Control: GCP > Project > Organization Policy > Google Cloud Platform - Resource Location Restriction

Manage the GCP Organization Policy "Google Cloud Platform - Resource Location Restriction" for the project.

This list constraint defines the set of locations where location-based GCP resources can be created. Policies for this constraint can specify multi-regions such as asia and europe, regions such as us-east1 or europe-west1 as allowed or denied locations. Every location to be allowed or denied must be listed explicitly. Allowing or denying a multi-region does not imply that all included sub-locations should also be allowed or denied.

For example, if the policy denies the us region, resources can still be created in the regional location us-east1. You can specify value groups, collections of locations that are curated by Google to provide a simple way to define your resource locations. To use value groups in your organization policy, prefix your entries with the string in:, followed by the value group. If the suggested_value field is used in a location policy, it should be a region. If the value specified is a region, a UI for a zonal resource may pre-populate any zone in that region. By default, resources can be created in any location.

Resource Types

This control targets the following resource types:

GCP > Project

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-orgpolicy#/control/types/gcpResourceLocations

Category URI

tmod:@turbot/turbot#/control/categories/policy

GraphQL

query controlType(id: "tmod:@turbot/gcp-orgpolicy#/control/types/gcpResourceLocations") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-orgpolicy#/control/types/gcpResourceLocations'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-orgpolicy#/control/types/gcpResourceLocations"

Control: GCP > Project > Organization Policy > Google Cloud Platform - Resource Location Restriction