---
# ----------------------------------------------------------------------------
#
#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
#
# ----------------------------------------------------------------------------
#
#     This code is generated by Magic Modules using the following:
#
#     Configuration: https:#github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iambeta/WorkloadIdentityPoolManagedIdentity.yaml
#     Template:      https:#github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/terraform/resource.html.markdown.tmpl
#
#     DO NOT EDIT this file directly. Any changes made to this file will be
#     overwritten during the next generation cycle.
#
# ----------------------------------------------------------------------------
subcategory: "Cloud IAM"
description: |-
  Represents a managed identity for a workload identity pool namespace.
---

# google_iam_workload_identity_pool_managed_identity

Represents a managed identity for a workload identity pool namespace.

~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.

To get more information about WorkloadIdentityPoolManagedIdentity, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.namespaces.managedIdentities)
* How-to Guides
    * [Configure managed workload identity authentication for Compute Engine](https://cloud.google.com/iam/docs/create-managed-workload-identities)
    * [Configure managed workload identity authentication for GKE](https://cloud.google.com/iam/docs/create-managed-workload-identities-gke)

<div class = "oics-button" style="float: right; margin: 0 0 -15px">
  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=iam_workload_identity_pool_managed_identity_basic&open_in_editor=main.tf" target="_blank">
    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
  </a>
</div>
## Example Usage - Iam Workload Identity Pool Managed Identity Basic


```hcl
resource "google_iam_workload_identity_pool" "pool" {
  provider = google-beta

  workload_identity_pool_id = "example-pool"
  mode                      = "TRUST_DOMAIN"
}

resource "google_iam_workload_identity_pool_namespace" "ns" {
  provider = google-beta

  workload_identity_pool_id           = google_iam_workload_identity_pool.pool.workload_identity_pool_id
  workload_identity_pool_namespace_id = "example-namespace"
}

resource "google_iam_workload_identity_pool_managed_identity" "example" {
  provider = google-beta

  workload_identity_pool_id                  = google_iam_workload_identity_pool.pool.workload_identity_pool_id
  workload_identity_pool_namespace_id        = google_iam_workload_identity_pool_namespace.ns.workload_identity_pool_namespace_id
  workload_identity_pool_managed_identity_id = "example-managed-identity"
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=iam_workload_identity_pool_managed_identity_full&open_in_editor=main.tf" target="_blank">
    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
  </a>
</div>
## Example Usage - Iam Workload Identity Pool Managed Identity Full


```hcl
resource "google_iam_workload_identity_pool" "pool" {
  provider = google-beta

  workload_identity_pool_id = "example-pool"
  mode                      = "TRUST_DOMAIN"
}

resource "google_iam_workload_identity_pool_namespace" "ns" {
  provider = google-beta

  workload_identity_pool_id           = google_iam_workload_identity_pool.pool.workload_identity_pool_id
  workload_identity_pool_namespace_id = "example-namespace"
}

resource "google_iam_workload_identity_pool_managed_identity" "example" {
  provider = google-beta

  workload_identity_pool_id                  = google_iam_workload_identity_pool.pool.workload_identity_pool_id
  workload_identity_pool_namespace_id        = google_iam_workload_identity_pool_namespace.ns.workload_identity_pool_namespace_id
  workload_identity_pool_managed_identity_id = "example-managed-identity"
  description                                = "Example Managed Identity in a Workload Identity Pool Namespace"
  disabled                                   = true
}
```

## Argument Reference

The following arguments are supported:


* `workload_identity_pool_id` -
  (Required)
  The ID to use for the pool, which becomes the final component of the resource name. This
  value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
  `gcp-` is reserved for use by Google, and may not be specified.

* `workload_identity_pool_namespace_id` -
  (Required)
  The ID to use for the namespace. This value must:
  * contain at most 63 characters
  * contain only lowercase alphanumeric characters or `-`
  * start with an alphanumeric character
  * end with an alphanumeric character
  
  The prefix `gcp-` will be reserved for future uses.

* `workload_identity_pool_managed_identity_id` -
  (Required)
  The ID to use for the managed identity. This value must:
  * contain at most 63 characters
  * contain only lowercase alphanumeric characters or `-`
  * start with an alphanumeric character
  * end with an alphanumeric character
  
  The prefix `gcp-` will be reserved for future uses.


- - -


* `description` -
  (Optional)
  A description of the managed identity. Cannot exceed 256 characters.

* `disabled` -
  (Optional)
  Whether the managed identity is disabled. If disabled, credentials may no longer be issued for
  the identity, however existing credentials will still be accepted until they expire.

* `project` - (Optional) The ID of the project in which the resource belongs.
    If it is not provided, the provider project is used.


## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

* `id` - an identifier for the resource with format `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}`

* `name` -
  The resource name of the managed identity as
  `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/namespaces/{workload_identity_pool_namespace_id}/managedIdentities/{workload_identity_pool_managed_identity_id}`.

* `state` -
  The current state of the managed identity.
  * `ACTIVE`: The managed identity is active.
  * `DELETED`: The managed identity is soft-deleted. Soft-deleted managed identities are
  permanently deleted after approximately 30 days. You can restore a soft-deleted managed
  identity using UndeleteWorkloadIdentityPoolManagedIdentity. You cannot reuse the ID of a
  soft-deleted managed identity until it is permanently deleted.


## Timeouts

This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.

## Import


WorkloadIdentityPoolManagedIdentity can be imported using any of these accepted formats:

* `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}`
* `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}/{{workload_identity_pool_managed_identity_id}}`
* `{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}/{{workload_identity_pool_managed_identity_id}}`


In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import WorkloadIdentityPoolManagedIdentity using one of the formats above. For example:

```tf
import {
  id = "projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}"
  to = google_iam_workload_identity_pool_managed_identity.default
}
```

When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), WorkloadIdentityPoolManagedIdentity can be imported using one of the formats above. For example:

```
$ terraform import google_iam_workload_identity_pool_managed_identity.default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}
$ terraform import google_iam_workload_identity_pool_managed_identity.default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}/{{workload_identity_pool_managed_identity_id}}
$ terraform import google_iam_workload_identity_pool_managed_identity.default {{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}/{{workload_identity_pool_managed_identity_id}}
```

## User Project Overrides

This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).