enable org policy API, fix run.allowedIngress value (#935)
This commit is contained in:
parent
a30c186f1f
commit
559753fab5
|
@ -72,6 +72,7 @@ module "automation-project" {
|
|||
"essentialcontacts.googleapis.com",
|
||||
"iam.googleapis.com",
|
||||
"iamcredentials.googleapis.com",
|
||||
"orgpolicy.googleapis.com",
|
||||
"pubsub.googleapis.com",
|
||||
"servicenetworking.googleapis.com",
|
||||
"serviceusage.googleapis.com",
|
||||
|
|
|
@ -78,11 +78,10 @@ module "organization" {
|
|||
"iam.automaticIamGrantsForDefaultServiceAccounts" = { enforce = true }
|
||||
"iam.disableServiceAccountKeyCreation" = { enforce = true }
|
||||
"iam.disableServiceAccountKeyUpload" = { enforce = true }
|
||||
"run.allowedIngress" = { allow = { values = ["is:INTERNAL"] } }
|
||||
"run.allowedIngress" = { allow = { values = ["is:internal"] } }
|
||||
"sql.restrictAuthorizedNetworks" = { enforce = true }
|
||||
"sql.restrictPublicIp" = { enforce = true }
|
||||
"storage.uniformBucketLevelAccess" = { enforce = true }
|
||||
|
||||
# "cloudfunctions.allowedIngressSettings" = {
|
||||
# allow = { values = ["is:ALLOW_INTERNAL_ONLY"] }
|
||||
# }
|
||||
|
|
Loading…
Reference in New Issue