External access firewall rules for filtering incoming traffic destined to ExternalAddress
resources.
To get more information about ExternalAccessRule, see:
resource "google_vmwareengine_network" "external-access-rule-nw" {
name = "sample-nw"
location = "global"
type = "STANDARD"
description = "PC network description."
}
resource "google_vmwareengine_network_policy" "external-access-rule-np" {
location = "us-west1"
name = "sample-np"
edge_services_cidr = "192.168.30.0/26"
vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
}
resource "google_vmwareengine_external_access_rule" "vmw-engine-external-access-rule" {
name = "sample-external-access-rule"
parent = google_vmwareengine_network_policy.external-access-rule-np.id
priority = 101
action = "DENY"
ip_protocol = "TCP"
source_ip_ranges {
ip_address_range = "0.0.0.0/0"
}
source_ports = ["80"]
destination_ip_ranges {
ip_address_range = "0.0.0.0/0"
}
destination_ports = ["433"]
}
resource "google_vmwareengine_network" "external-access-rule-nw" {
name = "sample-nw"
location = "global"
type = "STANDARD"
description = "PC network description."
}
resource "google_vmwareengine_private_cloud" "external-access-rule-pc" {
location = "us-west1-a"
name = "sample-pc"
description = "Sample test PC."
network_config {
management_cidr = "192.168.50.0/24"
vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
}
management_cluster {
cluster_id = "sample-mgmt-cluster"
node_type_configs {
node_type_id = "standard-72"
node_count = 3
}
}
}
resource "google_vmwareengine_network_policy" "external-access-rule-np" {
location = "us-west1"
name = "sample-np"
edge_services_cidr = "192.168.30.0/26"
vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
}
resource "google_vmwareengine_external_address" "external-access-rule-ea" {
name = "sample-ea"
parent = google_vmwareengine_private_cloud.external-access-rule-pc.id
internal_ip = "192.168.0.65"
}
resource "google_vmwareengine_external_access_rule" "vmw-engine-external-access-rule" {
name = "sample-external-access-rule"
parent = google_vmwareengine_network_policy.external-access-rule-np.id
description = "Sample Description"
priority = 101
action = "ALLOW"
ip_protocol = "tcp"
source_ip_ranges {
ip_address_range = "0.0.0.0/0"
}
source_ports = ["80"]
destination_ip_ranges {
external_address = google_vmwareengine_external_address.external-access-rule-ea.id
}
destination_ports = ["433"]
}
The following arguments are supported:
priority
-
(Required)
External access rule priority, which determines the external access rule to use when multiple rules apply.
action
-
(Required)
The action that the external access rule performs.
Possible values are: ALLOW
, DENY
.
ip_protocol
-
(Required)
The IP protocol to which the external access rule applies.
source_ip_ranges
-
(Required)
If source ranges are specified, the external access rule applies only to
traffic that has a source IP address in these ranges.
Structure is documented below.
source_ports
-
(Required)
A list of source ports to which the external access rule applies.
destination_ip_ranges
-
(Required)
If destination ranges are specified, the external access rule applies only to
traffic that has a destination IP address in these ranges.
Structure is documented below.
destination_ports
-
(Required)
A list of destination ports to which the external access rule applies.
parent
-
(Required)
The resource name of the network policy.
Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.
For example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy
name
-
(Required)
The ID of the external access rule.
The source_ip_ranges
block supports:
ip_address
-
(Optional)
A single IP address.
ip_address_range
-
(Optional)
An IP address range in the CIDR format.
The destination_ip_ranges
block supports:
ip_address_range
-
(Optional)
An IP address range in the CIDR format.
external_address
-
(Optional)
The name of an ExternalAddress
resource.
description
-
(Optional)
User-provided description for the external access rule.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{parent}}/externalAccessRules/{{name}}
create_time
-
Creation time of this resource.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and
up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
update_time
-
Last updated time of this resource.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
state
-
State of the Cluster.
uid
-
System-generated unique identifier for the resource.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.ExternalAccessRule can be imported using any of these accepted formats:
{{parent}}/externalAccessRules/{{name}}
In Terraform v1.5.0 and later, use an import
block to import ExternalAccessRule using one of the formats above. For example:
import {
id = "{{parent}}/externalAccessRules/{{name}}"
to = google_vmwareengine_external_access_rule.default
}
When using the terraform import
command, ExternalAccessRule can be imported using one of the formats above. For example:
$ terraform import google_vmwareengine_external_access_rule.default {{parent}}/externalAccessRules/{{name}}