google_compute_security_policy_rule

A rule for the SecurityPolicy.

To get more information about SecurityPolicyRule, see:

Open in Cloud Shell

Example Usage - Security Policy Rule Basic

resource "google_compute_security_policy" "default" {
  name        = "policyruletest"
  description = "basic global security policy"
  type        = "CLOUD_ARMOR"
}

resource "google_compute_security_policy_rule" "policy_rule" {
  security_policy = google_compute_security_policy.default.name
  description     = "new rule"
  priority        = 100
  match {
    versioned_expr = "SRC_IPS_V1"
    config {
      src_ip_ranges = ["10.10.0.0/16"]
    }
  }
  action          = "allow"
  preview         = true
}
## Example Usage - Security Policy Rule Default Rule
resource "google_compute_security_policy" "default" {
  name        = "policyruletest"
  description = "basic global security policy"
  type        = "CLOUD_ARMOR"
}

# A default rule is generated when creating the security_policy resource, import is needed to patch it
# import {
#   id = "projects//global/securityPolicies/policyruletest/priority/2147483647"
#   to = google_compute_security_policy_rule.default_rule
# }
resource "google_compute_security_policy_rule" "default_rule" {
  security_policy = google_compute_security_policy.default.name
  description     = "default rule"
  action          = "allow"
  priority        = "2147483647"
  match {
    versioned_expr = "SRC_IPS_V1"
    config {
      src_ip_ranges = ["*"]
    }
  }
}

resource "google_compute_security_policy_rule" "policy_rule" {
  security_policy = google_compute_security_policy.default.name
  description     = "new rule"
  priority        = 100
  match {
    versioned_expr = "SRC_IPS_V1"
    config {
      src_ip_ranges = ["10.10.0.0/16"]
    }
  }
  action          = "allow"
  preview         = true
}
Open in Cloud Shell

Example Usage - Security Policy Rule Multiple Rules

resource "google_compute_security_policy" "default" {
  name        = "policywithmultiplerules"
  description = "basic global security policy"
  type        = "CLOUD_ARMOR"
}

resource "google_compute_security_policy_rule" "policy_rule_one" {
  security_policy = google_compute_security_policy.default.name
  description     = "new rule one"
  priority        = 100
  match {
    versioned_expr = "SRC_IPS_V1"
    config {
      src_ip_ranges = ["10.10.0.0/16"]
    }
  }
  action          = "allow"
  preview         = true
}

resource "google_compute_security_policy_rule" "policy_rule_two" {
  security_policy = google_compute_security_policy.default.name
  description     = "new rule two"
  priority        = 101
  match {
    versioned_expr = "SRC_IPS_V1"
    config {
      src_ip_ranges = ["192.168.0.0/16", "10.0.0.0/8"]
    }
  }
  action          = "allow"
  preview         = true
}

Argument Reference

The following arguments are supported:


The match block supports:

The expr block supports:

The config block supports:

The preconfigured_waf_config block supports:

The exclusion block supports:

The request_header block supports:

The request_cookie block supports:

The request_uri block supports:

The request_query_param block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

SecurityPolicyRule can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import SecurityPolicyRule using one of the formats above. For example:

import {
  id = "projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}"
  to = google_compute_security_policy_rule.default
}

When using the terraform import command, SecurityPolicyRule can be imported using one of the formats above. For example:

$ terraform import google_compute_security_policy_rule.default projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}
$ terraform import google_compute_security_policy_rule.default {{project}}/{{security_policy}}/{{priority}}
$ terraform import google_compute_security_policy_rule.default {{security_policy}}/{{priority}}

User Project Overrides

This resource supports User Project Overrides.