Viewing docs for Google Cloud v9.15.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
Viewing docs for Google Cloud v9.15.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
The enforcement configuration for a service supported by App Check.
To get more information about ServiceConfig, see:
- API documentation
- How-to Guides
Example Usage
Firebase App Check Service Config Off
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const appcheck = new gcp.projects.Service("appcheck", {
project: "my-project-name",
service: "firebaseappcheck.googleapis.com",
});
const _default = new gcp.firebase.AppCheckServiceConfig("default", {
project: "my-project-name",
serviceId: "firestore.googleapis.com",
}, {
dependsOn: [appcheck],
});
import pulumi
import pulumi_gcp as gcp
appcheck = gcp.projects.Service("appcheck",
project="my-project-name",
service="firebaseappcheck.googleapis.com")
default = gcp.firebase.AppCheckServiceConfig("default",
project="my-project-name",
service_id="firestore.googleapis.com",
opts = pulumi.ResourceOptions(depends_on=[appcheck]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/firebase"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
appcheck, err := projects.NewService(ctx, "appcheck", &projects.ServiceArgs{
Project: pulumi.String("my-project-name"),
Service: pulumi.String("firebaseappcheck.googleapis.com"),
})
if err != nil {
return err
}
_, err = firebase.NewAppCheckServiceConfig(ctx, "default", &firebase.AppCheckServiceConfigArgs{
Project: pulumi.String("my-project-name"),
ServiceId: pulumi.String("firestore.googleapis.com"),
}, pulumi.DependsOn([]pulumi.Resource{
appcheck,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var appcheck = new Gcp.Projects.Service("appcheck", new()
{
Project = "my-project-name",
ServiceName = "firebaseappcheck.googleapis.com",
});
var @default = new Gcp.Firebase.AppCheckServiceConfig("default", new()
{
Project = "my-project-name",
ServiceId = "firestore.googleapis.com",
}, new CustomResourceOptions
{
DependsOn =
{
appcheck,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.Service;
import com.pulumi.gcp.projects.ServiceArgs;
import com.pulumi.gcp.firebase.AppCheckServiceConfig;
import com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var appcheck = new Service("appcheck", ServiceArgs.builder()
.project("my-project-name")
.service("firebaseappcheck.googleapis.com")
.build());
var default_ = new AppCheckServiceConfig("default", AppCheckServiceConfigArgs.builder()
.project("my-project-name")
.serviceId("firestore.googleapis.com")
.build(), CustomResourceOptions.builder()
.dependsOn(appcheck)
.build());
}
}
resources:
appcheck:
type: gcp:projects:Service
properties:
project: my-project-name
service: firebaseappcheck.googleapis.com
default:
type: gcp:firebase:AppCheckServiceConfig
properties:
project: my-project-name
serviceId: firestore.googleapis.com
options:
dependsOn:
- ${appcheck}
Firebase App Check Service Config Enforced
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const appcheck = new gcp.projects.Service("appcheck", {
project: "my-project-name",
service: "firebaseappcheck.googleapis.com",
});
const _default = new gcp.firebase.AppCheckServiceConfig("default", {
project: "my-project-name",
serviceId: "firebasestorage.googleapis.com",
enforcementMode: "ENFORCED",
}, {
dependsOn: [appcheck],
});
import pulumi
import pulumi_gcp as gcp
appcheck = gcp.projects.Service("appcheck",
project="my-project-name",
service="firebaseappcheck.googleapis.com")
default = gcp.firebase.AppCheckServiceConfig("default",
project="my-project-name",
service_id="firebasestorage.googleapis.com",
enforcement_mode="ENFORCED",
opts = pulumi.ResourceOptions(depends_on=[appcheck]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/firebase"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
appcheck, err := projects.NewService(ctx, "appcheck", &projects.ServiceArgs{
Project: pulumi.String("my-project-name"),
Service: pulumi.String("firebaseappcheck.googleapis.com"),
})
if err != nil {
return err
}
_, err = firebase.NewAppCheckServiceConfig(ctx, "default", &firebase.AppCheckServiceConfigArgs{
Project: pulumi.String("my-project-name"),
ServiceId: pulumi.String("firebasestorage.googleapis.com"),
EnforcementMode: pulumi.String("ENFORCED"),
}, pulumi.DependsOn([]pulumi.Resource{
appcheck,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var appcheck = new Gcp.Projects.Service("appcheck", new()
{
Project = "my-project-name",
ServiceName = "firebaseappcheck.googleapis.com",
});
var @default = new Gcp.Firebase.AppCheckServiceConfig("default", new()
{
Project = "my-project-name",
ServiceId = "firebasestorage.googleapis.com",
EnforcementMode = "ENFORCED",
}, new CustomResourceOptions
{
DependsOn =
{
appcheck,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.Service;
import com.pulumi.gcp.projects.ServiceArgs;
import com.pulumi.gcp.firebase.AppCheckServiceConfig;
import com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var appcheck = new Service("appcheck", ServiceArgs.builder()
.project("my-project-name")
.service("firebaseappcheck.googleapis.com")
.build());
var default_ = new AppCheckServiceConfig("default", AppCheckServiceConfigArgs.builder()
.project("my-project-name")
.serviceId("firebasestorage.googleapis.com")
.enforcementMode("ENFORCED")
.build(), CustomResourceOptions.builder()
.dependsOn(appcheck)
.build());
}
}
resources:
appcheck:
type: gcp:projects:Service
properties:
project: my-project-name
service: firebaseappcheck.googleapis.com
default:
type: gcp:firebase:AppCheckServiceConfig
properties:
project: my-project-name
serviceId: firebasestorage.googleapis.com
enforcementMode: ENFORCED
options:
dependsOn:
- ${appcheck}
Firebase App Check Service Config Unenforced
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const appcheck = new gcp.projects.Service("appcheck", {
project: "my-project-name",
service: "firebaseappcheck.googleapis.com",
});
const _default = new gcp.firebase.AppCheckServiceConfig("default", {
project: "my-project-name",
serviceId: "identitytoolkit.googleapis.com",
enforcementMode: "UNENFORCED",
}, {
dependsOn: [appcheck],
});
import pulumi
import pulumi_gcp as gcp
appcheck = gcp.projects.Service("appcheck",
project="my-project-name",
service="firebaseappcheck.googleapis.com")
default = gcp.firebase.AppCheckServiceConfig("default",
project="my-project-name",
service_id="identitytoolkit.googleapis.com",
enforcement_mode="UNENFORCED",
opts = pulumi.ResourceOptions(depends_on=[appcheck]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/firebase"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
appcheck, err := projects.NewService(ctx, "appcheck", &projects.ServiceArgs{
Project: pulumi.String("my-project-name"),
Service: pulumi.String("firebaseappcheck.googleapis.com"),
})
if err != nil {
return err
}
_, err = firebase.NewAppCheckServiceConfig(ctx, "default", &firebase.AppCheckServiceConfigArgs{
Project: pulumi.String("my-project-name"),
ServiceId: pulumi.String("identitytoolkit.googleapis.com"),
EnforcementMode: pulumi.String("UNENFORCED"),
}, pulumi.DependsOn([]pulumi.Resource{
appcheck,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var appcheck = new Gcp.Projects.Service("appcheck", new()
{
Project = "my-project-name",
ServiceName = "firebaseappcheck.googleapis.com",
});
var @default = new Gcp.Firebase.AppCheckServiceConfig("default", new()
{
Project = "my-project-name",
ServiceId = "identitytoolkit.googleapis.com",
EnforcementMode = "UNENFORCED",
}, new CustomResourceOptions
{
DependsOn =
{
appcheck,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.Service;
import com.pulumi.gcp.projects.ServiceArgs;
import com.pulumi.gcp.firebase.AppCheckServiceConfig;
import com.pulumi.gcp.firebase.AppCheckServiceConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var appcheck = new Service("appcheck", ServiceArgs.builder()
.project("my-project-name")
.service("firebaseappcheck.googleapis.com")
.build());
var default_ = new AppCheckServiceConfig("default", AppCheckServiceConfigArgs.builder()
.project("my-project-name")
.serviceId("identitytoolkit.googleapis.com")
.enforcementMode("UNENFORCED")
.build(), CustomResourceOptions.builder()
.dependsOn(appcheck)
.build());
}
}
resources:
appcheck:
type: gcp:projects:Service
properties:
project: my-project-name
service: firebaseappcheck.googleapis.com
default:
type: gcp:firebase:AppCheckServiceConfig
properties:
project: my-project-name
serviceId: identitytoolkit.googleapis.com
enforcementMode: UNENFORCED
options:
dependsOn:
- ${appcheck}
Create AppCheckServiceConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AppCheckServiceConfig(name: string, args: AppCheckServiceConfigArgs, opts?: CustomResourceOptions);@overload
def AppCheckServiceConfig(resource_name: str,
args: AppCheckServiceConfigArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AppCheckServiceConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
service_id: Optional[str] = None,
enforcement_mode: Optional[str] = None,
project: Optional[str] = None)func NewAppCheckServiceConfig(ctx *Context, name string, args AppCheckServiceConfigArgs, opts ...ResourceOption) (*AppCheckServiceConfig, error)public AppCheckServiceConfig(string name, AppCheckServiceConfigArgs args, CustomResourceOptions? opts = null)
public AppCheckServiceConfig(String name, AppCheckServiceConfigArgs args)
public AppCheckServiceConfig(String name, AppCheckServiceConfigArgs args, CustomResourceOptions options)
type: gcp:firebase:AppCheckServiceConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AppCheckServiceConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AppCheckServiceConfigArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AppCheckServiceConfigArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AppCheckServiceConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AppCheckServiceConfigArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var appCheckServiceConfigResource = new Gcp.Firebase.AppCheckServiceConfig("appCheckServiceConfigResource", new()
{
ServiceId = "string",
EnforcementMode = "string",
Project = "string",
});
example, err := firebase.NewAppCheckServiceConfig(ctx, "appCheckServiceConfigResource", &firebase.AppCheckServiceConfigArgs{
ServiceId: pulumi.String("string"),
EnforcementMode: pulumi.String("string"),
Project: pulumi.String("string"),
})
var appCheckServiceConfigResource = new AppCheckServiceConfig("appCheckServiceConfigResource", AppCheckServiceConfigArgs.builder()
.serviceId("string")
.enforcementMode("string")
.project("string")
.build());
app_check_service_config_resource = gcp.firebase.AppCheckServiceConfig("appCheckServiceConfigResource",
service_id="string",
enforcement_mode="string",
project="string")
const appCheckServiceConfigResource = new gcp.firebase.AppCheckServiceConfig("appCheckServiceConfigResource", {
serviceId: "string",
enforcementMode: "string",
project: "string",
});
type: gcp:firebase:AppCheckServiceConfig
properties:
enforcementMode: string
project: string
serviceId: string
AppCheckServiceConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AppCheckServiceConfig resource accepts the following input properties:
- Service
Id string - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- Enforcement
Mode string - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Id string - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- Enforcement
Mode string - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Id String - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- enforcement
Mode String - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Id string - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- enforcement
Mode string - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service_
id str - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- enforcement_
mode str - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Id String - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- enforcement
Mode String - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Outputs
All input properties are implicitly available as output properties. Additionally, the AppCheckServiceConfig resource produces the following output properties:
Look up Existing AppCheckServiceConfig Resource
Get an existing AppCheckServiceConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AppCheckServiceConfigState, opts?: CustomResourceOptions): AppCheckServiceConfig@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
enforcement_mode: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
service_id: Optional[str] = None) -> AppCheckServiceConfigfunc GetAppCheckServiceConfig(ctx *Context, name string, id IDInput, state *AppCheckServiceConfigState, opts ...ResourceOption) (*AppCheckServiceConfig, error)public static AppCheckServiceConfig Get(string name, Input<string> id, AppCheckServiceConfigState? state, CustomResourceOptions? opts = null)public static AppCheckServiceConfig get(String name, Output<String> id, AppCheckServiceConfigState state, CustomResourceOptions options)resources: _: type: gcp:firebase:AppCheckServiceConfig get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Enforcement
Mode string - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - Name string
- The fully-qualified resource name of the service enforcement configuration.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Id string - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- Enforcement
Mode string - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - Name string
- The fully-qualified resource name of the service enforcement configuration.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Id string - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- enforcement
Mode String - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - name String
- The fully-qualified resource name of the service enforcement configuration.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Id String - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- enforcement
Mode string - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - name string
- The fully-qualified resource name of the service enforcement configuration.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Id string - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- enforcement_
mode str - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - name str
- The fully-qualified resource name of the service enforcement configuration.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service_
id str - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
- enforcement
Mode String - The App Check enforcement mode for a service supported by App Check. Valid values are
(Unset)
Firebase App Check is not enforced for the service, nor are App Check metrics collected.
Though the service is not protected by App Check in this mode, other applicable protections,
such as user authorization, are still enforced. An unconfigured service is in this mode by default.
This is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the
enforcement to OFF for this service.
UNENFORCED
Firebase App Check is not enforced for the service. App Check metrics are collected to help you
decide when to turn on enforcement for the service. Though the service is not protected by App Check
in this mode, other applicable protections, such as user authorization, are still enforced.
ENFORCED
Firebase App Check is enforced for the service. The service will reject any request that attempts to
access your project's resources if it does not have valid App Check token attached, with some exceptions
depending on the service; for example, some services will still allow requests bearing the developer's
privileged service account credentials without an App Check token. App Check metrics continue to be
collected to help you detect issues with your App Check integration and monitor the composition of your
callers. While the service is protected by App Check, other applicable protections, such as user
authorization, continue to be enforced at the same time.
Use caution when choosing to enforce App Check on a Firebase service. If your users have not updated
to an App Check capable version of your app, their apps will no longer be able to use your Firebase
services that are enforcing App Check. App Check metrics can help you decide whether to enforce App
Check on your Firebase services.
If your app has not launched yet, you should enable enforcement immediately, since there are no outdated
clients in use.
Possible values are:
UNENFORCED,ENFORCED. - name String
- The fully-qualified resource name of the service enforcement configuration.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Id String - The identifier of the service to configure enforcement. Currently, the following service IDs are supported: firebasestorage.googleapis.com (Cloud Storage for Firebase) firebasedatabase.googleapis.com (Firebase Realtime Database) firestore.googleapis.com (Cloud Firestore) identitytoolkit.googleapis.com (Authentication)
Import
ServiceConfig can be imported using any of these accepted formats:
projects/{{project}}/services/{{service_id}}{{project}}/{{service_id}}{{service_id}}
When using the pulumi import command, ServiceConfig can be imported using one of the formats above. For example:
$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default projects/{{project}}/services/{{service_id}}
$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default {{project}}/{{service_id}}
$ pulumi import gcp:firebase/appCheckServiceConfig:AppCheckServiceConfig default {{service_id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
Viewing docs for Google Cloud v9.15.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
