Google Identity-Aware Proxy Brand
This page shows how to write Terraform for Identity-Aware Proxy Brand and write them securely.
google_iap_brand (Terraform)
The Brand in Identity-Aware Proxy can be configured in Terraform with the resource name google_iap_brand
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_iap_brand" "project_brand" {
support_email = "support@example.com"
application_title = "Cloud IAP protected Application"
project = google_project_service.iap_service.project
resource "google_iap_brand" "project_brand" {
support_email = var.support_email
application_title = var.application_name
project = module.project.project_id
}
resource "google_iap_brand" "oauth_consent_screen" {
count = var.create_brand ? 1 : 0
support_email = var.support_email
application_title = var.application_title
project = var.project_id
}
resource "google_iap_brand" "project" {
application_title = var.project_name
project = google_project.project.number
support_email = "banksy@lukwam.dev"
depends_on = [
resource "google_iap_brand" "main" {
support_email = var.email_address
application_title = var.project_long_name
project = var.project_id
depends_on = [google_project_service.iap]
}
Parameters
-
application_title
required - string
Application name displayed on OAuth consent screen.
Output only. Identifier of the brand, in the format 'projects/[project_number]/brands/[brand_id]'. NOTE: The brand identification corresponds to the project number as only one brand per project can be created.
-
org_internal_only
optional computed - bool
Whether the brand is only intended for usage inside the GSuite organization only.
-
project
optional computed - string -
support_email
required - string
Support email displayed on the OAuth consent screen. Can be either a user or group email. When a user email is specified, the caller must be the user with the associated email address. When a group email is specified, the caller can be either a user or a service account which is an owner of the specified group in Cloud Identity.
Explanation in Terraform Registry
OAuth brand data. Only "Organization Internal" brands can be created programmatically via API. To convert it into an external brands please use the GCP Console.
Note: Brands can only be created once for a Google Cloud project and the underlying Google API doesn't not support DELETE or PATCH methods. Destroying a Terraform-managed Brand will remove it from state but will not delete it from Google Cloud. To get more information about Brand, see:
- API documentation
- How-to Guides
Frequently asked questions
What is Google Identity-Aware Proxy Brand?
Google Identity-Aware Proxy Brand is a resource for Identity-Aware Proxy of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google Identity-Aware Proxy Brand?
For Terraform, the wagsandre/tf-gke-playground, AndresRCB/gce-iap-demo and clementous92/ops-terraform-modules-resources2 source code examples are useful. See the Terraform Example section for further details.