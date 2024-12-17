As discussed in my blog “Secure Onboarding for Your Workshops and Hackathons,” I sometimes need to run short-lived projects. For these projects, it is crucial to automate the onboarding and offboarding to always set up the workshop environment the same way. Participants should have access privileges related to their role. So far, I would deploy the resources using Terraform (including all privileges) and destroy resources and access after the event.

By adding time-based restrictions to the access policies, I am able to grant access in stages. Once again, I deploy everything with Terraform, including IAM privileges. However, the time-related conditions make sure that the policies are only active between the start and end times. They could be set to align with the workshop start and the official end (or some hours/days later). Without destroying the resources, access to them is automatically cut off after the workshop.

The following shows the sample conditions that I added to the shared Terraform code (link resides outside ibm.com). You can find it all in the GitHub repository cloud-project-onboarding-terraform (link resides outside ibm.com) and the branch workshop_hackathon. The screenshot at the top of this blog post shows the same conditions in the IBM Cloud console.