Control: GCP > Project > Organization Policy > Restrict VPC peering usage

Manage the GCP Organization Policy "Restrict VPC peering usage" for the project.

This list constraint defines the set of VPC networks that are allowed to be peered with the VPC networks belonging to this project, folder, or organization. By default, a Network Admin for one network can peer with any other network.

The allowed/denied list of networks must be identified in the form: under:organizations/ORGANIZATION_ID, under:folders/FOLDER_ID, under:projects/PROJECT_ID, or projects/PROJECT_ID/global/networks/NETWORK_NAME. This constraint is retroactive.

Resource Types

This control targets the following resource types:

GCP > Project

Primary Policies

The following policies can be used to configure this control:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-orgpolicy#/control/types/computeRestrictVpcPeering

Category URI

tmod:@turbot/turbot#/control/categories/policy

GraphQL

query controlType(id: "tmod:@turbot/gcp-orgpolicy#/control/types/computeRestrictVpcPeering") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-orgpolicy#/control/types/computeRestrictVpcPeering'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-orgpolicy#/control/types/computeRestrictVpcPeering"