google_network_security_authorization_policy

AuthorizationPolicy is a resource that specifies how a server should authorize incoming connections. This resource in itself does not change the configuration unless it's attached to a target https proxy or endpoint config selector resource.

To get more information about AuthorizationPolicy, see:

Open in Cloud Shell

Example Usage - Network Security Authorization Policy Basic

resource "google_network_security_authorization_policy" "default" {
  provider               = google-beta
  name                   = "my-authorization-policy"
  labels                 = {
    foo = "bar"
  }
  description            = "my description"
  action                 = "ALLOW"
  rules {
    sources {
      principals = ["namespace/*"]
      ip_blocks = ["1.2.3.0/24"]
    }
  }
}
Open in Cloud Shell

Example Usage - Network Security Authorization Policy Destinations

resource "google_network_security_authorization_policy" "default" {
  provider               = google-beta
  name                   = "my-authorization-policy"
  labels                 = {
    foo = "bar"
  }
  description            = "my description"
  action                 = "ALLOW"
  rules {
    sources {
      principals = ["namespace/*"]
      ip_blocks = ["1.2.3.0/24"]
    }
    destinations {
      hosts = ["mydomain.*"]
      ports = [8080]
      methods = ["GET"]
      http_header_match {
        header_name = ":method"
        regex_match = "GET"
      }
    }
  }
}

Argument Reference

The following arguments are supported:


The rules block supports:

The sources block supports:

The destinations block supports:

The http_header_match block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

AuthorizationPolicy can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import AuthorizationPolicy using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}"
  to = google_network_security_authorization_policy.default
}

When using the terraform import command, AuthorizationPolicy can be imported using one of the formats above. For example:

$ terraform import google_network_security_authorization_policy.default projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}
$ terraform import google_network_security_authorization_policy.default {{project}}/{{location}}/{{name}}
$ terraform import google_network_security_authorization_policy.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.