google_network_security_gateway_security_policy

The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata.

To get more information about GatewaySecurityPolicy, see:

Open in Cloud Shell

Example Usage - Network Security Gateway Security Policy Basic

resource "google_network_security_gateway_security_policy" "default" {
  name        = "my-gateway-security-policy"
  location    = "us-central1"
  description = "my description"
}
Open in Cloud Shell

Example Usage - Network Security Gateway Security Policy Tls Inspection Basic

resource "google_privateca_ca_pool" "default" {
  provider = google-beta
  name      = "my-basic-ca-pool"
  location  = "us-central1"
  tier     = "DEVOPS"
  publishing_options {
    publish_ca_cert = false
    publish_crl = false
  }
  issuance_policy {
    maximum_lifetime = "1209600s"
    baseline_values {
      ca_options {
        is_ca = false
      }
      key_usage {
        base_key_usage {}
        extended_key_usage {
          server_auth = true
        }
      }
    }
  }
}


resource "google_privateca_certificate_authority" "default" {
  provider = google-beta
  pool = google_privateca_ca_pool.default.name
  certificate_authority_id = "my-basic-certificate-authority"
  location = "us-central1"
  lifetime = "86400s"
  type = "SELF_SIGNED"
  deletion_protection = false
  skip_grace_period = true
  ignore_active_certificates_on_deletion = true
  config {
    subject_config {
      subject {
        organization = "Test LLC"
        common_name = "my-ca"
      }
    }
    x509_config {
      ca_options {
        is_ca = true
      }
      key_usage {
        base_key_usage {
          cert_sign = true
          crl_sign = true
        }
        extended_key_usage {
          server_auth = false
        }
      }
    }
  }
  key_spec {
    algorithm = "RSA_PKCS1_4096_SHA256"
  }
}

resource "google_project_service_identity" "ns_sa" {
  provider = google-beta

  service = "networksecurity.googleapis.com"
}

resource "google_privateca_ca_pool_iam_member" "tls_inspection_permission" {
  provider = google-beta

  ca_pool = google_privateca_ca_pool.default.id
  role = "roles/privateca.certificateManager"
  member = "serviceAccount:${google_project_service_identity.ns_sa.email}"
}

resource "google_network_security_tls_inspection_policy" "default" {
  provider = google-beta
  name     = "my-tls-inspection-policy"
  location = "us-central1"
  ca_pool  = google_privateca_ca_pool.default.id
  depends_on = [google_privateca_ca_pool.default, google_privateca_certificate_authority.default, google_privateca_ca_pool_iam_member.tls_inspection_permission]
}

resource "google_network_security_gateway_security_policy" "default" {
  provider    = google-beta
  name        = "my-gateway-security-policy"
  location    = "us-central1"
  description = "my description"
  tls_inspection_policy = google_network_security_tls_inspection_policy.default.id
  depends_on = [google_network_security_tls_inspection_policy.default]
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

GatewaySecurityPolicy can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import GatewaySecurityPolicy using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}"
  to = google_network_security_gateway_security_policy.default
}

When using the terraform import command, GatewaySecurityPolicy can be imported using one of the formats above. For example:

$ terraform import google_network_security_gateway_security_policy.default projects/{{project}}/locations/{{location}}/gatewaySecurityPolicies/{{name}}
$ terraform import google_network_security_gateway_security_policy.default {{project}}/{{location}}/{{name}}
$ terraform import google_network_security_gateway_security_policy.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.