Closed natarajmb closed 2 years ago
If a boolean policy is set to enforce=false, and if a resource is created under the folder that violates the constraints does it get notified anywhere in SCS or audit log?
No. The point of enforce = false
is to disable the policy—so resources are not in violation.
TL;DR
Setting
org_cloudsql_external_ip_access
on a folder with enforce to false fails with bad request. Is this not supported on the folder.Expected behavior
Applies the policy at the folder and while creating an individual resource can enforce it.
Observed behavior
Get an error while applying org-policy from CFT
Terraform Configuration
Terraform Version
Additional information
https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy
Quote from above link
If a boolean policy is set to enforce=false, and if a resource is created under the folder that violates the constraints does it get notified anywhere in SCS or audit log?