Principal Access Boundary Policy - Promote beta to GA

[priyankadeo-g]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

GCP's Identity and Access Management (IAM) offers a new security policy type called Principal Access Boundary policies. Principal access boundary (PAB) policies let you restrict the resources that principals can access. Users can use principal access boundary policies to prevent their principals from accessing resources in other organizations, which can help prevent phishing attacks or data exfiltration. For applying a Principal Access Boundary policy to a resource, after you create a principal access boundary policy, you create a policy binding to apply the policy to a set of principals. Please find detailed documentation here https://cloud.google.com/iam/docs/principal-access-boundary-policies#binding

New or Affected Resource(s)

• google_iam_principal_access_boundary_policy
• google_iam_organizations_policy_binding
• google_iam_folders_policy_binding
• google_iam_projects_policy_binding

Potential Terraform Configuration

resource "google_iam_principal_access_boundary_policy" "pab-policy" {
organization = xxx
location = xxx
display_name = xxx
principal_access_boundary_policy_id = xxx
}

resource "google_iam_organizations_policy_binding" "pab_org_binding" {
  location = xxx
  policy_binding_id = xxx
  policy = xxx
  policyKind = xxx
  target = xxx
}

resource "google_iam_folders_policy_binding" "pab_folder-binding" {
  folder         = xxxx
  location       = xxx
  display_name   = xxx
  policy_binding_id = xxx
  policy         =  xxx
}

resource "google_iam_projects_policy_binding" "pab-project-binding" {
  project        = xxx
  location       = xxx
  display_name   = xxx
  policy_binding_id = xxx
}

References

No response