Top / Google Cloud Platform / Google Identity-Aware Proxy / Brand

Google Identity-Aware Proxy Brand

This page shows how to write Terraform for Identity-Aware Proxy Brand and write them securely.

terraform-logo

Review your .tf file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

google_iap_brand (Terraform)

The Brand in Identity-Aware Proxy can be configured in Terraform with the resource name google_iap_brand. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

iap.tf#L15
resource "google_iap_brand" "project_brand" {
  support_email     = "support@example.com"
  application_title = "Cloud IAP protected Application"
  project           = google_project_service.iap_service.project
iap.tf#L3
resource "google_iap_brand" "project_brand" {
  support_email     = var.support_email
  application_title = var.application_name
  project           = module.project.project_id
}
main.tf#L2
resource "google_iap_brand" "oauth_consent_screen" {
  count             = var.create_brand ? 1 : 0
  support_email     = var.support_email
  application_title = var.application_title
  project           = var.project_id
}
iap.tf#L1
resource "google_iap_brand" "project" {
  application_title = var.project_name
  project           = google_project.project.number
  support_email     = "banksy@lukwam.dev"

  depends_on = [
resource.tf#L8
resource "google_iap_brand" "main" {
  support_email     = var.email_address
  application_title = var.project_long_name
  project           = var.project_id
  depends_on        = [google_project_service.iap]
}

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Application name displayed on OAuth consent screen.

  • id optional computed - string
  • name optional computed - string

Output only. Identifier of the brand, in the format 'projects/[project_number]/brands/[brand_id]'. NOTE: The brand identification corresponds to the project number as only one brand per project can be created.

Whether the brand is only intended for usage inside the GSuite organization only.

Support email displayed on the OAuth consent screen. Can be either a user or group email. When a user email is specified, the caller must be the user with the associated email address. When a group email is specified, the caller can be either a user or a service account which is an owner of the specified group in Cloud Identity.

>> from Terraform Registry

Explanation in Terraform Registry

OAuth brand data. Only "Organization Internal" brands can be created programmatically via API. To convert it into an external brands please use the GCP Console.

Note: Brands can only be created once for a Google Cloud project and the underlying Google API doesn't not support DELETE or PATCH methods. Destroying a Terraform-managed Brand will remove it from state but will not delete it from Google Cloud. To get more information about Brand, see:

>> from Terraform Registry

The Other Related Google Identity-Aware Proxy Resources

Frequently asked questions

What is Google Identity-Aware Proxy Brand?

Google Identity-Aware Proxy Brand is a resource for Identity-Aware Proxy of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Identity-Aware Proxy Brand?

For Terraform, the wagsandre/tf-gke-playground, AndresRCB/gce-iap-demo and clementous92/ops-terraform-modules-resources2 source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents