google_access_context_manager_service_perimeter_dry_run_resource

Allows configuring a single GCP resource that should be inside of the spec block of a dry run service perimeter. This resource is intended to be used in cases where it is not possible to compile a full list of projects to include in a google_access_context_manager_service_perimeter resource, to enable them to be added separately. If your perimeter is NOT in dry-run mode use google_access_context_manager_service_perimeter_resource instead.

To get more information about ServicePerimeterDryRunResource, see:

Example Usage - Access Context Manager Service Perimeter Dry Run Resource Basic

resource "google_access_context_manager_service_perimeter_dry_run_resource" "service-perimeter-dry-run-resource" {
  perimeter_name = google_access_context_manager_service_perimeter.service-perimeter-dry-run-resource.name
  resource = "projects/987654321"
}

resource "google_access_context_manager_service_perimeter" "service-perimeter-dry-run-resource" {
  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/restrict_all"
  title  = "restrict_all"
  spec {
    restricted_services = ["storage.googleapis.com"]
  }
  use_explicit_dry_run_spec = true
  lifecycle {
    ignore_changes = [spec[0].resources]
  }
}

resource "google_access_context_manager_access_policy" "access-policy" {
  parent = "organizations/123456789"
  title  = "my policy"
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

ServicePerimeterDryRunResource can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import ServicePerimeterDryRunResource using one of the formats above. For example:

import {
  id = "{{perimeter_name}}/{{resource}}"
  to = google_access_context_manager_service_perimeter_dry_run_resource.default
}

When using the terraform import command, ServicePerimeterDryRunResource can be imported using one of the formats above. For example:

$ terraform import google_access_context_manager_service_perimeter_dry_run_resource.default {{perimeter_name}}/{{resource}}