Google Cloud Platform Organization Policy

This page shows how to write Terraform for Cloud Platform Organization Policy and write them securely.

google_organization_policy (Terraform)

The Organization Policy in Cloud Platform can be configured in Terraform with the resource name google_organization_policy. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

github-iconjonpulsifer/nawl
resource "google_organization_policy" "restrict_storage_access" {
  org_id     = data.google_organization.org.org_id
  constraint = "constraints/compute.storageResourceUseRestrictions"
  list_policy {
    deny {
      all = true
github-iconAhmedTariq01/lg-gcp-policy-terraform
resource "google_organization_policy" "no_service_accounts" {
  org_id     = var.org_id
  constraint = "iam.disableServiceAccountCreation"
  boolean_policy {
    enforced = true
  }
github-iconjohn-hurringjr/gcp-modules
resource "google_organization_policy" "app_eng_disable_code_download" {
  constraint = "constraints/appengine.disableCodeDownload"
  org_id = var.organization_id

  boolean_policy {
    enforced = true
github-iconvishaalboston/validcare
resource "google_organization_policy" "appengine_disable_code_download" {
  org_id     = var.org_id
  constraint = "appengine.disableCodeDownload"

  boolean_policy {
    enforced = true
github-icondmoiseenko/kon-infrastructure
resource "google_organization_policy" "automatic_iam_grants_for_default_service_accounts" {
  org_id     = var.org_id
  constraint = "iam.automaticIamGrantsForDefaultServiceAccounts"

  boolean_policy {
    enforced = true

Parameters

  • constraint required - string
    • The name of the Constraint the Policy is configuring, for example, serviceuser.services.

  • etag requiredcomputed - string
    • The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

  • id optionalcomputed - string
  • org_id required - string
  • update_time requiredcomputed - string
    • The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".

  • version optionalcomputed - number
    • Version of the Policy. Default version is 0.

Explanation in Terraform Registry

Allows management of Organization Policies for a Google Cloud Organization.

Warning: This resource has been superseded by google_org_policy_policy. google_org_policy_policy uses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions. To get more information about Organization Policies, see:

Frequently asked questions

What is Google Cloud Platform Organization Policy?

Google Cloud Platform Organization Policy is a resource for Cloud Platform of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud Platform Organization Policy?

For Terraform, the jonpulsifer/nawl, AhmedTariq01/lg-gcp-policy-terraform and john-hurringjr/gcp-modules source code examples are useful. See the Terraform Example section for further details.

security-icon

Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.