How to create GCP Compute security policy?
TypeScriptIn Google Cloud Platform (GCP), you can create a Compute Engine security policy to control inbound or outbound traffic to and from your virtual machine (VM) instances. These policies define what's allowed and what's not as traffic flows between your instances and other networks.
Pulumi's Google Cloud provider (
gcp
) has a resource calledgcp.compute.SecurityPolicy
that lets you define and manage security policies.Here's a simple example that creates a security policy. This security policy has a rule that allows all traffic:
import * as pulumi from "@pulumi/pulumi"; import * as gcp from "@pulumi/gcp"; // Create a new security policy const securityPolicy = new gcp.compute.SecurityPolicy("my-policy", { // The name of the security policy name: "my-security-policy", // A text description for the policy description: "A policy to allow all inbound traffic", // Rules to be included in the policy rules: [{ // The priority of the rule priority: 0, // An optional description of the rule description: "Allows all inbound traffic", // The action to take when a match is found action: "allow", // The match condition for incoming traffic, we are matching all traffic match: { config: {}, versionedExpr: "SRC_IPS_V1", }, }], }); // Export the security policy ID export const policyId = securityPolicy.id;
The
gcp.compute.SecurityPolicy
resource creates your policy, and therules
property sets the rules for that policy. Each rule is an object that has properties likepriority
,description
,match
, andaction
. You commonly use these properties to determine how the rule behaves when a match is found.In this case, the
match
object usesversionedExpr: "SRC_IPS_V1"
to represent a predefined configuration that matches all incoming source IPs.Remember to replace
"my-security-policy"
with the name you want for your security policy.This program will run as-is if your Pulumi and GCP configurations are set correctly. After it runs successfully, you should see a new Security Policy created in your GCP Console.