public sealed class ServicePerimeterConfig.Types.EgressTo : IMessage<ServicePerimeterConfig.Types.EgressTo>, IEquatable<ServicePerimeterConfig.Types.EgressTo>, IDeepCloneable<ServicePerimeterConfig.Types.EgressTo>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.EgressTo.
Defines the conditions under which an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the resources specified. Note that if the
destination of the request is also protected by a [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter], then that
[ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] must have
an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
which allows access in order for this request to succeed. The request must
match operations AND resources fields in order to be allowed egress out
of the perimeter.
public RepeatedField<string> ExternalResources { get; }
A list of external resources that are allowed to be accessed. Only AWS
and Azure resources are supported. For Amazon S3, the supported format is
s3://BUCKET_NAME. For Azure Storage, the supported format is
azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches
if it contains an external resource in this list (Example:
s3://bucket/path). Currently '*' is not allowed.
public RepeatedField<ServicePerimeterConfig.Types.ApiOperation> Operations { get; }
A list of [ApiOperations]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
allowed to be performed by the sources specified in the corresponding
[EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it uses an operation/service in this list.
A list of resources, currently only projects in the form
projects/<projectnumber>, that are allowed to be accessed by sources
defined in the corresponding [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it contains a resource in this list. If * is
specified for resources, then this [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
rule will authorize access to all resources outside the perimeter.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[[["\u003cp\u003eThis document provides reference documentation for the \u003ccode\u003eServicePerimeterConfig.Types.EgressTo\u003c/code\u003e class within the Google Identity Access Context Manager v1 API, outlining its purpose and functionality.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eEgressTo\u003c/code\u003e class defines conditions for matching requests based on the intended \u003ccode\u003eApiOperation\u003c/code\u003e and specified \u003ccode\u003eresources\u003c/code\u003e, ensuring that only allowed operations and resources outside the service perimeter are accessed.\u003c/p\u003e\n"],["\u003cp\u003eThe class includes properties like \u003ccode\u003eExternalResources\u003c/code\u003e, \u003ccode\u003eOperations\u003c/code\u003e, and \u003ccode\u003eResources\u003c/code\u003e to specify allowed external resources (AWS/Azure), API operations, and project resources, respectively.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of the documented api is 2.5.0, however, there are older versions that exist between 1.2.0 and 2.4.0 available.\u003c/p\u003e\n"]]],[],null,["# Identity Access Context Manager v1 API - Class ServicePerimeterConfig.Types.EgressTo (2.5.0)\n\nVersion latestkeyboard_arrow_down\n\n- [2.5.0 (latest)](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [2.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.4.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [2.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.3.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [2.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.2.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [2.1.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.1.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [2.0.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.0.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [1.5.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.5.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [1.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.4.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [1.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.3.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo)\n- [1.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.2.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo) \n\n public sealed class ServicePerimeterConfig.Types.EgressTo : IMessage\u003cServicePerimeterConfig.Types.EgressTo\u003e, IEquatable\u003cServicePerimeterConfig.Types.EgressTo\u003e, IDeepCloneable\u003cServicePerimeterConfig.Types.EgressTo\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.EgressTo.\n\nDefines the conditions under which an \\[EgressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nmatches a request. Conditions are based on information about the\n\\[ApiOperation\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\\]\nintended to be performed on the `resources` specified. Note that if the\ndestination of the request is also protected by a \\[ServicePerimeter\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeter\\], then that\n\\[ServicePerimeter\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeter\\] must have\nan \\[IngressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\]\nwhich allows access in order for this request to succeed. The request must\nmatch `operations` AND `resources` fields in order to be allowed egress out\nof the perimeter. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e ServicePerimeterConfig.Types.EgressTo \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[EgressTo](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[EgressTo](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[EgressTo](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.EgressTo), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Identity.AccessContextManager.V1](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1)\n\nAssembly\n--------\n\nGoogle.Identity.AccessContextManager.V1.dll\n\nConstructors\n------------\n\n### EgressTo()\n\n public EgressTo()\n\n### EgressTo(EgressTo)\n\n public EgressTo(ServicePerimeterConfig.Types.EgressTo other)\n\nProperties\n----------\n\n### ExternalResources\n\n public RepeatedField\u003cstring\u003e ExternalResources { get; }\n\nA list of external resources that are allowed to be accessed. Only AWS\nand Azure resources are supported. For Amazon S3, the supported format is\ns3://BUCKET_NAME. For Azure Storage, the supported format is\nazure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches\nif it contains an external resource in this list (Example:\ns3://bucket/path). Currently '\\*' is not allowed.\n\n### Operations\n\n public RepeatedField\u003cServicePerimeterConfig.Types.ApiOperation\u003e Operations { get; }\n\nA list of \\[ApiOperations\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\\]\nallowed to be performed by the sources specified in the corresponding\n\\[EgressFrom\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\].\nA request matches if it uses an operation/service in this list.\n\n### Resources\n\n public RepeatedField\u003cstring\u003e Resources { get; }\n\nA list of resources, currently only projects in the form\n`projects/\u003cprojectnumber\u003e`, that are allowed to be accessed by sources\ndefined in the corresponding \\[EgressFrom\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\].\nA request matches if it contains a resource in this list. If `*` is\nspecified for `resources`, then this \\[EgressTo\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo\\]\nrule will authorize access to all resources outside the perimeter."]]
