I have created a Cloud Armor security policy with Terraform, and I have a Load Balancer that has been created via Kubernetes Ingress. I want to attach the Cloud Armor policy to the Load balancer via Terraform.
According to the Terraform documentation, a Cloud Armor policy must be attached via google_compute_backend_service.
My load balancer is created using kubernetes_ingress, which doesn't allow for a cloud armor policy to be added.
Within the GCP console, I can manually add the Load Balancer target to the Cloud Armor policy. Does anyone know of a workaround to achieve this behavior in Terraform?
For reference, the resources I have created are: google_compute_security_policy & kubernetes_ingress
The issue you will have if you try to attach a Cloud Armor policy created via Terraform to a Backend Generate via Ingress is that the backend it self is managed by the Ingress controller, and it's name is somehow unpredictable(you cannot know what the backend name is going to look like until you deploy the Ingress). So doing this via Terraform will be an issue and i would not recommend that.
Instead you can use a BackendConfig object to attach the policy to the backend.
The recommanded way is to do things in this order
After this you can keep changing and adapting your Cloud Armor Policies using Terraform without having to touch the Ingress again. We have a fully documented tutorial here