This example shows how to use OCI Landing Zones IAM policy module to manage policies that are generated based on metadata that is associated to existing compartments. A matching compartments example is available at https://github.com/oci-landing-zones/terraform-oci-modules-iam/tree/main/compartments/examples/vision.
For compartment level policies (excluding Root compartment), the target compartments are obtained from a data source whose output is filtered based on freeform tag "cislz" with value "template-policies-example". The returned compartments are passed to the policy module via the supplied_compartments attribute. Each returned compartment is associated with metadata for appropriate policy generation based on the freeform tag "cislz-cmp-type" applied to each compartment.
For tenancy level policies (policies attached to Root compartment), a list of group names with their respective roles are passed to the module via the groups_with_tenancy_level_roles attribute.
See main.tf.
Check the module documentation for details.
-
Rename input.auto.tfvars.template to <project-name>.auto.tfvars, where <project-name> is any name of your choice.
-
Within <project-name>.auto.tfvars, provide tenancy connectivity information.
-
In this folder, run the typical Terraform workflow:
terraform init
terraform plan -out plan.out
terraform apply plan.out