v5.18.0/website/docs/r/vmwareengine_external_access_rule.html.markdown

---
# ----------------------------------------------------------------------------
#
#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
#
# ----------------------------------------------------------------------------
#
#     This file is automatically generated by Magic Modules and manual
#     changes will be clobbered when the file is regenerated.
#
#     Please read more about how to change this file in
#     .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Cloud VMware Engine"
description: |-
  External access firewall rules for filtering incoming traffic destined to `ExternalAddress` resources.
---

# google\_vmwareengine\_external\_access\_rule

External access firewall rules for filtering incoming traffic destined to `ExternalAddress` resources.


To get more information about ExternalAccessRule, see:

* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies.externalAccessRules)

## Example Usage - Vmware Engine External Access Rule Basic


```hcl
resource "google_vmwareengine_network" "external-access-rule-nw" {
  name        = "sample-nw"
  location    = "global"
  type        = "STANDARD"
  description = "PC network description."
}

resource "google_vmwareengine_network_policy" "external-access-rule-np" {
  location = "us-west1"
  name = "sample-np"
  edge_services_cidr = "192.168.30.0/26"
  vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
}

resource "google_vmwareengine_external_access_rule" "vmw-engine-external-access-rule" {
  name = "sample-external-access-rule"
  parent =  google_vmwareengine_network_policy.external-access-rule-np.id
  priority = 101
  action = "DENY"
  ip_protocol = "TCP"
  source_ip_ranges {
    ip_address_range = "0.0.0.0/0"
  }
  source_ports = ["80"]
  destination_ip_ranges {
    ip_address_range = "0.0.0.0/0"
  }
  destination_ports = ["433"]
}
```
## Example Usage - Vmware Engine External Access Rule Full


```hcl
resource "google_vmwareengine_network" "external-access-rule-nw" {
  name        = "sample-nw"
  location    = "global"
  type        = "STANDARD"
  description = "PC network description."
}

resource "google_vmwareengine_private_cloud" "external-access-rule-pc" {
  location    = "us-west1-a"
  name        = "sample-pc"
  description = "Sample test PC."
  network_config {
    management_cidr       = "192.168.50.0/24"
    vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
  }

  management_cluster {
    cluster_id = "sample-mgmt-cluster"
    node_type_configs {
      node_type_id = "standard-72"
      node_count   = 3
    }
  }
}

resource "google_vmwareengine_network_policy" "external-access-rule-np" {
  location = "us-west1"
  name = "sample-np"
  edge_services_cidr = "192.168.30.0/26"
  vmware_engine_network = google_vmwareengine_network.external-access-rule-nw.id
}

resource "google_vmwareengine_external_address" "external-access-rule-ea" {
    name = "sample-ea"
    parent =  google_vmwareengine_private_cloud.external-access-rule-pc.id
    internal_ip = "192.168.0.65"
}

resource "google_vmwareengine_external_access_rule" "vmw-engine-external-access-rule" {
  name = "sample-external-access-rule"
  parent =  google_vmwareengine_network_policy.external-access-rule-np.id
  description = "Sample Description"
  priority = 101
  action = "ALLOW"
  ip_protocol = "tcp"
  source_ip_ranges {
    ip_address_range = "0.0.0.0/0"
  }
  source_ports = ["80"]
  destination_ip_ranges {
    external_address = google_vmwareengine_external_address.external-access-rule-ea.id
  }
  destination_ports = ["433"]
}
```

## Argument Reference

The following arguments are supported:


* `priority` -
  (Required)
  External access rule priority, which determines the external access rule to use when multiple rules apply.

* `action` -
  (Required)
  The action that the external access rule performs.
  Possible values are: `ALLOW`, `DENY`.

* `ip_protocol` -
  (Required)
  The IP protocol to which the external access rule applies.

* `source_ip_ranges` -
  (Required)
  If source ranges are specified, the external access rule applies only to
  traffic that has a source IP address in these ranges.
  Structure is [documented below](#nested_source_ip_ranges).

* `source_ports` -
  (Required)
  A list of source ports to which the external access rule applies.

* `destination_ip_ranges` -
  (Required)
  If destination ranges are specified, the external access rule applies only to
  traffic that has a destination IP address in these ranges.
  Structure is [documented below](#nested_destination_ip_ranges).

* `destination_ports` -
  (Required)
  A list of destination ports to which the external access rule applies.

* `parent` -
  (Required)
  The resource name of the network policy.
  Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.
  For example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy

* `name` -
  (Required)
  The ID of the external access rule.


<a name="nested_source_ip_ranges"></a>The `source_ip_ranges` block supports:

* `ip_address` -
  (Optional)
  A single IP address.

* `ip_address_range` -
  (Optional)
  An IP address range in the CIDR format.

<a name="nested_destination_ip_ranges"></a>The `destination_ip_ranges` block supports:

* `ip_address_range` -
  (Optional)
  An IP address range in the CIDR format.

* `external_address` -
  (Optional)
  The name of an `ExternalAddress` resource.

- - -


* `description` -
  (Optional)
  User-provided description for the external access rule.


## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

* `id` - an identifier for the resource with format `{{parent}}/externalAccessRules/{{name}}`

* `create_time` -
  Creation time of this resource.
  A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and
  up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

* `update_time` -
  Last updated time of this resource.
  A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
  fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

* `state` -
  State of the Cluster.

* `uid` -
  System-generated unique identifier for the resource.


## Timeouts

This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.

## Import


ExternalAccessRule can be imported using any of these accepted formats:

* `{{parent}}/externalAccessRules/{{name}}`


In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import ExternalAccessRule using one of the formats above. For example:

```tf
import {
  id = "{{parent}}/externalAccessRules/{{name}}"
  to = google_vmwareengine_external_access_rule.default
}
```

When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), ExternalAccessRule can be imported using one of the formats above. For example:

```
$ terraform import google_vmwareengine_external_access_rule.default {{parent}}/externalAccessRules/{{name}}
```