Skip to content

Latest commit

 

History

History
78 lines (58 loc) · 4 KB

account.md

File metadata and controls

78 lines (58 loc) · 4 KB
subcategory
Resources

centrify_account (Resource)

This resource allows you to create/update/delete account.

Example Usage (Resource)

resource "centrify_account" "unix_account" {
    name = "testaccount"
    credential_type = "Password"
    password = "xxxxxxxxxxxxxx"
    host_id = centrify_system.unix1.id
    description = "Test Account for Unix"
    use_proxy_account = false
    checkout_lifetime = 70
    managed = false
}

Examples of system account can be found here

Examples of database account can be found here

Examples of domain account can be found here

Examples of cloud provider account can be found here

Argument Reference

Required

  • name - (String) Name of the account.
  • credential_type - (String) Credential type of the account. Can be set to Password, SshKey or AwsAccessKey.

Optional

  • use_proxy_account - (Boolean) Use proxy account to manage this account. Only applicable if credential_type is Password and the system that this account belongs to has proxyuser configured.
  • managed - (Boolean) If this account is managed. By enabling this option the credential will be automatically changed and become unknown to other applications or users.
  • description - (String) Description of the account.
  • checkout_lifetime - (Number) Checkout lifetime (minutes). Specifies the number of minutes that a checked out password is valid. Range between 15 to 2147483647. Note: Do NOT set this if it is IAM user.
  • challenge_rule - (Block List) Password checkout challenge rules. Refer to challenge_rule attribute for details.
  • default_profile_id - (String) Default password checkout profile (used if no conditions matched).
  • access_secret_checkout_default_profile_id - (String) "Default secret access key checkout challenge rule ID. Only applicable to AWS IAM user.
  • access_secret_checkout_rule - (Block List) Secret Access Key Checkout Challenge Rules. Only applicable to AWS IAM user. Refer to challenge_rule attribute for details.
  • password - (String, Sensitive) Password of the account. Only applicable if credential_type is Password.
  • sshkey_id - (String) ID of the SSH key. Only applicable if credential_type is SshKey.
  • access_key - (Block Set) AWS Access Keys (see reference for access_key)
  • is_admin_account - (Boolean) Whether this is an administrative account.
  • is_root_account - (Boolean) Whether this is an root account for cloud provider. Only applicable if credential_type is AwsAccessKey.
  • host_id - (String) ID of the system it belongs to.
  • domain_id - (String) ID of the domain it belongs to.
  • database_id - (String) ID of the database it belongs to.
  • cloudprovider_id - (String) ID of the cloud provider it belongs to.
  • workflow_enabled - (Boolean) Enable account workflow.
  • workflow_approver - (Block List) List of approvers. Refer to workflow_approver attribute for details.
  • permission - (Block Set) Domain permissions. Refer to permission attribute for details.
  • sets (Set of String) List of Set IDs the account belongs to. Refer to sets attribute for details.

Reference for access_key

Required:

  • access_key_id - (String) AWS access key id.
  • secret_access_key - (String, Sensitive) AWS secret access key.

Import

Account can be imported using the resource id, e.g.

terraform import centrify_account.example xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Limitation: permission and set aren't supported in import process.