google_access_context_manager_service_perimeter_resource

Allows configuring a single GCP resource that should be inside the status block of a service perimeter. This resource is intended to be used in cases where it is not possible to compile a full list of projects to include in a google_access_context_manager_service_perimeter resource, to enable them to be added separately. If your perimeter is in dry-run mode use google_access_context_manager_service_perimeter_dry_run_resource instead.

To get more information about ServicePerimeterResource, see:

Example Usage - Access Context Manager Service Perimeter Resource Basic

resource "google_access_context_manager_service_perimeter_resource" "service-perimeter-resource" {
  perimeter_name = google_access_context_manager_service_perimeter.service-perimeter-resource.name
  resource = "projects/987654321"
}

resource "google_access_context_manager_service_perimeter" "service-perimeter-resource" {
  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/restrict_all"
  title  = "restrict_all"
  status {
    restricted_services = ["storage.googleapis.com"]
  }

  lifecycle {
    ignore_changes = [status[0].resources]
  }
}

resource "google_access_context_manager_access_policy" "access-policy" {
  parent = "organizations/123456789"
  title  = "my policy"
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

ServicePerimeterResource can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import ServicePerimeterResource using one of the formats above. For example:

import {
  id = "{{perimeter_name}}/{{resource}}"
  to = google_access_context_manager_service_perimeter_resource.default
}

When using the terraform import command, ServicePerimeterResource can be imported using one of the formats above. For example:

$ terraform import google_access_context_manager_service_perimeter_resource.default {{perimeter_name}}/{{resource}}