google_vmwareengine_external_access_rule

External access firewall rules for filtering incoming traffic destined to ExternalAddress resources.

To get more information about ExternalAccessRule, see:

Example Usage - Vmware Engine External Access Rule Basic

resource "google_vmwareengine_network" "external-access-rule-nw" {
  name        = "sample-nw"
  location    = "global"
  type        = "STANDARD"
  description = "PC network description."
}

resource "google_vmwareengine_network_policy" "external-access-rule-np" {
  location = "us-west1"
  name = "sample-np"
  edge_services_cidr = "192.168.30.0/26"
  vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
}

resource "google_vmwareengine_external_access_rule" "vmw-engine-external-access-rule" {
  name = "sample-external-access-rule"
  parent =  google_vmwareengine_network_policy.external-access-rule-np.id
  priority = 101
  action = "DENY"
  ip_protocol = "TCP"
  source_ip_ranges {
    ip_address_range = "0.0.0.0/0"
  }
  source_ports = ["80"]
  destination_ip_ranges {
    ip_address_range = "0.0.0.0/0"
  }
  destination_ports = ["433"]
}

Example Usage - Vmware Engine External Access Rule Full

resource "google_vmwareengine_network" "external-access-rule-nw" {
  name        = "sample-nw"
  location    = "global"
  type        = "STANDARD"
  description = "PC network description."
}

resource "google_vmwareengine_private_cloud" "external-access-rule-pc" {
  location    = "us-west1-a"
  name        = "sample-pc"
  description = "Sample test PC."
  network_config {
    management_cidr       = "192.168.50.0/24"
    vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
  }

  management_cluster {
    cluster_id = "sample-mgmt-cluster"
    node_type_configs {
      node_type_id = "standard-72"
      node_count   = 3
    }
  }
}

resource "google_vmwareengine_network_policy" "external-access-rule-np" {
  location = "us-west1"
  name = "sample-np"
  edge_services_cidr = "192.168.30.0/26"
  vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
}

resource "google_vmwareengine_external_address" "external-access-rule-ea" {
    name = "sample-ea"
    parent =  google_vmwareengine_private_cloud.external-access-rule-pc.id
    internal_ip = "192.168.0.65"
}

resource "google_vmwareengine_external_access_rule" "vmw-engine-external-access-rule" {
  name = "sample-external-access-rule"
  parent =  google_vmwareengine_network_policy.external-access-rule-np.id
  description = "Sample Description"
  priority = 101
  action = "ALLOW"
  ip_protocol = "tcp"
  source_ip_ranges {
    ip_address_range = "0.0.0.0/0"
  }
  source_ports = ["80"]
  destination_ip_ranges {
    external_address = google_vmwareengine_external_address.external-access-rule-ea.id
  }
  destination_ports = ["433"]
}

Argument Reference

The following arguments are supported:

The source_ip_ranges block supports:

The destination_ip_ranges block supports:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

ExternalAccessRule can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import ExternalAccessRule using one of the formats above. For example:

import {
  id = "{{parent}}/externalAccessRules/{{name}}"
  to = google_vmwareengine_external_access_rule.default
}

When using the terraform import command, ExternalAccessRule can be imported using one of the formats above. For example:

$ terraform import google_vmwareengine_external_access_rule.default {{parent}}/externalAccessRules/{{name}}