Firewall endpoint association links a firewall endpoint to a VPC network in the same zone. After you define this association, Cloud Firewall forwards the zonal workload traffic in your VPC network that requires layer 7 inspection to the attached firewall endpoint.
To get more information about FirewallEndpointAssociation, see:
resource "google_network_security_firewall_endpoint" "default" {
provider = google-beta
name = "my-firewall-endpoint"
parent = "organizations/123456789"
location = "us-central1-a"
labels = {
foo = "bar"
}
}
resource "google_network_security_firewall_endpoint_association" "default_association" {
provider = google-beta
name = "my-firewall-endpoint-association"
parent = "projects/my-project-name"
location = "us-central1-a"
labels = {
foo = "bar"
}
}
The following arguments are supported:
firewall_endpoint
-
(Required)
The URL of the firewall endpoint that is being associated.
network
-
(Required)
The URL of the network that is being associated.
name
-
(Required)
The name of the firewall endpoint association resource.
location
-
(Required)
The location (zone) of the firewall endpoint association.
tls_inspection_policy
-
(Optional)
The URL of the TlsInspectionPolicy that is being associated.
labels
-
(Optional)
A map of key/value label pairs to assign to the resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
disabled
-
(Optional)
Whether the association is disabled. True indicates that traffic will not be intercepted.
~> Note: The API will reject the request if this value is set to true when creating the resource,
otherwise on an update the association can be disabled.
parent
-
(Optional)
The name of the parent this firewall endpoint association belongs to.
Format: projects/{project_id}.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{parent}}/locations/{{location}}/firewallEndpointAssociations/{{name}}
self_link
-
Server-defined URL of this resource.
create_time
-
Time the firewall endpoint was created in UTC.
update_time
-
Time the firewall endpoint was updated in UTC.
reconciling
-
Whether reconciling is in progress, recommended per https://google.aip.dev/128.
state
-
The current state of the endpoint.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.FirewallEndpointAssociation can be imported using any of these accepted formats:
{{parent}}/locations/{{location}}/firewallEndpointAssociations/{{name}}
In Terraform v1.5.0 and later, use an import
block to import FirewallEndpointAssociation using one of the formats above. For example:
import {
id = "{{parent}}/locations/{{location}}/firewallEndpointAssociations/{{name}}"
to = google_network_security_firewall_endpoint_association.default
}
When using the terraform import
command, FirewallEndpointAssociation can be imported using one of the formats above. For example:
$ terraform import google_network_security_firewall_endpoint_association.default {{parent}}/locations/{{location}}/firewallEndpointAssociations/{{name}}