oci_identity_group

This resource provides the Group resource in Oracle Cloud Infrastructure Identity service.

Creates a new group in your tenancy.

You must specify your tenancy’s OCID as the compartment ID in the request object (remember that the tenancy is simply the root compartment). Notice that IAM resources (users, groups, compartments, and some policies) reside within the tenancy itself, unlike cloud resources such as compute instances, which typically reside within compartments inside the tenancy. For information about OCIDs, see Resource Identifiers.

You must also specify a name for the group, which must be unique across all groups in your tenancy and cannot be changed. You can use this name or the OCID when writing policies that apply to the group. For more information about policies, see How Policies Work.

You must also specify a description for the group (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateGroup. After creating the group, you need to put users in it and write policies for it. See AddUserToGroup and CreatePolicy.

Example Usage

resource "oci_identity_group" "test_group" {
	#Required
	compartment_id = var.tenancy_ocid
	description = var.group_description
	name = var.group_name

	#Optional
	defined_tags = {"Operations.CostCenter"= "42"}
	freeform_tags = {"Department"= "Finance"}
}

Argument Reference

The following arguments are supported:

• compartment_id - (Required) The OCID of the tenancy containing the group.
• defined_tags - (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
• description - (Required) (Updatable) The description you assign to the group during creation. Does not have to be unique, and it’s changeable.
• freeform_tags - (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
• name - (Required) The name you assign to the group during creation. The name must be unique across all groups in the tenancy and cannot be changed.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

• compartment_id - The OCID of the tenancy containing the group.
• defined_tags - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
• description - The description you assign to the group. Does not have to be unique, and it’s changeable.
• freeform_tags - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
• id - The OCID of the group.
• inactive_state - The detailed status of INACTIVE lifecycleState.
• name - The name you assign to the group during creation. The name must be unique across all groups in the tenancy and cannot be changed.
• state - The group’s current state.
• time_created - Date and time the group was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the Group * update - (Defaults to 20 minutes), when updating the Group * delete - (Defaults to 20 minutes), when destroying the Group

Import

Groups can be imported using the id, e.g.

$ terraform import oci_identity_group.test_group "id"