Restez organisé à l'aide des collections
Enregistrez et classez les contenus selon vos préférences.
Activer l'autorisation d'accès à l'aide de Terraform
Terraform est un outil logiciel d'Infrastructure as Code Open Source qui vous permet de gérer vos demandes d'approbation de l'accès. Terraform vous permet d'effectuer toutes les actions que vous pouvez effectuer à l'aide des API Access Approval.
Cette page explique comment activer l'approbation de l'accès à l'aide de Terraform.
Ce tutoriel utilise le fournisseur Terraform Google Cloud .
Objectif
Ce tutoriel vous explique comment créer un fichier de configuration Terraform qui :
Définit les adresses e-mail pour les notifications de demande d'approbation de l'accès.
Active Access Approval pour tous les produits Google Cloud compatibles. Pour obtenir la liste complète des produits Google Cloud compatibles avec Access Approval, consultez Services compatibles.
Assurez-vous de disposer du rôle IAM (Identity and Access Management) Éditeur de configuration d'approbation de l'accès (roles/accessapproval.configEditor). Pour en savoir plus sur les rôles IAM pour l'approbation de l'accès, consultez Rôles d'approbation de l'accès.
Créer un projet Google Cloud
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
email_1 et email_2 : indiquez les adresses e-mail des utilisateurs que vous souhaitez définir comme examinateurs des demandes d'accès pour ce projet.
parent_value : nom du dossier dans lequel vous souhaitez créer le dossier my_folder. Pour en savoir plus sur les dossiers, consultez Créer et gérer des dossiers.
Exécuter le fichier de configuration Terraform
Exécutez les commandes suivantes dans Cloud Shell.
Initialisez Terraform dans le répertoire.
terraforminit
Exécutez le fichier de configuration Terraform créé.
terraformapply
Lorsque vous êtes invité à confirmer que vous souhaitez exécuter le fichier de configuration, saisissez yes.
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/09/04 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/09/04 (UTC)."],[[["\u003cp\u003eTerraform is used to manage Access Approval requests, enabling actions available through Access Approval APIs.\u003c/p\u003e\n"],["\u003cp\u003eThis guide demonstrates how to create a Terraform configuration file that sets email addresses for Access Approval request notifications.\u003c/p\u003e\n"],["\u003cp\u003eThe Terraform configuration file created will enable Access Approval for all supported Google Cloud products.\u003c/p\u003e\n"],["\u003cp\u003eBefore starting, you need to meet specific support requirements for Access Approval and Access Transparency, as well as ensure you have the necessary IAM roles.\u003c/p\u003e\n"],["\u003cp\u003eThe guide provides step-by-step instructions to run the Terraform configuration file, including initializing Terraform and applying the configuration.\u003c/p\u003e\n"]]],[],null,["# Enabling Access Approval using Terraform\n========================================\n\n[Terraform](https://terraform.io) is an open-source infrastructure-as-code software tool that\nlets you manage your Access Approval requests. Terraform lets you perform\nall the actions that you can perform using Access Approval APIs.\n\nThis page describes how you can enable Access Approval using Terraform.\nThis tutorial uses the [Google Cloud Terraform Provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs).\n\nObjective\n---------\n\nThis tutorial teaches how you can create a Terraform configuration file that:\n\n- Sets email addresses for Access Approval request notifications.\n- Enables Access Approval for all supported Google Cloud products. For the complete list of Google Cloud products supported by Access Approval, see [Supported services](/assured-workloads/access-approval/docs/supported-services).\n\nBefore you begin\n----------------\n\n- To use Access Approval and Access Transparency, your organization must meet specific support requirements. For more information, see [Requirements for using\n Access Approval](/assured-workloads/access-approval/docs/overview#requirements).\n- Enable [Access Transparency](/assured-workloads/access-transparency/docs/overview) on your organization. For more information, see [Enabling Access Transparency](/assured-workloads/access-transparency/docs/enable).\n- Ensure that you have the **Access Approval\n Config Editor** (`roles/accessapproval.configEditor`) Identity and Access Management (IAM) role. For more information about IAM roles for Access Approval, see [Access Approval\n roles](/iam/docs/understanding-roles#access-approval-roles).\n\nCreating a Google Cloud project\n-------------------------------\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n\n\n Enable the Access Approval API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=accessapproval.googleapis.com)\n\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n\n\n Enable the Access Approval API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=accessapproval.googleapis.com)\n\n\u003cbr /\u003e\n\nInstalling Google Cloud CLI\n---------------------------\n\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n- When prompted, choose the project that you selected or created earlier.\n- If you already have Google Cloud CLI installed, update it using the following command: \n\n gcloud components update\n\nCreating a Terraform configuration file\n---------------------------------------\n\n 1. [Open Cloud Shell](https://shell.cloud.google.com) to launch a standalone Cloud Shell session.\n 2. Open a workspace.\n 3. Create a new folder.\n 4. Add a Terraform configuration file named `main.tf` to this folder.\n 5. Copy the following resource, and paste it in your `main.tf` file.\n\n ### main.tf\n\n variable \"parent_value\" {\n type = string\n }\n\n variable \"email_1\" {\n type = string\n }\n\n variable \"email_2\" {\n type = string\n }\n\n resource \"google_folder\" \"my_folder\" {\n display_name = \"my-folder\"\n parent = var.parent_value\n # parent = \"organizations/123456789\"\n }\n\n resource \"google_folder_access_approval_settings\" \"folder_access_approval\" {\n folder_id = google_folder.my_folder.folder_id\n notification_emails = [var.email_1, var.email_2]\n\n enrolled_services {\n cloud_product = \"all\"\n }\n }\n\n Enter values for the following variables:\n - `email_1` and `email_2`: provide the email addresses of users who you want to set as reviewers for the access requests for this project.\n\n | **Note:** These users must have the IAM roles with required permissions to view or approve an Access Approval request. To ensure these users have sufficient permissions, follow these steps: \n | 1. Go to the [**IAM**\n | page](https://console.cloud.google.com/iam-admin/iam) in the Google Cloud console.\n | 2. To enable a user or service account to approve access requests for a project, grant them the **Access Approval Approver** (`roles/accessapproval.approver`) IAM role.\n - `parent_value`: name of the folder in which you want to create the `my_folder` folder. For more information about folders, see [Creating and\n managing folders](/resource-manager/docs/creating-managing-folders).\n\nRunning the Terraform configuration file\n----------------------------------------\n\n- Run the following commands in Cloud Shell.\n 1. Initialize Terraform in the directory.\n\n terraform init\n\n 2. Run the created Terraform configuration file.\n\n terraform apply\n\n 3. When prompted to confirm if you want to run the configuration file, enter\n **yes**.\n\n- For more information about operating Access Approval with Terraform, see this Terraform document: [google_folder_access_approval_settings](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/folder_access_approval_settings).\n\nWhat's next\n-----------\n\n - [Using Terraform with Google Cloud](/docs/terraform)\n - [Using Terraform with Access Approval](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/folder_access_approval_settings)\n - [Getting started with Terraform on Google Cloud](/docs/terraform/get-started-with-terraform)\n - [Kickstart Terraform on Google Cloud with Cloud Shell](https://hashicorp.com/blog/kickstart-terraform-on-gcp-with-google-cloud-shell)"]]