Service
Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter. EgressPolicies match requests based on egressFrom and egressTo stanzas. For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset).
Note: By default, updates to this resource will remove the EgressPolicy from the from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy is added before the old one is removed, add a
lifecycleblock withcreate_before_destroy = trueto this resource. Note: If this resource is used alongside agcp.accesscontextmanager.ServicePerimeterresource, the service perimeter resource must have alifecycleblock withignore_changes = [status[0].egress_policies]so they don't fight over which egress rules should be in the policy. To get more information about ServicePerimeterEgressPolicy, see:
How-to Guides
Example Usage
Constructors
Properties
Defines conditions on the source of a request causing this EgressPolicy to apply. Structure is documented below.
Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply. Structure is documented below.