Allows configuring a single GCP resource that should be inside the status
block of a service perimeter.
This resource is intended to be used in cases where it is not possible to compile a full list
of projects to include in a google_access_context_manager_service_perimeter
resource,
to enable them to be added separately.
If your perimeter is in dry-run mode use google_access_context_manager_service_perimeter_dry_run_resource
instead.
To get more information about ServicePerimeterResource, see:
resource "google_access_context_manager_service_perimeter_resource" "service-perimeter-resource" {
perimeter_name = google_access_context_manager_service_perimeter.service-perimeter-resource.name
resource = "projects/987654321"
}
resource "google_access_context_manager_service_perimeter" "service-perimeter-resource" {
parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/restrict_all"
title = "restrict_all"
status {
restricted_services = ["storage.googleapis.com"]
}
lifecycle {
ignore_changes = [status[0].resources]
}
}
resource "google_access_context_manager_access_policy" "access-policy" {
parent = "organizations/123456789"
title = "my policy"
}
The following arguments are supported:
resource
-
(Required)
A GCP resource that is inside of the service perimeter.
Currently only projects are allowed.
Format: projects/{project_number}
perimeter_name
-
(Required)
The name of the Service Perimeter to add this resource to.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{perimeter_name}}/{{resource}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.delete
- Default is 20 minutes.ServicePerimeterResource can be imported using any of these accepted formats:
{{perimeter_name}}/{{resource}}
In Terraform v1.5.0 and later, use an import
block to import ServicePerimeterResource using one of the formats above. For example:
import {
id = "{{perimeter_name}}/{{resource}}"
to = google_access_context_manager_service_perimeter_resource.default
}
When using the terraform import
command, ServicePerimeterResource can be imported using one of the formats above. For example:
$ terraform import google_access_context_manager_service_perimeter_resource.default {{perimeter_name}}/{{resource}}