Reference documentation and code samples for the Access Context Manager V1 API class Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo.
Defines the conditions under which an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the resources specified. Note that if the
destination of the request is also protected by a [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter], then that
[ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] must have
an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
which allows access in order for this request to succeed. The request must
match operations AND resources fields in order to be allowed egress out
of the perimeter.
Inherits
Object
Extended By
Google::Protobuf::MessageExts::ClassMethods
Includes
Google::Protobuf::MessageExts
Methods
#external_resources
defexternal_resources()->::Array<::String>
Returns
(::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS
and Azure resources are supported. For Amazon S3, the supported format is
s3://BUCKET_NAME. For Azure Storage, the supported format is
azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches
if it contains an external resource in this list (Example:
s3://bucket/path). Currently '*' is not allowed.
#external_resources=
defexternal_resources=(value)->::Array<::String>
Parameter
value (::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS
and Azure resources are supported. For Amazon S3, the supported format is
s3://BUCKET_NAME. For Azure Storage, the supported format is
azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches
if it contains an external resource in this list (Example:
s3://bucket/path). Currently '*' is not allowed.
Returns
(::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS
and Azure resources are supported. For Amazon S3, the supported format is
s3://BUCKET_NAME. For Azure Storage, the supported format is
azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches
if it contains an external resource in this list (Example:
s3://bucket/path). Currently '*' is not allowed.
(::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
allowed to be performed by the sources specified in the corresponding
[EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it uses an operation/service in this list.
value (::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
allowed to be performed by the sources specified in the corresponding
[EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it uses an operation/service in this list.
Returns
(::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
allowed to be performed by the sources specified in the corresponding
[EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it uses an operation/service in this list.
#resources
defresources()->::Array<::String>
Returns
(::Array<::String>) — A list of resources, currently only projects in the form
projects/<projectnumber>, that are allowed to be accessed by sources
defined in the corresponding [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it contains a resource in this list. If * is
specified for resources, then this [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
rule will authorize access to all resources outside the perimeter.
#resources=
defresources=(value)->::Array<::String>
Parameter
value (::Array<::String>) — A list of resources, currently only projects in the form
projects/<projectnumber>, that are allowed to be accessed by sources
defined in the corresponding [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it contains a resource in this list. If * is
specified for resources, then this [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
rule will authorize access to all resources outside the perimeter.
Returns
(::Array<::String>) — A list of resources, currently only projects in the form
projects/<projectnumber>, that are allowed to be accessed by sources
defined in the corresponding [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it contains a resource in this list. If * is
specified for resources, then this [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
rule will authorize access to all resources outside the perimeter.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[],[],null,["# Access Context Manager V1 API - Class Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo (v0.11.0)\n\nVersion latestkeyboard_arrow_down\n\n- [0.11.0 (latest)](/ruby/docs/reference/google-identity-access_context_manager-v1/latest/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.10.1](/ruby/docs/reference/google-identity-access_context_manager-v1/0.10.1/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.9.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.9.0/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.8.2](/ruby/docs/reference/google-identity-access_context_manager-v1/0.8.2/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.7.2](/ruby/docs/reference/google-identity-access_context_manager-v1/0.7.2/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.6.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.6.0/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.5.2](/ruby/docs/reference/google-identity-access_context_manager-v1/0.5.2/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.4.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.4.0/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.3.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.3.0/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.2.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.2.0/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo)\n- [0.1.2](/ruby/docs/reference/google-identity-access_context_manager-v1/0.1.2/Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-EgressTo) \nReference documentation and code samples for the Access Context Manager V1 API class Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo.\n\nDefines the conditions under which an \\[EgressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nmatches a request. Conditions are based on information about the\n\\[ApiOperation\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\\]\nintended to be performed on the `resources` specified. Note that if the\ndestination of the request is also protected by a \\[ServicePerimeter\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeter\\], then that\n\\[ServicePerimeter\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeter\\] must have\nan \\[IngressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\]\nwhich allows access in order for this request to succeed. The request must\nmatch `operations` AND `resources` fields in order to be allowed egress out\nof the perimeter. \n\nInherits\n--------\n\n- Object \n\nExtended By\n-----------\n\n- Google::Protobuf::MessageExts::ClassMethods \n\nIncludes\n--------\n\n- Google::Protobuf::MessageExts\n\nMethods\n-------\n\n### #external_resources\n\n def external_resources() -\u003e ::Array\u003c::String\u003e\n\n**Returns**\n\n- (::Array\\\u003c::String\\\u003e) --- A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '\\*' is not allowed.\n\n### #external_resources=\n\n def external_resources=(value) -\u003e ::Array\u003c::String\u003e\n\n**Parameter**\n\n- **value** (::Array\\\u003c::String\\\u003e) --- A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '\\*' is not allowed. \n**Returns**\n\n- (::Array\\\u003c::String\\\u003e) --- A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '\\*' is not allowed.\n\n### #operations\n\n def operations() -\u003e ::Array\u003c::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation\u003e\n\n**Returns**\n\n- (::Array\\\u003c[::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation](./Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-ApiOperation)\\\u003e) --- A list of \\[ApiOperations\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\\] allowed to be performed by the sources specified in the corresponding \\[EgressFrom\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\]. A request matches if it uses an operation/service in this list.\n\n### #operations=\n\n def operations=(value) -\u003e ::Array\u003c::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation\u003e\n\n**Parameter**\n\n- **value** (::Array\\\u003c[::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation](./Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-ApiOperation)\\\u003e) --- A list of \\[ApiOperations\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\\] allowed to be performed by the sources specified in the corresponding \\[EgressFrom\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\]. A request matches if it uses an operation/service in this list. \n**Returns**\n\n- (::Array\\\u003c[::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation](./Google-Identity-AccessContextManager-V1-ServicePerimeterConfig-ApiOperation)\\\u003e) --- A list of \\[ApiOperations\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\\] allowed to be performed by the sources specified in the corresponding \\[EgressFrom\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\]. A request matches if it uses an operation/service in this list.\n\n### #resources\n\n def resources() -\u003e ::Array\u003c::String\u003e\n\n**Returns**\n\n- (::Array\\\u003c::String\\\u003e) --- A list of resources, currently only projects in the form `projects/\u003cprojectnumber\u003e`, that are allowed to be accessed by sources defined in the corresponding \\[EgressFrom\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\]. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this \\[EgressTo\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo\\] rule will authorize access to all resources outside the perimeter.\n\n### #resources=\n\n def resources=(value) -\u003e ::Array\u003c::String\u003e\n\n**Parameter**\n\n- **value** (::Array\\\u003c::String\\\u003e) --- A list of resources, currently only projects in the form `projects/\u003cprojectnumber\u003e`, that are allowed to be accessed by sources defined in the corresponding \\[EgressFrom\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\]. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this \\[EgressTo\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo\\] rule will authorize access to all resources outside the perimeter. \n**Returns**\n\n- (::Array\\\u003c::String\\\u003e) --- A list of resources, currently only projects in the form `projects/\u003cprojectnumber\u003e`, that are allowed to be accessed by sources defined in the corresponding \\[EgressFrom\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\\]. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this \\[EgressTo\\] \\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo\\] rule will authorize access to all resources outside the perimeter."]]
