v5.18.0/website/docs/r/network_connectivity_service_connection_policy.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Network Connectivity"
 description: |-
   Manage Service Connection Policies.
 ---

 # google\_network\_connectivity\_service\_connection\_policy

 Manage Service Connection Policies.


 To get more information about ServiceConnectionPolicy, see:

 * [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/networkconnectivity/rest/v1/projects.locations.networkConnectionPolicies)
 * How-to Guides
     * [About Service Connection Policies](https://cloud.google.com/vpc/docs/about-service-connection-policies#service-policies)

 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_connectivity_policy_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Network Connectivity Policy Basic


 ```hcl
 resource "google_compute_network" "producer_net" {
   name                    = "producer-net"
   auto_create_subnetworks = false
 }

 resource "google_compute_subnetwork" "producer_subnet" {
   name          = "producer-subnet"
   ip_cidr_range = "10.0.0.0/16"
   region        = "us-central1"
   network       = google_compute_network.producer_net.id
 }

 resource "google_network_connectivity_service_connection_policy" "default" {
   name = "my-network-connectivity-policy"
   location = "us-central1"
   service_class = "my-basic-service-class"
   description   = "my basic service connection policy"
   network = google_compute_network.producer_net.id
   psc_config {
     subnetworks = [google_compute_subnetwork.producer_subnet.id]
     limit = 2
   }
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `service_class` -
   (Required)
   The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass.
   It is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx.

 * `network` -
   (Required)
   The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}.

 * `name` -
   (Required)
   The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names

 * `location` -
   (Required)
   The location of the ServiceConnectionPolicy.


 - - -


 * `description` -
   (Optional)
   Free-text description of the resource.

 * `psc_config` -
   (Optional)
   Configuration used for Private Service Connect connections. Used when Infrastructure is PSC.
   Structure is [documented below](#nested_psc_config).

 * `labels` -
   (Optional)
   User-defined labels.

   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.

 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.


 <a name="nested_psc_config"></a>The `psc_config` block supports:

 * `subnetworks` -
   (Required)
   IDs of the subnetworks or fully qualified identifiers for the subnetworks

 * `limit` -
   (Optional)
   Max number of PSC connections for this policy.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}`

 * `create_time` -
   The timestamp when the resource was created.

 * `update_time` -
   The timestamp when the resource was updated.

 * `etag` -
   The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.

 * `psc_connections` -
   Information about each Private Service Connect connection.
   Structure is [documented below](#nested_psc_connections).

 * `infrastructure` -
   The type of underlying resources used to create the connection.

 * `terraform_labels` -
   The combination of labels configured directly on the resource
    and default labels configured on the provider.

 * `effective_labels` -
   All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.


 <a name="nested_psc_connections"></a>The `psc_connections` block contains:

 * `state` -
   (Optional)
   The state of the PSC connection.
   Possible values are: `STATE_UNSPECIFIED`, `ACTIVE`, `CREATING`, `DELETING`, `FAILED`.

 * `consumer_forwarding_rule` -
   (Optional)
   The resource reference of the PSC Forwarding Rule within the consumer VPC.

 * `consumer_address` -
   (Optional)
   The resource reference of the consumer address.

 * `error_type` -
   (Optional)
   The error type indicates whether the error is consumer facing, producer
   facing or system internal.
   Possible values are: `CONNECTION_ERROR_TYPE_UNSPECIFIED`, `ERROR_INTERNAL`, `ERROR_CONSUMER_SIDE`, `ERROR_PRODUCER_SIDE`.

 * `error` -
   (Optional)
   The most recent error during operating this connection.
   Structure is [documented below](#nested_error).

 * `gce_operation` -
   (Optional)
   The last Compute Engine operation to setup PSC connection.

 * `consumer_target_project` -
   (Optional)
   The project where the PSC connection is created.

 * `psc_connection_id` -
   (Optional)
   The PSC connection id of the PSC forwarding rule.

 * `error_info` -
   (Optional)
   The error info for the latest error during operating this connection.
   Structure is [documented below](#nested_error_info).


 <a name="nested_error"></a>The `error` block supports:

 * `message` -
   (Optional)
   A developer-facing error message.

 * `code` -
   (Optional)
   The status code, which should be an enum value of [google.rpc.Code][].

 * `details` -
   (Output)
   A list of messages that carry the error details.

 <a name="nested_error_info"></a>The `error_info` block supports:

 * `reason` -
   (Optional)
   The reason of the error.

 * `domain` -
   (Optional)
   The logical grouping to which the "reason" belongs.

 * `metadata` -
   (Optional)
   Additional structured details about this error.

 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 30 minutes.
 - `update` - Default is 30 minutes.
 - `delete` - Default is 30 minutes.

 ## Import


 ServiceConnectionPolicy can be imported using any of these accepted formats:

 * `projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}`
 * `{{project}}/{{location}}/{{name}}`
 * `{{location}}/{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import ServiceConnectionPolicy using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}"
   to = google_network_connectivity_service_connection_policy.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), ServiceConnectionPolicy can be imported using one of the formats above. For example:

 ```
 $ terraform import google_network_connectivity_service_connection_policy.default projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}
 $ terraform import google_network_connectivity_service_connection_policy.default {{project}}/{{location}}/{{name}}
 $ terraform import google_network_connectivity_service_connection_policy.default {{location}}/{{name}}
 ```

 ## User Project Overrides

 This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Network Connectivity"
	description: \|-
	Manage Service Connection Policies.
	---

	# google\_network\_connectivity\_service\_connection\_policy

	Manage Service Connection Policies.


	To get more information about ServiceConnectionPolicy, see:

	* [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/networkconnectivity/rest/v1/projects.locations.networkConnectionPolicies)
	* How-to Guides
	* [About Service Connection Policies](https://cloud.google.com/vpc/docs/about-service-connection-policies#service-policies)

	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_connectivity_policy_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Network Connectivity Policy Basic


	```hcl
	resource "google_compute_network" "producer_net" {
	name = "producer-net"
	auto_create_subnetworks = false
	}

	resource "google_compute_subnetwork" "producer_subnet" {
	name = "producer-subnet"
	ip_cidr_range = "10.0.0.0/16"
	region = "us-central1"
	network = google_compute_network.producer_net.id
	}

	resource "google_network_connectivity_service_connection_policy" "default" {
	name = "my-network-connectivity-policy"
	location = "us-central1"
	service_class = "my-basic-service-class"
	description = "my basic service connection policy"
	network = google_compute_network.producer_net.id
	psc_config {
	subnetworks = [google_compute_subnetwork.producer_subnet.id]
	limit = 2
	}
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `service_class` -
	(Required)
	The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass.
	It is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx.

	* `network` -
	(Required)
	The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}.

	* `name` -
	(Required)
	The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names

	* `location` -
	(Required)
	The location of the ServiceConnectionPolicy.


	- - -


	* `description` -
	(Optional)
	Free-text description of the resource.

	* `psc_config` -
	(Optional)
	Configuration used for Private Service Connect connections. Used when Infrastructure is PSC.
	Structure is [documented below](#nested_psc_config).

	* `labels` -
	(Optional)
	User-defined labels.

	Note: This field is non-authoritative, and will only manage the labels present in your configuration.
	Please refer to the field `effective_labels` for all of the labels present on the resource.

	* `project` - (Optional) The ID of the project in which the resource belongs.
	If it is not provided, the provider project is used.


	<a name="nested_psc_config"></a>The `psc_config` block supports:

	* `subnetworks` -
	(Required)
	IDs of the subnetworks or fully qualified identifiers for the subnetworks

	* `limit` -
	(Optional)
	Max number of PSC connections for this policy.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}`

	* `create_time` -
	The timestamp when the resource was created.

	* `update_time` -
	The timestamp when the resource was updated.

	* `etag` -
	The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.

	* `psc_connections` -
	Information about each Private Service Connect connection.
	Structure is [documented below](#nested_psc_connections).

	* `infrastructure` -
	The type of underlying resources used to create the connection.

	* `terraform_labels` -
	The combination of labels configured directly on the resource
	and default labels configured on the provider.

	* `effective_labels` -
	All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.


	<a name="nested_psc_connections"></a>The `psc_connections` block contains:

	* `state` -
	(Optional)
	The state of the PSC connection.
	Possible values are: `STATE_UNSPECIFIED`, `ACTIVE`, `CREATING`, `DELETING`, `FAILED`.

	* `consumer_forwarding_rule` -
	(Optional)
	The resource reference of the PSC Forwarding Rule within the consumer VPC.

	* `consumer_address` -
	(Optional)
	The resource reference of the consumer address.

	* `error_type` -
	(Optional)
	The error type indicates whether the error is consumer facing, producer
	facing or system internal.
	Possible values are: `CONNECTION_ERROR_TYPE_UNSPECIFIED`, `ERROR_INTERNAL`, `ERROR_CONSUMER_SIDE`, `ERROR_PRODUCER_SIDE`.

	* `error` -
	(Optional)
	The most recent error during operating this connection.
	Structure is [documented below](#nested_error).

	* `gce_operation` -
	(Optional)
	The last Compute Engine operation to setup PSC connection.

	* `consumer_target_project` -
	(Optional)
	The project where the PSC connection is created.

	* `psc_connection_id` -
	(Optional)
	The PSC connection id of the PSC forwarding rule.

	* `error_info` -
	(Optional)
	The error info for the latest error during operating this connection.
	Structure is [documented below](#nested_error_info).


	<a name="nested_error"></a>The `error` block supports:

	* `message` -
	(Optional)
	A developer-facing error message.

	* `code` -
	(Optional)
	The status code, which should be an enum value of [google.rpc.Code][].

	* `details` -
	(Output)
	A list of messages that carry the error details.

	<a name="nested_error_info"></a>The `error_info` block supports:

	* `reason` -
	(Optional)
	The reason of the error.

	* `domain` -
	(Optional)
	The logical grouping to which the "reason" belongs.

	* `metadata` -
	(Optional)
	Additional structured details about this error.

	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 30 minutes.
	- `update` - Default is 30 minutes.
	- `delete` - Default is 30 minutes.

	## Import


	ServiceConnectionPolicy can be imported using any of these accepted formats:

	* `projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}`
	* `{{project}}/{{location}}/{{name}}`
	* `{{location}}/{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import ServiceConnectionPolicy using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}"
	to = google_network_connectivity_service_connection_policy.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), ServiceConnectionPolicy can be imported using one of the formats above. For example:

	```
	$ terraform import google_network_connectivity_service_connection_policy.default projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}
	$ terraform import google_network_connectivity_service_connection_policy.default {{project}}/{{location}}/{{name}}
	$ terraform import google_network_connectivity_service_connection_policy.default {{location}}/{{name}}
	```

	## User Project Overrides

	This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).