IAM Role

An IAM Role in Google Cloud is a collection of permissions that define what actions a user or service account can perform on specific resources. Roles can be predefined by Google or custom-built to fit specific needs. They simplify access management by grouping permissions together, allowing administrators to assign them to users, groups, or service accounts instead of managing individual permissions.

gcp.iam_role

Fields

TitleIDTypeData TypeDescription
_keycorestring
ancestorscorearray<string>
datadog_display_namecorestring
deletedcoreboolThe current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
descriptioncorestringOptional. A human-readable description for the role.
included_permissionscorearray<string>The names of the permissions this role grants when bound in an IAM policy.
labelscorearray<string>
namecorestringThe name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/myRole` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/myRole` for project-level custom roles.
organization_idcorestring
parentcorestring
project_idcorestring
project_numbercorestring
resource_namecorestring
stagecorestringThe current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
tagscorehstore
titlecorestringOptional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.