» google_access_context_manager_service_perimeter_resource

Allows configuring a single GCP resource that should be inside of a service perimeter. This resource is intended to be used in cases where it is not possible to compile a full list of projects to include in a google_access_context_manager_service_perimeter resource, to enable them to be added separately.

To get more information about ServicePerimeterResource, see:

» Example Usage - Access Context Manager Service Perimeter Resource Basic

resource "google_access_context_manager_service_perimeter_resource" "service-perimeter-resource" {
  perimeter_name = google_access_context_manager_service_perimeter.service-perimeter-resource.name
  resource = "projects/987654321"

resource "google_access_context_manager_service_perimeter" "service-perimeter-resource" {
  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/restrict_all"
  title  = "restrict_all"
  status {
    restricted_services = ["storage.googleapis.com"]

  lifecycle {
    ignore_changes = [status[0].resources]

resource "google_access_context_manager_access_policy" "access-policy" {
  parent = "organizations/123456789"
  title  = "my policy"

» Argument Reference

The following arguments are supported:

  • resource - (Required) A GCP resource that is inside of the service perimeter. Currently only projects are allowed. Format: projects/{project_number}

  • perimeter_name - (Required) The name of the Service Perimeter to add this resource to.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format {{perimeter_name}}/{{resource}}

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

ServicePerimeterResource can be imported using any of these accepted formats:

$ terraform import google_access_context_manager_service_perimeter_resource.default {{perimeter_name}}/{{resource}}