GCP VPC SC Rules for all projects under a folder

37 Views Asked by Ankit Srivastava At 29 February 2024 at 12:47

I am trying to set Ingress and Egress Rules for a service perimeter.

Currently have setup rules based on service accounts and resources(Projects).

I am also trying to see if I want to create rules at Folder Level.

Example-: ORG-> DEV-> ProjectA ProjectB QA-> ProjectC ProjectD

I have a service perimeter set at ProjectA & ProjectB. Is there a way to create egress rule allowing target as ANY Project under folder "QA" instead of listing each project in the rule?

Original Q&A

There are 1 best solutions below

Ron Etch On 29 February 2024 at 21:06

You can try to use \\"\*\\" on the resources to egressTo all resources or use the folder "folders/123456". See the following YAML as example

- egressTo:
    operations:
    - serviceName: service-name
      methodSelectors:
      - method: method
      *OR*
      - permission: permission
    resources: \"*\"
  egressFrom:
    identityType: ANY_IDENTITY | ANY_USER_ACCOUNT | ANY_SERVICE_ACCOUNT
    *OR*
    identities:
    - serviceAccount:service-account
    - user:user-account

Also, there are some limitations on using the service control based on this docs

GCP VPC SC Rules for all projects under a folder

There are 1 best solutions below

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in VPC

Trending Questions

Popular # Hahtags

Popular Questions