diff --git a/modules/project/README.md b/modules/project/README.md
index 67832d767..e3691fa98 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -176,6 +176,8 @@ module "project-host" {
| *prefix* | Prefix used to generate project id and name. | string | | null |
| *project_create* | Create project. When set to false, uses a data source to reference existing project. | bool | | true |
| *service_config* | Configure service API activation. | object({...}) | | ... |
+| *service_perimeter_bridges* | Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | list(string) | | null |
+| *service_perimeter_standard* | Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | string | | null |
| *services* | Service APIs to enable. | list(string) | | [] |
| *shared_vpc_host_config* | Configures this project as a Shared VPC host project (mutually exclusive with shared_vpc_service_project). | object({...}) | | ... |
| *shared_vpc_service_config* | Configures this project as a Shared VPC service project (mutually exclusive with shared_vpc_host_config). | object({...}) | | ... |
diff --git a/modules/project/main.tf b/modules/project/main.tf
index f0c7c4469..3a880a4d2 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -316,3 +316,21 @@ resource "google_essential_contacts_contact" "contact" {
language_tag = "en"
notification_category_subscriptions = each.value
}
+
+resource "google_access_context_manager_service_perimeter_resource" "service-perimeter-resource-standard" {
+ count = var.service_perimeter_standard != null ? 1 : 0
+
+ # If used, remember to uncomment 'lifecycle' block in the
+ # modules/vpc-sc/google_access_context_manager_service_perimeter resource.
+ perimeter_name = var.service_perimeter_standard
+ resource = "projects/${local.project.number}"
+}
+
+resource "google_access_context_manager_service_perimeter_resource" "service-perimeter-resource-bridges" {
+ for_each = toset(var.service_perimeter_bridges != null ? var.service_perimeter_bridges : [])
+
+ # If used, remember to uncomment 'lifecycle' block in the
+ # modules/vpc-sc/google_access_context_manager_service_perimeter resource.
+ perimeter_name = each.value
+ resource = "projects/${local.project.number}"
+}
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index 646fa4a21..58adb9f33 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -192,3 +192,16 @@ variable "contacts" {
type = map(list(string))
default = {}
}
+
+variable "service_perimeter_standard" {
+ description = "Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'."
+ type = string
+ default = null
+}
+
+
+variable "service_perimeter_bridges" {
+ description = "Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'."
+ type = list(string)
+ default = null
+}