googleAccessContextManagerAccessPolicy
AccessPolicy is a container for AccessLevels (which define the necessary attributes to use GCP services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.
To get more information about AccessPolicy, see:
- API documentation
- How-to Guides
- Access Policy Quickstart
\~> Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billingProject
and set userProjectOverride
to true in the provider configuration. Otherwise the ACM API will return a 403 error. Your account must have the serviceusageServicesUse
permission on the billingProject
you defined.
Example Usage - Access Context Manager Access Policy Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.accessContextManagerAccessPolicy.AccessContextManagerAccessPolicy(
this,
"access-policy",
{
parent: "organizations/123456789",
title: "Org Access Policy",
}
);
Example Usage - Access Context Manager Access Policy Scoped
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleProjectProject = new google.project.Project(this, "project", {
name: "acm-test-proj-123",
org_id: "123456789",
project_id: "acm-test-proj-123",
});
new google.accessContextManagerAccessPolicy.AccessContextManagerAccessPolicy(
this,
"access-policy",
{
parent: "organizations/123456789",
scopes: [`projects/\${${googleProjectProject.number}}`],
title: "Scoped Access Policy",
}
);
Argument Reference
The following arguments are supported:
-
parent
- (Required) The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} -
title
- (Required) Human readable title. Does not affect behavior.
scopes
- (Optional) Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with format{{name}}
-
name
- Resource name of the AccessPolicy. Format: {policy_id} -
createTime
- Time the AccessPolicy was created in UTC. -
updateTime
- Time the AccessPolicy was updated in UTC.
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
Import
AccessPolicy can be imported using any of these accepted formats: