How do you declare a gcp rate_limit_options block in terraform

1.2k views Asked by At

I'm trying to create a gcp cloud armor rate limiting "throttle" resource but i keep getting the error below.

Error: Unsupported block type
│ 
│   on main.tf line 20, in resource "google_compute_security_policy" "throttle":
│  172:     rate_limit_options {
│ 
│ Blocks of type "rate_limit_options" are not expected here.

Here is what my resource block looks like;

resource "google_compute_security_policy" "throttle" {
  name    = "${var.environment_name}-throttle"
  description = "rate limits request based on throttle"

  rule {
    action = "throttle"
    preview = true
    priority = "1000"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
    rate_limit_options {
      conform_action = "allow"
      exceed_action = "deny(429)"
      enforce_on_key = "ALL"
      rate_limit_threshold {
        count = "200"
        interval_sec = "300"
      }
    } 
  }
}

here is what my provide block look like

provider "google-beta" {
  project = var.project[var.environment_name]
  region  = "us-central1"
}

How do i declare the rate_limit_option block?

2

There are 2 answers

1
John Hanley On

The block rate_limit_options is supported by the google-beta provider.

Use this:

provider "google-beta" {
  project     = "my-project-id"
  ...
}

Using the google-beta provider

1
Harshit Sinha On

This worked for me:

resource "google_compute_security_policy" "throttle" {
  name    = ${var.environment_name}-throttle"
  description = "rate limits"
  provider = google-beta

  rule {
    action = "throttle"
    preview = true
    priority = "1000"
    rate_limit_options {
      conform_action = "allow"
      exceed_action = "deny(429)"
      enforce_on_key = "ALL"
      rate_limit_threshold {
        count = "200"
        interval_sec = "300"
      }
    }
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
 
  }
}