Service
EgressPolicies match requests based on egressFrom and egressTo stanzas. For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset).
Note: By default, updates to this resource will remove the EgressPolicy from the from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy is added before the old one is removed, add a
lifecycleblock withcreate_before_destroy = trueto this resource. To get more information about ServicePerimeterEgressPolicy, see:
Example Usage
Import
ServicePerimeterEgressPolicy can be imported using any of these accepted formats:
{{perimeter}}When using thepulumi importcommand, ServicePerimeterEgressPolicy can be imported using one of the formats above. For example:
$ pulumi import gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy default {{perimeter}}Constructors
Properties
Defines conditions on the source of a request causing this EgressPolicy to apply. Structure is documented below.
Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply. Structure is documented below.