This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to create an org policy to deny the creation of all external load balancers

Posted on 10-24-2024 09:02 PM
mountaincode2
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

I want to create an org policy to deny the creation of all external load balancers:

I am referring to the following documentation:

https://cloud.google.com/load-balancing/docs/org-policy-constraints

  • Deny all external load balancers

     
    {
"constraint": "constraints/compute.restrictLoadBalancerCreationForTypes",
"listPolicy": {
  "deniedValues": [
    "in:EXTERNAL"
  ]
}
}

 

The following is my workflow:

1. Created the following org policy in my project: `constraints/compute.restrictLoadBalancerCreationForTypes` using the instructions in the following: https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-policies#boolea...

2. When i try to create a load balancer, i get the following, which is expected:

Constraint constraints/compute.restrictLoadBalancerCreationForTypes violated for projects/org-policy-12345. Forwarding Rule projects/xxxxxx/global/forwardingRules/frontend-5 of type GLOBAL_EXTERNAL_MANAGED_HTTP_HTTPS is not allowed.

But now i want to update this org policy to only deny creation of external load balancers:

3. In the "Organization Policies" page in the Google Cloud Console, i select the constraint `constraints/compute.restrictLoadBalancerCreationForTypes`  from the list and clicked `Manage Policy`.

4. I then went to Add a rule > Add condition > Condition Editor, and entered the following, but i get an error:

org-policy-error.jpg

What am i missing in my understanding please?

 

Solved Solved
0 3 565
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mountaincode2
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Hi @kensan 

Thank you for your response.

I wanted to customize my org policy `constraints/compute.restrictLoadBalancerCreationForTypes`  using the console.

I was doing the following, which was not working:

Under `Manage Policy`, I then went to Add a rule > Add condition > Condition Editor. I then added the condition that i added in my query.

In order to disallow the creation of only external load balancers, i had to do the following, and it worked:

Under Manage Policy, go to "Edit rule"

- In **Policy values** dropdown, select **Custom**.

- In **Policy type** dropdown, select **Deny**.

- In **Add value**, enter `in:External`.

- Click **Done**.

With this, i was able to create internal load balancers and not external load balancers.

 

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3
Top Labels in this Space