We have a requirement to disable Google Enterprise APIs ex. Anthos as organization policy constraint for setting up policy boundary for the developers and other users. Is there a way automatically impose the organization policy when we are creating user and assigning project.
Hi,
If you're using Infrastructure as Code (IaC) for provisioning Google Cloud resources, you can include the organization policy resources in your Terraform scripts:
https://registry.terraform.io/modules/terraform-google-modules/org-policy/google/latest
resource "google_organization_policy" "disable_apis_policy" {
org_id = "your-org-id"
constraint = "constraints/serviceuser.services"
boolean_policy {
enforced = true
}
}
Implementing an organization policy constraint to disable Google Enterprise APIs ensures tighter security and better control over data access. This policy helps prevent unauthorized use of enterprise services, reduces potential vulnerabilities, and aligns with compliance requirements. It is crucial for maintaining a secure and regulated IT environment within the organization.
Yes, you can automatically impose organization policies, like disabling Google Enterprise APIs (such as Anthos), when creating users and assigning projects. This can be done using Google Cloud Organization Policy Service. You can set up constraints that enforce these policies across your entire organization. When a new user is created or a project is assigned, these policies will automatically apply, ensuring that the specified APIs are disabled and your policy boundaries are maintained for all developers and users.
LinkedIn
Twitter
