Organization
data class OrganizationSecurityPolicyAssociationArgs(val attachmentId: Output<String>? = null, val name: Output<String>? = null, val policyId: Output<String>? = null) : ConvertibleToJava<OrganizationSecurityPolicyAssociationArgs>
An association for the OrganizationSecurityPolicy. To get more information about OrganizationSecurityPolicyAssociation, see:
Example Usage
Organization Security Policy Association Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const securityPolicyTarget = new gcp.organizations.Folder("security_policy_target", {
displayName: "tf-test-secpol",
parent: "organizations/123456789",
});
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
displayName: "tf-test",
parent: securityPolicyTarget.name,
});
const policyOrganizationSecurityPolicyRule = new gcp.compute.OrganizationSecurityPolicyRule("policy", {
policyId: policy.id,
action: "allow",
direction: "INGRESS",
enableLogging: true,
match: {
config: {
srcIpRanges: [
"192.168.0.0/16",
"10.0.0.0/8",
],
layer4Configs: [
{
ipProtocol: "tcp",
ports: ["22"],
},
{
ipProtocol: "icmp",
},
],
},
},
priority: 100,
});
const policyOrganizationSecurityPolicyAssociation = new gcp.compute.OrganizationSecurityPolicyAssociation("policy", {
name: "tf-test",
attachmentId: policy.parent,
policyId: policy.id,
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
security_policy_target = gcp.organizations.Folder("security_policy_target",
display_name="tf-test-secpol",
parent="organizations/123456789")
policy = gcp.compute.OrganizationSecurityPolicy("policy",
display_name="tf-test",
parent=security_policy_target.name)
policy_organization_security_policy_rule = gcp.compute.OrganizationSecurityPolicyRule("policy",
policy_id=policy.id,
action="allow",
direction="INGRESS",
enable_logging=True,
match={
"config": {
"src_ip_ranges": [
"192.168.0.0/16",
"10.0.0.0/8",
],
"layer4_configs": [
{
"ip_protocol": "tcp",
"ports": ["22"],
},
{
"ip_protocol": "icmp",
},
],
},
},
priority=100)
policy_organization_security_policy_association = gcp.compute.OrganizationSecurityPolicyAssociation("policy",
name="tf-test",
attachment_id=policy.parent,
policy_id=policy.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var securityPolicyTarget = new Gcp.Organizations.Folder("security_policy_target", new()
{
DisplayName = "tf-test-secpol",
Parent = "organizations/123456789",
});
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
DisplayName = "tf-test",
Parent = securityPolicyTarget.Name,
});
var policyOrganizationSecurityPolicyRule = new Gcp.Compute.OrganizationSecurityPolicyRule("policy", new()
{
PolicyId = policy.Id,
Action = "allow",
Direction = "INGRESS",
EnableLogging = true,
Match = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigArgs
{
SrcIpRanges = new[]
{
"192.168.0.0/16",
"10.0.0.0/8",
},
Layer4Configs = new[]
{
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "tcp",
Ports = new[]
{
"22",
},
},
new Gcp.Compute.Inputs.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs
{
IpProtocol = "icmp",
},
},
},
},
Priority = 100,
});
var policyOrganizationSecurityPolicyAssociation = new Gcp.Compute.OrganizationSecurityPolicyAssociation("policy", new()
{
Name = "tf-test",
AttachmentId = policy.Parent,
PolicyId = policy.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
securityPolicyTarget, err := organizations.NewFolder(ctx, "security_policy_target", &organizations.FolderArgs{
DisplayName: pulumi.String("tf-test-secpol"),
Parent: pulumi.String("organizations/123456789"),
})
if err != nil {
return err
}
policy, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
DisplayName: pulumi.String("tf-test"),
Parent: securityPolicyTarget.Name,
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyRule(ctx, "policy", &compute.OrganizationSecurityPolicyRuleArgs{
PolicyId: policy.ID(),
Action: pulumi.String("allow"),
Direction: pulumi.String("INGRESS"),
EnableLogging: pulumi.Bool(true),
Match: &compute.OrganizationSecurityPolicyRuleMatchArgs{
Config: &compute.OrganizationSecurityPolicyRuleMatchConfigArgs{
SrcIpRanges: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
pulumi.String("10.0.0.0/8"),
},
Layer4Configs: compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArray{
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("22"),
},
},
&compute.OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs{
IpProtocol: pulumi.String("icmp"),
},
},
},
},
Priority: pulumi.Int(100),
})
if err != nil {
return err
}
_, err = compute.NewOrganizationSecurityPolicyAssociation(ctx, "policy", &compute.OrganizationSecurityPolicyAssociationArgs{
Name: pulumi.String("tf-test"),
AttachmentId: policy.Parent,
PolicyId: policy.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Folder;
import com.pulumi.gcp.organizations.FolderArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyAssociation;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyAssociationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var securityPolicyTarget = new Folder("securityPolicyTarget", FolderArgs.builder()
.displayName("tf-test-secpol")
.parent("organizations/123456789")
.build());
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.displayName("tf-test")
.parent(securityPolicyTarget.name())
.build());
var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
.policyId(policy.id())
.action("allow")
.direction("INGRESS")
.enableLogging(true)
.match(OrganizationSecurityPolicyRuleMatchArgs.builder()
.config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
.srcIpRanges(
"192.168.0.0/16",
"10.0.0.0/8")
.layer4Configs(
OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("tcp")
.ports("22")
.build(),
OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
.ipProtocol("icmp")
.build())
.build())
.build())
.priority(100)
.build());
var policyOrganizationSecurityPolicyAssociation = new OrganizationSecurityPolicyAssociation("policyOrganizationSecurityPolicyAssociation", OrganizationSecurityPolicyAssociationArgs.builder()
.name("tf-test")
.attachmentId(policy.parent())
.policyId(policy.id())
.build());
}
}Content copied to clipboard
resources:
securityPolicyTarget:
type: gcp:organizations:Folder
name: security_policy_target
properties:
displayName: tf-test-secpol
parent: organizations/123456789
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
displayName: tf-test
parent: ${securityPolicyTarget.name}
policyOrganizationSecurityPolicyRule:
type: gcp:compute:OrganizationSecurityPolicyRule
name: policy
properties:
policyId: ${policy.id}
action: allow
direction: INGRESS
enableLogging: true
match:
config:
srcIpRanges:
- 192.168.0.0/16
- 10.0.0.0/8
layer4Configs:
- ipProtocol: tcp
ports:
- '22'
- ipProtocol: icmp
priority: 100
policyOrganizationSecurityPolicyAssociation:
type: gcp:compute:OrganizationSecurityPolicyAssociation
name: policy
properties:
name: tf-test
attachmentId: ${policy.parent}
policyId: ${policy.id}Content copied to clipboard
Import
OrganizationSecurityPolicyAssociation can be imported using any of these accepted formats:
{{policy_id}}/association/{{name}}When using thepulumi importcommand, OrganizationSecurityPolicyAssociation can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/organizationSecurityPolicyAssociation:OrganizationSecurityPolicyAssociation default {{policy_id}}/association/{{name}}Content copied to clipboard