Endpoint Policy

An Endpoint Policy in Google Cloud defines access control and security rules for network endpoints. It allows administrators to specify which clients or services can connect to particular endpoints, enforcing conditions such as identity, device attributes, or location. This helps ensure secure and compliant communication across services.

gcp.networkservices_endpoint_policy

Fields

TitleIDTypeData TypeDescription
_keycorestring
ancestorscorearray<string>
authorization_policycorestringOptional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
client_tls_policycorestringOptional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
create_timecoretimestampOutput only. The timestamp when the resource was created.
datadog_display_namecorestring
descriptioncorestringOptional. A free-text description of the resource. Max length 1024 characters.
endpoint_matchercorejsonRequired. A matcher that selects endpoints to which the policies should be applied.
labelscorearray<string>Optional. Set of label tags associated with the EndpointPolicy resource.
namecorestringIdentifier. Name of the EndpointPolicy resource. It matches pattern `projects/{project}/locations/*/endpointPolicies/{endpoint_policy}`.
organization_idcorestring
parentcorestring
project_idcorestring
project_numbercorestring
region_idcorestring
resource_namecorestring
server_tls_policycorestringOptional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint.
tagscorehstore_csv
traffic_port_selectorcorejsonOptional. Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
typecorestringRequired. The type of endpoint policy. This is primarily used to validate the configuration.
update_timecoretimestampOutput only. The timestamp when the resource was updated.
zone_idcorestring