public sealed class ServicePerimeterConfig.Types.EgressPolicy : IMessage<ServicePerimeterConfig.Types.EgressPolicy>, IEquatable<ServicePerimeterConfig.Types.EgressPolicy>, IDeepCloneable<ServicePerimeterConfig.Types.EgressPolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.EgressPolicy.
Policy for egress from perimeter.
[EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
match requests based on egress_from and egress_to stanzas. For an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
to match, both egress_from and egress_to stanzas must be matched. If an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request, the request is allowed to span the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
For example, an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
can be used to allow VMs on networks within the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
defined set of projects outside the perimeter in certain contexts (e.g. to
read data from a Cloud Storage bucket or query against a BigQuery dataset).
[EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
are concerned with the resources that a request relates as well as the
API services and API actions being used. They do not related to the
direction of data movement. More detailed documentation for this concept
can be found in the descriptions of [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
and [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
public ServicePerimeterConfig.Types.EgressFrom EgressFrom { get; set; }
Defines conditions on the source of a request causing this [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
to apply.
public ServicePerimeterConfig.Types.EgressTo EgressTo { get; set; }
Defines the conditions on the [ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
and destination resources that cause this [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
to apply.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis webpage provides reference documentation for the \u003ccode\u003eServicePerimeterConfig.Types.EgressPolicy\u003c/code\u003e class within the Google Identity Access Context Manager v1 API.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eEgressPolicy\u003c/code\u003e class defines rules for allowing requests to cross the \u003ccode\u003eServicePerimeter\u003c/code\u003e boundary based on the origin and destination of the request, as determined by the \u003ccode\u003eegress_from\u003c/code\u003e and \u003ccode\u003eegress_to\u003c/code\u003e attributes.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of this class is 2.5.0, with multiple prior versions available, ranging from 1.2.0 up to the current version.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eEgressPolicy\u003c/code\u003e is concerned with the resources, API services, and actions that a request relates to, rather than the direction of data movement.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eEgressPolicy\u003c/code\u003e class inherits from the \u003ccode\u003eobject\u003c/code\u003e class and implements several interfaces, including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Identity Access Context Manager v1 API - Class ServicePerimeterConfig.Types.EgressPolicy (2.5.0)\n\nVersion latestkeyboard_arrow_down\n\n- [2.5.0 (latest)](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [2.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.4.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [2.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.3.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [2.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.2.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [2.1.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.1.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [2.0.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.0.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [1.5.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.5.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [1.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.4.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [1.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.3.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy)\n- [1.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.2.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy) \n\n public sealed class ServicePerimeterConfig.Types.EgressPolicy : IMessage\u003cServicePerimeterConfig.Types.EgressPolicy\u003e, IEquatable\u003cServicePerimeterConfig.Types.EgressPolicy\u003e, IDeepCloneable\u003cServicePerimeterConfig.Types.EgressPolicy\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.EgressPolicy.\n\nPolicy for egress from perimeter.\n\n\\[EgressPolicies\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nmatch requests based on `egress_from` and `egress_to` stanzas. For an\n\\[EgressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nto match, both `egress_from` and `egress_to` stanzas must be matched. If an\n\\[EgressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nmatches a request, the request is allowed to span the \\[ServicePerimeter\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeter\\] boundary.\nFor example, an \\[EgressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\ncan be used to allow VMs on networks within the \\[ServicePerimeter\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeter\\] to access a\ndefined set of projects outside the perimeter in certain contexts (e.g. to\nread data from a Cloud Storage bucket or query against a BigQuery dataset).\n\n\\[EgressPolicies\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nare concerned with the *resources* that a request relates as well as the\nAPI services and API actions being used. They do not related to the\ndirection of data movement. More detailed documentation for this concept\ncan be found in the descriptions of \\[EgressFrom\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\]\nand \\[EgressTo\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo\\]. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e ServicePerimeterConfig.Types.EgressPolicy \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[EgressPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[EgressPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[EgressPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressPolicy), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Identity.AccessContextManager.V1](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1)\n\nAssembly\n--------\n\nGoogle.Identity.AccessContextManager.V1.dll\n\nConstructors\n------------\n\n### EgressPolicy()\n\n public EgressPolicy()\n\n### EgressPolicy(EgressPolicy)\n\n public EgressPolicy(ServicePerimeterConfig.Types.EgressPolicy other)\n\nProperties\n----------\n\n### EgressFrom\n\n public ServicePerimeterConfig.Types.EgressFrom EgressFrom { get; set; }\n\nDefines conditions on the source of a request causing this \\[EgressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nto apply.\n\n### EgressTo\n\n public ServicePerimeterConfig.Types.EgressTo EgressTo { get; set; }\n\nDefines the conditions on the \\[ApiOperation\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\\]\nand destination resources that cause this \\[EgressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nto apply."]]
