v5.18.0/website/docs/r/access_context_manager_gcp_user_access_binding.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Access Context Manager (VPC Service Controls)"
 description: |-
   Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
 ---

 # google\_access\_context\_manager\_gcp\_user\_access\_binding

 Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.


 To get more information about GcpUserAccessBinding, see:

 * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/organizations.gcpUserAccessBindings)

 ## Example Usage - Access Context Manager Gcp User Access Binding Basic


 ```hcl
 resource "google_cloud_identity_group" "group" {
   display_name = "my-identity-group"

   parent = "customers/A01b123xz"

   group_key {
     id = "my-identity-group@example.com"
   }

   labels = {
     "cloudidentity.googleapis.com/groups.discussion_forum" = ""
   }
 }

 resource "google_access_context_manager_access_level" "access_level_id_for_user_access_binding" {
   parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
   name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock"
   title  = "chromeos_no_lock"
   basic {
     conditions {
       device_policy {
         require_screen_lock = true
         os_constraints {
           os_type = "DESKTOP_CHROME_OS"
         }
       }
       regions = [
   "US",
       ]
     }
   }
 }

 resource "google_access_context_manager_access_policy" "access-policy" {
   parent = "organizations/123456789"
   title  = "my policy"
 }


 resource "google_access_context_manager_gcp_user_access_binding" "gcp_user_access_binding" {
   organization_id = "123456789"
   group_key       = trimprefix(google_cloud_identity_group.group.id, "groups/")
   access_levels   = [
     google_access_context_manager_access_level.access_level_id_for_user_access_binding.name,
   ]
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `group_key` -
   (Required)
   Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"

 * `access_levels` -
   (Required)
   Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"

 * `organization_id` -
   (Required)
   Required. ID of the parent organization.


 - - -


 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `{{name}}`

 * `name` -
   Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 GcpUserAccessBinding can be imported using any of these accepted formats:

 * `{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import GcpUserAccessBinding using one of the formats above. For example:

 ```tf
 import {
   id = "{{name}}"
   to = google_access_context_manager_gcp_user_access_binding.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), GcpUserAccessBinding can be imported using one of the formats above. For example:

 ```
 $ terraform import google_access_context_manager_gcp_user_access_binding.default {{name}}
 ```
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Access Context Manager (VPC Service Controls)"
	description: \|-
	Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
	---

	# google\_access\_context\_manager\_gcp\_user\_access\_binding

	Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.


	To get more information about GcpUserAccessBinding, see:

	* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/organizations.gcpUserAccessBindings)

	## Example Usage - Access Context Manager Gcp User Access Binding Basic


	```hcl
	resource "google_cloud_identity_group" "group" {
	display_name = "my-identity-group"

	parent = "customers/A01b123xz"

	group_key {
	id = "my-identity-group@example.com"
	}

	labels = {
	"cloudidentity.googleapis.com/groups.discussion_forum" = ""
	}
	}

	resource "google_access_context_manager_access_level" "access_level_id_for_user_access_binding" {
	parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
	name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock"
	title = "chromeos_no_lock"
	basic {
	conditions {
	device_policy {
	require_screen_lock = true
	os_constraints {
	os_type = "DESKTOP_CHROME_OS"
	}
	}
	regions = [
	"US",
	]
	}
	}
	}

	resource "google_access_context_manager_access_policy" "access-policy" {
	parent = "organizations/123456789"
	title = "my policy"
	}



	resource "google_access_context_manager_gcp_user_access_binding" "gcp_user_access_binding" {
	organization_id = "123456789"
	group_key = trimprefix(google_cloud_identity_group.group.id, "groups/")
	access_levels = [
	google_access_context_manager_access_level.access_level_id_for_user_access_binding.name,
	]
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `group_key` -
	(Required)
	Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"

	* `access_levels` -
	(Required)
	Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"

	* `organization_id` -
	(Required)
	Required. ID of the parent organization.


	- - -



	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `{{name}}`

	* `name` -
	Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	GcpUserAccessBinding can be imported using any of these accepted formats:

	* `{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import GcpUserAccessBinding using one of the formats above. For example:

	```tf
	import {
	id = "{{name}}"
	to = google_access_context_manager_gcp_user_access_binding.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), GcpUserAccessBinding can be imported using one of the formats above. For example:

	```
	$ terraform import google_access_context_manager_gcp_user_access_binding.default {{name}}
	```