diff --git a/modules/vpc-sc/README.md b/modules/vpc-sc/README.md
index 6ad4e1fc..0191b651 100644
--- a/modules/vpc-sc/README.md
+++ b/modules/vpc-sc/README.md
@@ -23,7 +23,6 @@ module "vpc-sc" {
required_access_levels = null
members = []
negate = false
- device_policy = null
regions = null
}]
}
@@ -66,7 +65,6 @@ module "vpc-sc" {
required_access_levels = null
members = []
negate = false
- device_policy = null
regions = null
}]
}
@@ -107,7 +105,7 @@ module "vpc-sc" {
| access_policy_title | Access Policy title to be created. | string | ✓ | |
| organization_id | Organization id in organizations/nnnnnn format. | string | ✓ | |
| *access_level_perimeters* | Enforced mode -> Access Level -> Perimeters mapping. Enforced mode can be 'enforced' or 'dry_run' | map(map(list(string))) | | {} |
-| *access_levels* | Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate, device_policy or regions'. | map(object({...})) | | {} |
+| *access_levels* | Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate or regions'. | map(object({...})) | | {} |
| *perimeter_projects* | Perimeter -> Enforced Mode -> Projects Number mapping. Enforced mode can be 'enforced' or 'dry_run'. | map(map(list(number))) | | {} |
| *perimeters* | Set of Perimeters. | map(object({...})) | | {} |
diff --git a/modules/vpc-sc/main.tf b/modules/vpc-sc/main.tf
index 7e0d13dc..489643c4 100644
--- a/modules/vpc-sc/main.tf
+++ b/modules/vpc-sc/main.tf
@@ -53,13 +53,6 @@ resource "google_access_context_manager_access_level" "default" {
required_access_levels = try(condition.value.required_access_levels, null)
members = try(condition.value.members, null)
negate = try(condition.value.negate, null)
- device_policy {
- require_screen_lock = try(condition.value.device_policy.require_screen_lock, null)
- allowed_encryption_statuses = try(condition.value.device_policy.allowed_encryption_statuses, null)
- allowed_device_management_levels = try(condition.value.device_policy.allowed_device_management_levels, null)
- require_admin_approval = try(condition.value.device_policy.require_admin_approval, null)
- require_corp_owned = try(condition.value.device_policy.require_corp_owned, null)
- }
regions = try(condition.value.regions, null)
}
}
diff --git a/modules/vpc-sc/variables.tf b/modules/vpc-sc/variables.tf
index 4f1fc51f..f90c3026 100644
--- a/modules/vpc-sc/variables.tf
+++ b/modules/vpc-sc/variables.tf
@@ -15,7 +15,7 @@
*/
variable "access_levels" {
- description = "Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate, device_policy or regions'."
+ description = "Map of Access Levels to be created. For each Access Level you can specify 'ip_subnetworks, required_access_levels, members, negate or regions'."
type = map(object({
combining_function = string
conditions = list(object({
@@ -23,13 +23,6 @@ variable "access_levels" {
required_access_levels = list(string)
members = list(string)
negate = string
- device_policy = object({
- require_screen_lock = bool
- allowed_encryption_statuses = string
- allowed_device_management_levels = string
- require_admin_approval = bool
- require_corp_owned = bool
- })
regions = list(string)
}))
}))