VPC-SC: Fix README (#462)

* fix VPC-SC README. * fix VPC-SC README. * Update README.md Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2022-01-28 08:44:07 +01:00
parent 74f9618f52
commit 8203ebdc64
1 changed files with 8 additions and 4 deletions
--- a/modules/vpc-sc/README.md
+++ b/modules/vpc-sc/README.md
@@ -41,7 +41,7 @@ As highlighted above, the `access_levels` type replicates the underlying resourc
 ```hcl
 module "test" {
  source        = "./modules/vpc-sc"
-  access_policy = "accessPolicies/12345678"
+  access_policy = "12345678"
  access_levels = {
    a1 = {
      combining_function = null
@@ -82,7 +82,7 @@ Resources for both perimeters have a `lifecycle` block that ignores changes to `
 ```hcl
 module "test" {
  source        = "./modules/vpc-sc"
-  access_policy = "accessPolicies/12345678"
+  access_policy = "12345678"
  service_perimeters_bridge = {
    b1 = {
      status_resources          = ["projects/111110", "projects/111111"]
@@ -104,7 +104,7 @@ module "test" {
 ```hcl
 module "test" {
  source        = "./modules/vpc-sc"
-  access_policy = "accessPolicies/12345678"
+  access_policy = "12345678"
  access_levels = {
    a1 = {
      combining_function = null
@@ -131,7 +131,7 @@ module "test" {
        egress_policies     = null
        ingress_policies    = null
        vpc_accessible_services = {
-          allowed_services   = ["compute.googleapis.com"]
+          allowed_services   = ["storage.googleapis.com"]
          enable_restriction = true
        }
      }
@@ -142,6 +142,10 @@ module "test" {
 # tftest:modules=1:resources=3
 ```

+## Notes
+
+- To remove an access level, first remove the binding between perimeter and the access level in `status` and/or `spec` without removing the access level itself. Once you have run `terraform apply`, you'll then be able to remove the access level and run `terraform apply` again. 
+
 ## TODO

 - [ ] implement support for the  `google_access_context_manager_gcp_user_access_binding` resource