google_access_context_manager_service_perimeters

Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically. This is a bulk edit of all Service Perimeters and may override existing Service Perimeters created by google_access_context_manager_service_perimeter, thus causing a permadiff if used alongside google_access_context_manager_service_perimeter on the same parent.

To get more information about ServicePerimeters, see:

Example Usage - Access Context Manager Service Perimeters Basic

resource "google_access_context_manager_service_perimeters" "service-perimeter" {
  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"

  service_perimeters {
    name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/"
    title  = ""
    status {
      restricted_services = ["storage.googleapis.com"]
    }
  }

  service_perimeters {
    name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/"
    title  = ""
    status {
      restricted_services = ["bigtable.googleapis.com"]
    }
  }
}

resource "google_access_context_manager_access_level" "access-level" {
  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock"
  title  = "chromeos_no_lock"
  basic {
    conditions {
      device_policy {
        require_screen_lock = false
        os_constraints {
          os_type = "DESKTOP_CHROME_OS"
        }
      }
      regions = [
        "CH",
        "IT",
        "US",
      ]
    }
  }
}

resource "google_access_context_manager_access_policy" "access-policy" {
  parent = "organizations/123456789"
  title  = "my policy"
}

Argument Reference

The following arguments are supported:


The service_perimeters block supports:

The status block supports:

The vpc_accessible_services block supports:

The ingress_policies block supports:

The ingress_from block supports:

The sources block supports:

The ingress_to block supports:

The operations block supports:

The method_selectors block supports:

The egress_policies block supports:

The egress_from block supports:

The sources block supports:

The egress_to block supports:

The operations block supports:

The method_selectors block supports:

The spec block supports:

The vpc_accessible_services block supports:

The ingress_policies block supports:

The ingress_from block supports:

The sources block supports:

The ingress_to block supports:

The operations block supports:

The method_selectors block supports:

The egress_policies block supports:

The egress_from block supports:

The sources block supports:

The egress_to block supports:

The operations block supports:

The method_selectors block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

ServicePerimeters can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import ServicePerimeters using one of the formats above. For example:

import {
  id = "{{parent}}/servicePerimeters"
  to = google_access_context_manager_service_perimeters.default
}

When using the terraform import command, ServicePerimeters can be imported using one of the formats above. For example:

$ terraform import google_access_context_manager_service_perimeters.default {{parent}}/servicePerimeters
$ terraform import google_access_context_manager_service_perimeters.default {{parent}}