google_project_organization_policy

Allows management of Organization Policies for a Google Cloud Project.

To get more information about Organization Policies, see:

Example Usage

To set policy with a boolean constraint:

resource "google_project_organization_policy" "serial_port_policy" {
  project    = "your-project-id"
  constraint = "compute.disableSerialPortAccess"

  boolean_policy {
    enforced = true
  }
}

To set a policy with a list constraint:

resource "google_project_organization_policy" "services_policy" {
  project    = "your-project-id"
  constraint = "serviceuser.services"

  list_policy {
    allow {
      all = true
    }
  }
}

Or to deny some services, use the following instead:

resource "google_project_organization_policy" "services_policy" {
  project    = "your-project-id"
  constraint = "serviceuser.services"

  list_policy {
    suggested_value = "compute.googleapis.com"

    deny {
      values = ["cloudresourcemanager.googleapis.com"]
    }
  }
}

To restore the default project organization policy, use the following instead:

resource "google_project_organization_policy" "services_policy" {
  project    = "your-project-id"
  constraint = "serviceuser.services"

  restore_policy {
    default = true
  }
}

Argument Reference

The following arguments are supported:



The boolean_policy block supports:

The list_policy block supports:

The allow or deny blocks support:

The restore_policy block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Import

Project organization policies can be imported using any of the follow formats:

In Terraform v1.5.0 and later, use an import block to import project organization policies using one of the formats above. For example:

import {
  id = "projects/{{project_id}}:constraints/{{constraint}}"
  to = google_project_organization_policy.default
}

When using the terraform import command, project organization policies can be imported using one of the formats above. For example:

$ terraform import google_project_organization_policy.default projects/{{project_id}}:constraints/{{constraint}}
$ terraform import google_project_organization_policy.default {{project_id}}:constraints/{{constraint}}
$ terraform import google_project_organization_policy.default {{project_id}}:{{constraint}}