googleAccessContextManagerAccessPolicy

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use GCP services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.

To get more information about AccessPolicy, see:

• API documentation
• How-to Guides
• Access Policy Quickstart

\~> Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billingProject and set userProjectOverride to true in the provider configuration. Otherwise the ACM API will return a 403 error. Your account must have the serviceusageServicesUse permission on the billingProject you defined.

Example Usage - Access Context Manager Access Policy Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.accessContextManagerAccessPolicy.AccessContextManagerAccessPolicy(
  this,
  "access-policy",
  {
    parent: "organizations/123456789",
    title: "Org Access Policy",
  }
);

Example Usage - Access Context Manager Access Policy Scoped

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleProjectProject = new google.project.Project(this, "project", {
  name: "acm-test-proj-123",
  org_id: "123456789",
  project_id: "acm-test-proj-123",
});
new google.accessContextManagerAccessPolicy.AccessContextManagerAccessPolicy(
  this,
  "access-policy",
  {
    parent: "organizations/123456789",
    scopes: [`projects/\${${googleProjectProject.number}}`],
    title: "Scoped Access Policy",
  }
);

Argument Reference

The following arguments are supported:

• parent - (Required) The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

• title - (Required) Human readable title. Does not affect behavior.

• scopes - (Optional) Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

• id - an identifier for the resource with format {{name}}

• name - Resource name of the AccessPolicy. Format: {policy_id}

• createTime - Time the AccessPolicy was created in UTC.

• updateTime - Time the AccessPolicy was updated in UTC.

Timeouts

This resource provides the following Timeouts configuration options:

• create - Default is 20 minutes.
• update - Default is 20 minutes.
• delete - Default is 20 minutes.

Import

AccessPolicy can be imported using any of these accepted formats:

$ terraform import google_access_context_manager_access_policy.default {{name}}