Tensho · October 25, 2024 15:02 · Oct 25, 2024 · Oct 25, 2024 · Oct 25, 2024
diff --git a/security_policy.tf b/security_policy.tf
@@ -29,10 +29,10 @@ resource "google_compute_security_policy" "default" {
     match {
       versioned_expr = "SRC_IPS_V1"
       config {
-        src_ip_ranges = ["2.2.2.2/32"]
+        src_ip_ranges = ["22.22.22.22/32"]
       }
     }
-    description = "Deny access to IPs in 2.2.2.2/32"
+    description = "Deny access to IPs in 22.22.22.22/32"
   }
 
   rule {

diff --git a/security_policy.tf b/security_policy.tf
@@ -23,6 +23,18 @@ resource "google_compute_security_policy" "default" {
     description = "Deny access to IPs in 1.1.1.1/32"
   }
 
+  rule {
+    action   = "deny(403)"
+    priority = "2000"
+    match {
+      versioned_expr = "SRC_IPS_V1"
+      config {
+        src_ip_ranges = ["2.2.2.2/32"]
+      }
+    }
+    description = "Deny access to IPs in 2.2.2.2/32"
+  }
+
   rule {
     action   = "allow"
     priority = "2147483647"

diff --git a/security_policy.tf b/security_policy.tf
@@ -0,0 +1,37 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 6.8"
+    }
+  }
+}
+
+resource "google_compute_security_policy" "default" {
+  name        = "test"
+  description = "https://github.com/GoogleCloudPlatform/terraform-google-cloud-armor/issues/136"
+
+  rule {
+    action   = "deny(403)"
+    priority = "1000"
+    match {
+      versioned_expr = "SRC_IPS_V1"
+      config {
+        src_ip_ranges = ["1.1.1.1/32"]
+      }
+    }
+    description = "Deny access to IPs in 1.1.1.1/32"
+  }
+
+  rule {
+    action   = "allow"
+    priority = "2147483647"
+    match {
+      versioned_expr = "SRC_IPS_V1"
+      config {
+        src_ip_ranges = ["*"]
+      }
+    }
+    description = "Default rule"
+  }
+}