How do you declare a gcp rate_limit_options block in terraform

Question

I'm trying to create a gcp cloud armor rate limiting "throttle" resource but i keep getting the error below.

Error: Unsupported block type
│ 
│   on main.tf line 20, in resource "google_compute_security_policy" "throttle":
│  172:     rate_limit_options {
│ 
│ Blocks of type "rate_limit_options" are not expected here.

Here is what my resource block looks like;

resource "google_compute_security_policy" "throttle" {
  name    = "${var.environment_name}-throttle"
  description = "rate limits request based on throttle"

  rule {
    action = "throttle"
    preview = true
    priority = "1000"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
    rate_limit_options {
      conform_action = "allow"
      exceed_action = "deny(429)"
      enforce_on_key = "ALL"
      rate_limit_threshold {
        count = "200"
        interval_sec = "300"
      }
    } 
  }
}

here is what my provide block look like

provider "google-beta" {
  project = var.project[var.environment_name]
  region  = "us-central1"
}

How do i declare the rate_limit_option block?

I do not see anything wrong. Which provider are you using ("google" or "google-beta")? Use the **google-beta** provider. **Edit** your question to provide that information — John Hanley, Apr 25 '22 at 00:44
@JohnHanley Thanks for the swift response! I've modified my provider to "google-beta" and i'm still getting the same error. — mountainpeak, Apr 26 '22 at 00:39
Please update your question to show the provider. Details matter to solve problems. Read this link: https://stackoverflow.com/help/minimal-reproducible-example — John Hanley, Apr 26 '22 at 00:44
For anyone looking at this issue, the `rate_limit_option` was added on [v4.10.0](https://github.com/hashicorp/terraform-provider-google-beta/blob/main/CHANGELOG.md#4100-february-7-2022) of google-beta provider — juanpablo_c, Jul 19 '22 at 14:49

score 1 · Answer 1 · answered Jun 13 '22 at 10:46

This worked for me:

resource "google_compute_security_policy" "throttle" {
  name    = ${var.environment_name}-throttle"
  description = "rate limits"
  provider = google-beta

  rule {
    action = "throttle"
    preview = true
    priority = "1000"
    rate_limit_options {
      conform_action = "allow"
      exceed_action = "deny(429)"
      enforce_on_key = "ALL"
      rate_limit_threshold {
        count = "200"
        interval_sec = "300"
      }
    }
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
 
  }
}

You are just showing HCL with no explanation. The only difference I see is you specified the provider. I provided that solution two months ago. Edit your question to clearly state what was the problem and why your solution works. — John Hanley, Jun 13 '22 at 17:15

score 0 · Answer 2 · answered Apr 25 '22 at 20:52

0

The block rate_limit_options is supported by the google-beta provider.

Use this:

provider "google-beta" {
  project     = "my-project-id"
  ...
}

Using the google-beta provider

answered Apr 25 '22 at 20:52

John Hanley

74,467
6
95
159

I have my provider set as "google-beta" but its still failing with the same error. – mountainpeak Apr 26 '22 at 14:18

How do you declare a gcp rate_limit_options block in terraform

2 Answers2