v5.18.0/website/docs/r/iam_access_boundary_policy.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Cloud IAM"
 description: |-
   Represents a collection of access boundary policies to apply to a given resource.
 ---

 # google\_iam\_access\_boundary\_policy

 Represents a collection of access boundary policies to apply to a given resource.
 **NOTE**: This is a private feature and users should contact GCP support
 if they would like to test it.


 ## Example Usage - Iam Access Boundary Policy Basic


 ```hcl
 resource "google_project" "project" {
   project_id      = "my-project"
   name            = "my-project"
   org_id          = "123456789"
   billing_account = "000000-0000000-0000000-000000"
 }

 resource "google_access_context_manager_access_level" "test-access" {
   parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
   name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock"
   title  = "chromeos_no_lock"
   basic {
     conditions {
       device_policy {
         require_screen_lock = true
         os_constraints {
           os_type = "DESKTOP_CHROME_OS"
         }
       }
       regions = [
         "CH",
         "IT",
         "US",
       ]
     }
   }
 }

 resource "google_access_context_manager_access_policy" "access-policy" {
   parent = "organizations/${google_project.project.org_id}"
   title  = "my policy"
 }

 resource "google_iam_access_boundary_policy" "example" {
   parent   = urlencode("cloudresourcemanager.googleapis.com/projects/${google_project.project.project_id}")
   name     = "my-ab-policy"
   display_name = "My AB policy"
   rules {
     description = "AB rule"
     access_boundary_rule {
       available_resource = "*"
       available_permissions = ["*"]
       availability_condition {
         title = "Access level expr"
         expression = "request.matchAccessLevels('${google_project.project.org_id}', ['${google_access_context_manager_access_level.test-access.name}'])"
       }
     }
   }
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `name` -
   (Required)
   The name of the policy.

 * `parent` -
   (Required)
   The attachment point is identified by its URL-encoded full resource name.

 * `rules` -
   (Required)
   Rules to be applied.
   Structure is [documented below](#nested_rules).


 <a name="nested_rules"></a>The `rules` block supports:

 * `description` -
   (Optional)
   The description of the rule.

 * `access_boundary_rule` -
   (Optional)
   An access boundary rule in an IAM policy.
   Structure is [documented below](#nested_access_boundary_rule).


 <a name="nested_access_boundary_rule"></a>The `access_boundary_rule` block supports:

 * `available_resource` -
   (Optional)
   The full resource name of a Google Cloud resource entity.

 * `available_permissions` -
   (Optional)
   A list of permissions that may be allowed for use on the specified resource.

 * `availability_condition` -
   (Optional)
   The availability condition further constrains the access allowed by the access boundary rule.
   Structure is [documented below](#nested_availability_condition).


 <a name="nested_availability_condition"></a>The `availability_condition` block supports:

 * `expression` -
   (Required)
   Textual representation of an expression in Common Expression Language syntax.

 * `title` -
   (Optional)
   Title for the expression, i.e. a short string describing its purpose.
   This can be used e.g. in UIs which allow to enter the expression.

 * `description` -
   (Optional)
   Description of the expression. This is a longer text which describes the expression,
   e.g. when hovered over it in a UI.

 * `location` -
   (Optional)
   String indicating the location of the expression for error reporting,
   e.g. a file name and a position in the file.

 - - -


 * `display_name` -
   (Optional)
   The display name of the rule.


 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `{{parent}}/{{name}}`

 * `etag` -
   The hash of the resource. Used internally during updates.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 AccessBoundaryPolicy can be imported using any of these accepted formats:

 * `{{parent}}/{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import AccessBoundaryPolicy using one of the formats above. For example:

 ```tf
 import {
   id = "{{parent}}/{{name}}"
   to = google_iam_access_boundary_policy.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), AccessBoundaryPolicy can be imported using one of the formats above. For example:

 ```
 $ terraform import google_iam_access_boundary_policy.default {{parent}}/{{name}}
 ```
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Cloud IAM"
	description: \|-
	Represents a collection of access boundary policies to apply to a given resource.
	---

	# google\_iam\_access\_boundary\_policy

	Represents a collection of access boundary policies to apply to a given resource.
	NOTE: This is a private feature and users should contact GCP support
	if they would like to test it.



	## Example Usage - Iam Access Boundary Policy Basic


	```hcl
	resource "google_project" "project" {
	project_id = "my-project"
	name = "my-project"
	org_id = "123456789"
	billing_account = "000000-0000000-0000000-000000"
	}

	resource "google_access_context_manager_access_level" "test-access" {
	parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
	name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock"
	title = "chromeos_no_lock"
	basic {
	conditions {
	device_policy {
	require_screen_lock = true
	os_constraints {
	os_type = "DESKTOP_CHROME_OS"
	}
	}
	regions = [
	"CH",
	"IT",
	"US",
	]
	}
	}
	}

	resource "google_access_context_manager_access_policy" "access-policy" {
	parent = "organizations/${google_project.project.org_id}"
	title = "my policy"
	}

	resource "google_iam_access_boundary_policy" "example" {
	parent = urlencode("cloudresourcemanager.googleapis.com/projects/${google_project.project.project_id}")
	name = "my-ab-policy"
	display_name = "My AB policy"
	rules {
	description = "AB rule"
	access_boundary_rule {
	available_resource = "*"
	available_permissions = ["*"]
	availability_condition {
	title = "Access level expr"
	expression = "request.matchAccessLevels('${google_project.project.org_id}', ['${google_access_context_manager_access_level.test-access.name}'])"
	}
	}
	}
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `name` -
	(Required)
	The name of the policy.

	* `parent` -
	(Required)
	The attachment point is identified by its URL-encoded full resource name.

	* `rules` -
	(Required)
	Rules to be applied.
	Structure is [documented below](#nested_rules).


	<a name="nested_rules"></a>The `rules` block supports:

	* `description` -
	(Optional)
	The description of the rule.

	* `access_boundary_rule` -
	(Optional)
	An access boundary rule in an IAM policy.
	Structure is [documented below](#nested_access_boundary_rule).


	<a name="nested_access_boundary_rule"></a>The `access_boundary_rule` block supports:

	* `available_resource` -
	(Optional)
	The full resource name of a Google Cloud resource entity.

	* `available_permissions` -
	(Optional)
	A list of permissions that may be allowed for use on the specified resource.

	* `availability_condition` -
	(Optional)
	The availability condition further constrains the access allowed by the access boundary rule.
	Structure is [documented below](#nested_availability_condition).


	<a name="nested_availability_condition"></a>The `availability_condition` block supports:

	* `expression` -
	(Required)
	Textual representation of an expression in Common Expression Language syntax.

	* `title` -
	(Optional)
	Title for the expression, i.e. a short string describing its purpose.
	This can be used e.g. in UIs which allow to enter the expression.

	* `description` -
	(Optional)
	Description of the expression. This is a longer text which describes the expression,
	e.g. when hovered over it in a UI.

	* `location` -
	(Optional)
	String indicating the location of the expression for error reporting,
	e.g. a file name and a position in the file.

	- - -


	* `display_name` -
	(Optional)
	The display name of the rule.


	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `{{parent}}/{{name}}`

	* `etag` -
	The hash of the resource. Used internally during updates.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	AccessBoundaryPolicy can be imported using any of these accepted formats:

	* `{{parent}}/{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import AccessBoundaryPolicy using one of the formats above. For example:

	```tf
	import {
	id = "{{parent}}/{{name}}"
	to = google_iam_access_boundary_policy.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), AccessBoundaryPolicy can be imported using one of the formats above. For example:

	```
	$ terraform import google_iam_access_boundary_policy.default {{parent}}/{{name}}
	```