Top / Google Cloud Platform / Google Access Context Manager (VPC Service Controls) / Service Perimeter Resource

Google Access Context Manager (VPC Service Controls) Service Perimeter Resource

This page shows how to write Terraform for Access Context Manager (VPC Service Controls) Service Perimeter Resource and write them securely.

terraform-logo

Review your .tf file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

google_access_context_manager_service_perimeter_resource (Terraform)

The Service Perimeter Resource in Access Context Manager (VPC Service Controls) can be configured in Terraform with the resource name google_access_context_manager_service_perimeter_resource. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L7
resource "google_access_context_manager_service_perimeter_resource" "this" {
  perimeter_name = var.perimeter_name
  resource       = var.resource

  dynamic "timeouts" {
    for_each = var.timeouts

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The name of the Service Perimeter to add this resource to.

A GCP resource that is inside of the service perimeter. Currently only projects are allowed. Format: projects/[project_number]

>> from Terraform Registry

Explanation in Terraform Registry

Allows configuring a single GCP resource that should be inside of a service perimeter. This resource is intended to be used in cases where it is not possible to compile a full list of projects to include in a google_access_context_manager_service_perimeter resource, to enable them to be added separately.

Note: If this resource is used alongside a google_access_context_manager_service_perimeter resource, the service perimeter resource must have a lifecycle block with ignore_changes = [status[0].resources] so they don't fight over which resources should be in the policy. To get more information about ServicePerimeterResource, see:

  • API documentation
  • How-to Guides
    • Service Perimeter Quickstart

      Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billing_project and set user_project_override to true in the provider configuration. Otherwise the ACM API will return a 403 error. Your account must have the serviceusage.services.use permission on the billing_project you defined.

>> from Terraform Registry

The Other Related Google Access Context Manager (VPC Service Controls) Resources

Frequently asked questions

What is Google Access Context Manager (VPC Service Controls) Service Perimeter Resource?

Google Access Context Manager (VPC Service Controls) Service Perimeter Resource is a resource for Access Context Manager (VPC Service Controls) of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Access Context Manager (VPC Service Controls) Service Perimeter Resource?

For Terraform, the niveklabs/google source code example is useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents