v5.18.0/website/docs/r/firebase_app_check_service_config.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Firebase App Check"
 description: |-
   The enforcement configuration for a service supported by App Check.
 ---

 # google\_firebase\_app\_check\_service\_config

 The enforcement configuration for a service supported by App Check.


 To get more information about ServiceConfig, see:

 * [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.services)
 * How-to Guides
     * [Official Documentation](https://firebase.google.com/docs/app-check)

 ## Example Usage - Firebase App Check Service Config Off


 ```hcl
 resource "google_project_service" "appcheck" {
   project = "my-project-name"
   service = "firebaseappcheck.googleapis.com"
   disable_on_destroy = false
 }

 resource "google_firebase_app_check_service_config" "default" {
   project = "my-project-name"
   service_id = "firestore.googleapis.com"

   depends_on = [google_project_service.appcheck]
 }
 ```
 ## Example Usage - Firebase App Check Service Config Enforced


 ```hcl
 resource "google_project_service" "appcheck" {
   project = "my-project-name"
   service = "firebaseappcheck.googleapis.com"
   disable_on_destroy = false
 }

 resource "google_firebase_app_check_service_config" "default" {
   project = "my-project-name"
   service_id = "firebasestorage.googleapis.com"
   enforcement_mode = "ENFORCED"

   depends_on = [google_project_service.appcheck]
 }
 ```
 ## Example Usage - Firebase App Check Service Config Unenforced


 ```hcl
 resource "google_project_service" "appcheck" {
   project = "my-project-name"
   service = "firebaseappcheck.googleapis.com"
   disable_on_destroy = false
 }

 resource "google_firebase_app_check_service_config" "default" {
   project = "my-project-name"
   service_id = "firebasedatabase.googleapis.com"
   enforcement_mode = "UNENFORCED"

   depends_on = [google_project_service.appcheck]
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `service_id` -
   (Required)
   The identifier of the service to configure enforcement. Currently, the following service IDs are supported:
     firebasestorage.googleapis.com (Cloud Storage for Firebase)
     firebasedatabase.googleapis.com (Firebase Realtime Database)
     firestore.googleapis.com (Cloud Firestore)
     identitytoolkit.googleapis.com (Authentication)


 - - -


 * `enforcement_mode` -
   (Optional)
   The App Check enforcement mode for a service supported by App Check. Valid values are
   (Unset)
   Firebase App Check is not enforced for the service, nor are App Check metrics collected.
   Though the service is not protected by App Check in this mode, other applicable protections,
   such as user authorization, are still enforced. An unconfigured service is in this mode by default.
   This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
   enforcement to OFF for this service.
   UNENFORCED
   Firebase App Check is not enforced for the service. App Check metrics are collected to help you
   decide when to turn on enforcement for the service. Though the service is not protected by App Check
   in this mode, other applicable protections, such as user authorization, are still enforced.
   ENFORCED
   Firebase App Check is enforced for the service. The service will reject any request that attempts to
   access your project's resources if it does not have valid App Check token attached, with some exceptions
   depending on the service; for example, some services will still allow requests bearing the developer's
   privileged service account credentials without an App Check token. App Check metrics continue to be
   collected to help you detect issues with your App Check integration and monitor the composition of your
   callers. While the service is protected by App Check, other applicable protections, such as user
   authorization, continue to be enforced at the same time.
   Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
   to an App Check capable version of your app, their apps will no longer be able to use your Firebase
   services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
   Check on your Firebase services.
   If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
   clients in use.
   Possible values are: `UNENFORCED`, `ENFORCED`.

 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.


 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `projects/{{project}}/services/{{service_id}}`

 * `name` -
   The fully-qualified resource name of the service enforcement configuration.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 ServiceConfig can be imported using any of these accepted formats:

 * `projects/{{project}}/services/{{service_id}}`
 * `{{project}}/{{service_id}}`
 * `{{service_id}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import ServiceConfig using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/services/{{service_id}}"
   to = google_firebase_app_check_service_config.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), ServiceConfig can be imported using one of the formats above. For example:

 ```
 $ terraform import google_firebase_app_check_service_config.default projects/{{project}}/services/{{service_id}}
 $ terraform import google_firebase_app_check_service_config.default {{project}}/{{service_id}}
 $ terraform import google_firebase_app_check_service_config.default {{service_id}}
 ```

 ## User Project Overrides

 This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Firebase App Check"
	description: \|-
	The enforcement configuration for a service supported by App Check.
	---

	# google\_firebase\_app\_check\_service\_config

	The enforcement configuration for a service supported by App Check.


	To get more information about ServiceConfig, see:

	* [API documentation](https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.services)
	* How-to Guides
	* [Official Documentation](https://firebase.google.com/docs/app-check)

	## Example Usage - Firebase App Check Service Config Off


	```hcl
	resource "google_project_service" "appcheck" {
	project = "my-project-name"
	service = "firebaseappcheck.googleapis.com"
	disable_on_destroy = false
	}

	resource "google_firebase_app_check_service_config" "default" {
	project = "my-project-name"
	service_id = "firestore.googleapis.com"

	depends_on = [google_project_service.appcheck]
	}
	```
	## Example Usage - Firebase App Check Service Config Enforced


	```hcl
	resource "google_project_service" "appcheck" {
	project = "my-project-name"
	service = "firebaseappcheck.googleapis.com"
	disable_on_destroy = false
	}

	resource "google_firebase_app_check_service_config" "default" {
	project = "my-project-name"
	service_id = "firebasestorage.googleapis.com"
	enforcement_mode = "ENFORCED"

	depends_on = [google_project_service.appcheck]
	}
	```
	## Example Usage - Firebase App Check Service Config Unenforced


	```hcl
	resource "google_project_service" "appcheck" {
	project = "my-project-name"
	service = "firebaseappcheck.googleapis.com"
	disable_on_destroy = false
	}

	resource "google_firebase_app_check_service_config" "default" {
	project = "my-project-name"
	service_id = "firebasedatabase.googleapis.com"
	enforcement_mode = "UNENFORCED"

	depends_on = [google_project_service.appcheck]
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `service_id` -
	(Required)
	The identifier of the service to configure enforcement. Currently, the following service IDs are supported:
	firebasestorage.googleapis.com (Cloud Storage for Firebase)
	firebasedatabase.googleapis.com (Firebase Realtime Database)
	firestore.googleapis.com (Cloud Firestore)
	identitytoolkit.googleapis.com (Authentication)


	- - -


	* `enforcement_mode` -
	(Optional)
	The App Check enforcement mode for a service supported by App Check. Valid values are
	(Unset)
	Firebase App Check is not enforced for the service, nor are App Check metrics collected.
	Though the service is not protected by App Check in this mode, other applicable protections,
	such as user authorization, are still enforced. An unconfigured service is in this mode by default.
	This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
	enforcement to OFF for this service.
	UNENFORCED
	Firebase App Check is not enforced for the service. App Check metrics are collected to help you
	decide when to turn on enforcement for the service. Though the service is not protected by App Check
	in this mode, other applicable protections, such as user authorization, are still enforced.
	ENFORCED
	Firebase App Check is enforced for the service. The service will reject any request that attempts to
	access your project's resources if it does not have valid App Check token attached, with some exceptions
	depending on the service; for example, some services will still allow requests bearing the developer's
	privileged service account credentials without an App Check token. App Check metrics continue to be
	collected to help you detect issues with your App Check integration and monitor the composition of your
	callers. While the service is protected by App Check, other applicable protections, such as user
	authorization, continue to be enforced at the same time.
	Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
	to an App Check capable version of your app, their apps will no longer be able to use your Firebase
	services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
	Check on your Firebase services.
	If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
	clients in use.
	Possible values are: `UNENFORCED`, `ENFORCED`.

	* `project` - (Optional) The ID of the project in which the resource belongs.
	If it is not provided, the provider project is used.


	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `projects/{{project}}/services/{{service_id}}`

	* `name` -
	The fully-qualified resource name of the service enforcement configuration.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	ServiceConfig can be imported using any of these accepted formats:

	* `projects/{{project}}/services/{{service_id}}`
	* `{{project}}/{{service_id}}`
	* `{{service_id}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import ServiceConfig using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/services/{{service_id}}"
	to = google_firebase_app_check_service_config.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), ServiceConfig can be imported using one of the formats above. For example:

	```
	$ terraform import google_firebase_app_check_service_config.default projects/{{project}}/services/{{service_id}}
	$ terraform import google_firebase_app_check_service_config.default {{project}}/{{service_id}}
	$ terraform import google_firebase_app_check_service_config.default {{service_id}}
	```

	## User Project Overrides

	This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).