamAccessGroupPolicy;
import com.pulumi.ibm.IamAccessGroupPolicyArgs;
import com.pulumi.ibm.inputs.IamAccessGroupPolicyResourcesArgs;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetIamAccessGroupPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var accgrp = new IamAccessGroup("accgrp", IamAccessGroupArgs.builder()
.name("test123")
.build());
var policyIamAccessGroupPolicy = new IamAccessGroupPolicy("policyIamAccessGroupPolicy", IamAccessGroupPolicyArgs.builder()
.accessGroupId(accgrp.iamAccessGroupId())
.roles("Viewer")
.resources(IamAccessGroupPolicyResourcesArgs.builder()
.service("cloud-object-storage")
.build())
.build());
final var policy = IbmFunctions.getIamAccessGroupPolicy(GetIamAccessGroupPolicyArgs.builder()
.accessGroupId(policyIamAccessGroupPolicy.accessGroupId())
.transactionId("terrformAccessGroupPolicy")
.build());
}
}
resources:
accgrp:
type: ibm:IamAccessGroup
properties:
name: test123
policyIamAccessGroupPolicy:
type: ibm:IamAccessGroupPolicy
name: policy
properties:
accessGroupId: ${accgrp.iamAccessGroupId}
roles:
- Viewer
resources:
service: cloud-object-storage
variables:
policy:
fn::invoke:
function: ibm:getIamAccessGroupPolicy
arguments:
accessGroupId: ${policyIamAccessGroupPolicy.accessGroupId}
transactionId: terrformAccessGroupPolicy
Using getIamAccessGroupPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getIamAccessGroupPolicy(args: GetIamAccessGroupPolicyArgs, opts?: InvokeOptions): Promise<GetIamAccessGroupPolicyResult>
function getIamAccessGroupPolicyOutput(args: GetIamAccessGroupPolicyOutputArgs, opts?: InvokeOptions): Output<GetIamAccessGroupPolicyResult>def get_iam_access_group_policy(access_group_id: Optional[str] = None,
id: Optional[str] = None,
sort: Optional[str] = None,
transaction_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetIamAccessGroupPolicyResult
def get_iam_access_group_policy_output(access_group_id: Optional[pulumi.Input[str]] = None,
id: Optional[pulumi.Input[str]] = None,
sort: Optional[pulumi.Input[str]] = None,
transaction_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetIamAccessGroupPolicyResult]func LookupIamAccessGroupPolicy(ctx *Context, args *LookupIamAccessGroupPolicyArgs, opts ...InvokeOption) (*LookupIamAccessGroupPolicyResult, error)
func LookupIamAccessGroupPolicyOutput(ctx *Context, args *LookupIamAccessGroupPolicyOutputArgs, opts ...InvokeOption) LookupIamAccessGroupPolicyResultOutput> Note: This function is named LookupIamAccessGroupPolicy in the Go SDK.
public static class GetIamAccessGroupPolicy
{
public static Task<GetIamAccessGroupPolicyResult> InvokeAsync(GetIamAccessGroupPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetIamAccessGroupPolicyResult> Invoke(GetIamAccessGroupPolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetIamAccessGroupPolicyResult> getIamAccessGroupPolicy(GetIamAccessGroupPolicyArgs args, InvokeOptions options)
public static Output<GetIamAccessGroupPolicyResult> getIamAccessGroupPolicy(GetIamAccessGroupPolicyArgs args, InvokeOptions options)
fn::invoke:
function: ibm:index/getIamAccessGroupPolicy:getIamAccessGroupPolicy
arguments:
# arguments dictionaryThe following arguments are supported:
- Access
Group stringId - The ID of the access group.
- Id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - Sort string
- The single field sort query for policies. Allowed values are
id,type,href,created_at,created_by_id,last_modified_at,last_modified_by_id,state. - Transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- Access
Group stringId - The ID of the access group.
- Id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - Sort string
- The single field sort query for policies. Allowed values are
id,type,href,created_at,created_by_id,last_modified_at,last_modified_by_id,state. - Transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- access
Group StringId - The ID of the access group.
- id String
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - sort String
- The single field sort query for policies. Allowed values are
id,type,href,created_at,created_by_id,last_modified_at,last_modified_by_id,state. - transaction
Id String - The TransactionID can be passed to your request for the tracking calls.
- access
Group stringId - The ID of the access group.
- id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - sort string
- The single field sort query for policies. Allowed values are
id,type,href,created_at,created_by_id,last_modified_at,last_modified_by_id,state. - transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- access_
group_ strid - The ID of the access group.
- id str
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - sort str
- The single field sort query for policies. Allowed values are
id,type,href,created_at,created_by_id,last_modified_at,last_modified_by_id,state. - transaction_
id str - The TransactionID can be passed to your request for the tracking calls.
- access
Group StringId - The ID of the access group.
- id String
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - sort String
- The single field sort query for policies. Allowed values are
id,type,href,created_at,created_by_id,last_modified_at,last_modified_by_id,state. - transaction
Id String - The TransactionID can be passed to your request for the tracking calls.
getIamAccessGroupPolicy Result
The following output properties are available:
- Access
Group stringId - Id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - Policies
List<Get
Iam Access Group Policy Policy> - (List) A nested block describes IAM Policies assigned to access group.
- Transaction
Id string - Sort string
- Access
Group stringId - Id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - Policies
[]Get
Iam Access Group Policy Policy - (List) A nested block describes IAM Policies assigned to access group.
- Transaction
Id string - Sort string
- access
Group StringId - id String
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - policies
List<Get
Iam Access Group Policy Policy> - (List) A nested block describes IAM Policies assigned to access group.
- transaction
Id String - sort String
- access
Group stringId - id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - policies
Get
Iam Access Group Policy Policy[] - (List) A nested block describes IAM Policies assigned to access group.
- transaction
Id string - sort string
- access_
group_ strid - id str
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - policies
Sequence[Get
Iam Access Group Policy Policy] - (List) A nested block describes IAM Policies assigned to access group.
- transaction_
id str - sort str
- access
Group StringId - id String
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - policies List<Property Map>
- (List) A nested block describes IAM Policies assigned to access group.
- transaction
Id String - sort String
Supporting Types
GetIamAccessGroupPolicyPolicy
- Description string
- (String) The description of the IAM access group Policy.
- Id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - Pattern string
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
List<Get
Iam Access Group Policy Policy Resource Tag> - (List of objects) A nested block describes the access management tags in the policy.
- Resources
List<Get
Iam Access Group Policy Policy Resource> - (List of objects) A nested block describes the resources in the policy.
- Roles List<string>
- (String) The roles that are assigned to the policy.
- Rule
Conditions List<GetIam Access Group Policy Policy Rule Condition> - (List of objects) A nested block describing the rule conditions of this policy.
- Rule
Operator string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - Templates
List<Get
Iam Access Group Policy Policy Template>
- Description string
- (String) The description of the IAM access group Policy.
- Id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - Pattern string
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
[]Get
Iam Access Group Policy Policy Resource Tag - (List of objects) A nested block describes the access management tags in the policy.
- Resources
[]Get
Iam Access Group Policy Policy Resource - (List of objects) A nested block describes the resources in the policy.
- Roles []string
- (String) The roles that are assigned to the policy.
- Rule
Conditions []GetIam Access Group Policy Policy Rule Condition - (List of objects) A nested block describing the rule conditions of this policy.
- Rule
Operator string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - Templates
[]Get
Iam Access Group Policy Policy Template
- description String
- (String) The description of the IAM access group Policy.
- id String
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - pattern String
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
List<Get
Iam Access Group Policy Policy Resource Tag> - (List of objects) A nested block describes the access management tags in the policy.
- resources
List<Get
Iam Access Group Policy Policy Resource> - (List of objects) A nested block describes the resources in the policy.
- roles List<String>
- (String) The roles that are assigned to the policy.
- rule
Conditions List<GetIam Access Group Policy Policy Rule Condition> - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator String - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - templates
List<Get
Iam Access Group Policy Policy Template>
- description string
- (String) The description of the IAM access group Policy.
- id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - pattern string
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
Get
Iam Access Group Policy Policy Resource Tag[] - (List of objects) A nested block describes the access management tags in the policy.
- resources
Get
Iam Access Group Policy Policy Resource[] - (List of objects) A nested block describes the resources in the policy.
- roles string[]
- (String) The roles that are assigned to the policy.
- rule
Conditions GetIam Access Group Policy Policy Rule Condition[] - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - templates
Get
Iam Access Group Policy Policy Template[]
- description str
- (String) The description of the IAM access group Policy.
- id str
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - pattern str
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
Sequence[Get
Iam Access Group Policy Policy Resource Tag] - (List of objects) A nested block describes the access management tags in the policy.
- resources
Sequence[Get
Iam Access Group Policy Policy Resource] - (List of objects) A nested block describes the resources in the policy.
- roles Sequence[str]
- (String) The roles that are assigned to the policy.
- rule_
conditions Sequence[GetIam Access Group Policy Policy Rule Condition] - (List of objects) A nested block describing the rule conditions of this policy.
- rule_
operator str - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - templates
Sequence[Get
Iam Access Group Policy Policy Template]
- description String
- (String) The description of the IAM access group Policy.
- id String
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - pattern String
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - List<Property Map>
- (List of objects) A nested block describes the access management tags in the policy.
- resources List<Property Map>
- (List of objects) A nested block describes the resources in the policy.
- roles List<String>
- (String) The roles that are assigned to the policy.
- rule
Conditions List<Property Map> - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator String - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - templates List<Property Map>
GetIamAccessGroupPolicyPolicyResource
- Attributes Dictionary<string, string>
- (Map) A set of resource attributes in the format
name=value,name=value. - Region string
- (String) The region of the policy definition.
- Resource string
- (String) The resource of the policy definition.
- Resource
Group stringId - (String) The ID of the resource group.
- Resource
Instance stringId - (String) The ID of resource instance of the policy definition.
- Resource
Type string - (String) The resource type of the policy definition.
- Service string
- (String) The service name of the policy definition.
- Service
Group stringId - (String) The service group id of the policy definition.
- Service
Type string - (String) The service type of the policy definition.
- Attributes map[string]string
- (Map) A set of resource attributes in the format
name=value,name=value. - Region string
- (String) The region of the policy definition.
- Resource string
- (String) The resource of the policy definition.
- Resource
Group stringId - (String) The ID of the resource group.
- Resource
Instance stringId - (String) The ID of resource instance of the policy definition.
- Resource
Type string - (String) The resource type of the policy definition.
- Service string
- (String) The service name of the policy definition.
- Service
Group stringId - (String) The service group id of the policy definition.
- Service
Type string - (String) The service type of the policy definition.
- attributes Map<String,String>
- (Map) A set of resource attributes in the format
name=value,name=value. - region String
- (String) The region of the policy definition.
- resource String
- (String) The resource of the policy definition.
- resource
Group StringId - (String) The ID of the resource group.
- resource
Instance StringId - (String) The ID of resource instance of the policy definition.
- resource
Type String - (String) The resource type of the policy definition.
- service String
- (String) The service name of the policy definition.
- service
Group StringId - (String) The service group id of the policy definition.
- service
Type String - (String) The service type of the policy definition.
- attributes {[key: string]: string}
- (Map) A set of resource attributes in the format
name=value,name=value. - region string
- (String) The region of the policy definition.
- resource string
- (String) The resource of the policy definition.
- resource
Group stringId - (String) The ID of the resource group.
- resource
Instance stringId - (String) The ID of resource instance of the policy definition.
- resource
Type string - (String) The resource type of the policy definition.
- service string
- (String) The service name of the policy definition.
- service
Group stringId - (String) The service group id of the policy definition.
- service
Type string - (String) The service type of the policy definition.
- attributes Mapping[str, str]
- (Map) A set of resource attributes in the format
name=value,name=value. - region str
- (String) The region of the policy definition.
- resource str
- (String) The resource of the policy definition.
- resource_
group_ strid - (String) The ID of the resource group.
- resource_
instance_ strid - (String) The ID of resource instance of the policy definition.
- resource_
type str - (String) The resource type of the policy definition.
- service str
- (String) The service name of the policy definition.
- service_
group_ strid - (String) The service group id of the policy definition.
- service_
type str - (String) The service type of the policy definition.
- attributes Map<String>
- (Map) A set of resource attributes in the format
name=value,name=value. - region String
- (String) The region of the policy definition.
- resource String
- (String) The resource of the policy definition.
- resource
Group StringId - (String) The ID of the resource group.
- resource
Instance StringId - (String) The ID of resource instance of the policy definition.
- resource
Type String - (String) The resource type of the policy definition.
- service String
- (String) The service name of the policy definition.
- service
Group StringId - (String) The service group id of the policy definition.
- service
Type String - (String) The service type of the policy definition.
GetIamAccessGroupPolicyPolicyResourceTag
GetIamAccessGroupPolicyPolicyRuleCondition
- Conditions
List<Get
Iam Access Group Policy Policy Rule Condition Condition> - (List of Objects) A nested block describing additional rule conditions of this policy.
- Key string
- (String) The key of a condition.
- Operator string
- (String) The operator of a condition.
- Values List<string>
- (List of Strings) The value of a condition.
- Conditions
[]Get
Iam Access Group Policy Policy Rule Condition Condition - (List of Objects) A nested block describing additional rule conditions of this policy.
- Key string
- (String) The key of a condition.
- Operator string
- (String) The operator of a condition.
- Values []string
- (List of Strings) The value of a condition.
- conditions
List<Get
Iam Access Group Policy Policy Rule Condition Condition> - (List of Objects) A nested block describing additional rule conditions of this policy.
- key String
- (String) The key of a condition.
- operator String
- (String) The operator of a condition.
- values List<String>
- (List of Strings) The value of a condition.
- conditions
Get
Iam Access Group Policy Policy Rule Condition Condition[] - (List of Objects) A nested block describing additional rule conditions of this policy.
- key string
- (String) The key of a condition.
- operator string
- (String) The operator of a condition.
- values string[]
- (List of Strings) The value of a condition.
- conditions
Sequence[Get
Iam Access Group Policy Policy Rule Condition Condition] - (List of Objects) A nested block describing additional rule conditions of this policy.
- key str
- (String) The key of a condition.
- operator str
- (String) The operator of a condition.
- values Sequence[str]
- (List of Strings) The value of a condition.
- conditions List<Property Map>
- (List of Objects) A nested block describing additional rule conditions of this policy.
- key String
- (String) The key of a condition.
- operator String
- (String) The operator of a condition.
- values List<String>
- (List of Strings) The value of a condition.
GetIamAccessGroupPolicyPolicyRuleConditionCondition
GetIamAccessGroupPolicyPolicyTemplate
- Assignment
Id string - Id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - Root
Ids List<string> - Root
Versions List<string> - Version string
- Assignment
Id string - Id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - Root
Ids []string - Root
Versions []string - Version string
- assignment
Id String - id String
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - root
Ids List<String> - root
Versions List<String> - version String
- assignment
Id string - id string
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - root
Ids string[] - root
Versions string[] - version string
- assignment_
id str - id str
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - root_
ids Sequence[str] - root_
versions Sequence[str] - version str
- assignment
Id String - id String
- (String) The unique identifier of the IAM access group policy. The ID is composed of
<ibm_id>/<access_group_policy_id>. - root
Ids List<String> - root
Versions List<String> - version String
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.
ibm 1.85.0 published on Sunday, Nov 9, 2025 by ibm-cloud
