Skip to content

googleBeyondcorpAppConnection

A BeyondCorp AppConnection resource represents a BeyondCorp protected AppConnection to a remote application. It creates all the necessary GCP components needed for creating a BeyondCorp protected AppConnection. Multiple connectors can be authorised for a single AppConnection.

To get more information about AppConnection, see:

Open in Cloud Shell

Example Usage - Beyondcorp App Connection Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleServiceAccountServiceAccount =
  new google.serviceAccount.ServiceAccount(this, "service_account", {
    account_id: "my-account",
    display_name: "Test Service Account",
  });
const googleBeyondcorpAppConnectorAppConnector =
  new google.beyondcorpAppConnector.BeyondcorpAppConnector(
    this,
    "app_connector",
    {
      name: "my-app-connector",
      principal_info: [
        {
          service_account: [
            {
              email: googleServiceAccountServiceAccount.email,
            },
          ],
        },
      ],
    }
  );
new google.beyondcorpAppConnection.BeyondcorpAppConnection(
  this,
  "app_connection",
  {
    application_endpoint: [
      {
        host: "foo-host",
        port: 8080,
      },
    ],
    connectors: [googleBeyondcorpAppConnectorAppConnector.id],
    name: "my-app-connection",
    type: "TCP_PROXY",
  }
);
Open in Cloud Shell

Example Usage - Beyondcorp App Connection Full

resource "google_service_account" "service_account" {
  account_id   = "my-account"
  display_name = "Test Service Account"
}

resource "google_beyondcorp_app_gateway" "app_gateway" {
  name = "tf-test-my-app-gateway%{random_suffix}"
  type = "TCP_PROXY"
  host_type = "GCP_REGIONAL_MIG"
}

resource "google_beyondcorp_app_connector" "app_connector" {
  name = "my-app-connector"
  principal_info {
    service_account {
     email = google_service_account.service_account.email
    }
  }
}

resource "google_beyondcorp_app_connection" "app_connection" {
  name = "my-app-connection"
  type = "TCP_PROXY"
  display_name = "some display name"
  application_endpoint {
    host = "foo-host"
    port = 8080
  }
  connectors = [google_beyondcorp_app_connector.app_connector.id]
  gateway {
    app_gateway = google_beyondcorp_app_gateway.app_gateway.id
  }
  labels = {
    foo = "bar"
    bar = "baz"
  }
}

Argument Reference

The following arguments are supported:

  • name - (Required) ID of the AppConnection.

  • applicationEndpoint - (Required) Address of the remote application endpoint for the BeyondCorp AppConnection. Structure is documented below.

The applicationEndpoint block supports:

  • host - (Required) Hostname or IP address of the remote application endpoint.

  • port - (Required) Port of the remote application endpoint.

  • region - (Optional) The region of the AppConnection.

  • displayName - (Optional) An arbitrary user-provided name for the AppConnection.

  • labels - (Optional) Resource labels to represent user provided metadata.

  • type - (Optional) The type of network connectivity used by the AppConnection. Refer to https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type for a list of possible values.

  • connectors - (Optional) List of AppConnectors that are authorised to be associated with this AppConnection

  • gateway - (Optional) Gateway used by the AppConnection. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The gateway block supports:

  • appGateway - (Required) AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.

  • type - (Optional) The type of hosting used by the gateway. Refer to https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 for a list of possible values.

  • uri - (Output) Server-defined URI for this resource.

  • ingressPort - (Output) Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/locations/{{region}}/appConnections/{{name}}

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 30 minutes.
  • update - Default is 30 minutes.
  • delete - Default is 30 minutes.

Import

AppConnection can be imported using any of these accepted formats:

$ terraform import google_beyondcorp_app_connection.default projects/{{project}}/locations/{{region}}/appConnections/{{name}}
$ terraform import google_beyondcorp_app_connection.default {{project}}/{{region}}/{{name}}
$ terraform import google_beyondcorp_app_connection.default {{region}}/{{name}}
$ terraform import google_beyondcorp_app_connection.default {{name}}

User Project Overrides

This resource supports User Project Overrides.