Creating an account policy

Creating an account policy in the UI

To create a Private Path service policy in the IBM Cloud console, follow these steps:

1. From your browser, open the IBM Cloud console and log in to your account.

2. Select the Navigation Menu , then click Infrastructure > Network > Private Path services.

3. Click the name of the Private Path service where you want to add an account policy.

4. On the Private Path service's Details page, click the Account policies tab.

5. In the Account policies table, click Create policy +.

6. In the Create policy window that appears, enter the following information:

   • Account ID - Enter the account ID for which you are creating an account policy.
   • Policy name - Optionally, enter a unique identifier to name your policy.
   • Request policy - Select whether to automatically Review, Permit, or Deny all incoming connection requests from the specified account ID.

7. Click Create. Your new account policy appears as a row in the Account policies table.

Creating an account policy from the CLI

The following example shows how create an account policy from the CLI.

Before you begin, make sure to set up your CLI environment.

You must first export the feature flag to use the CLI for Private Path beta release offerings.

To export the feature flag, enter the following commands:

export IBMCLOUD_IS_FEATURE_PRIVATE_PATH_SERVICE_GATEWAY=true
export IBMCLOUD_IS_FEATURE_PP_NLB_SUPPORT=true

To create an account policy from the CLI, follow these steps:

1. Enter the following command:

ibmcloud is private-path-service-gateway-account-policy-create PRIVATE_PATH_SERVICE_GATEWAY --account-id ACCOUNT_ID
    [--access-policy deny | permit | review]
    [--output JSON] [-q, --quiet]

Where:

PRIVATE_PATH_SERVICE_GATEWAY

Inicates ID or name of the Private Path service.

--account-id

Indicates ID of the account for this access policy.

--access-policy

Indicates the access policy for the account. One of: deny, permit, review.

--output

Specifies output format, only JSON is supported. One of: JSON.

-q, --quiet

Suppresses verbose output.

Creating an account policy with the API

To create an account policy with the API, follow these steps:

1. Set up your API environment.

2. Store the following values in variables to be used in the API command:

   • ppsgId - Get your Private Path service and then populate the variable:

     export ppsgId=<your_ppsg_id>
     

   • accountId - Get consumer account ID and then populate the variable:

     export accountId=<consumer_account_id>
     

The following example shows how to create an account policy with the API.

  ```sh {: codeblock}
  curl -X POST -sH "Authorization:${iam_token}" \
  "$vpc_api_endpoint/v1/private_path_service_gateways/$ppsgId/account_policies?version=$api_version&generation=2" \
  -d {
    "access_policy": "review",
    "account": {
      "id": "$accountId"
    }
  }'
  ```

Creating an account policy with Terraform

Terraform will support this feature after it reaches General Availability (GA) and is officially released.

The following example updates or deletes an account policy's access to a Private Path network by using Terraform:

resource "ibm_is_private_path_service_gateway_account_policy" "ppsgAccountPolicy" {
    private_path_service_gateway = ibm_is_private_path_service_gateway.ppsg.id
    access_policy = "permit"    ## modified to deny
    account = "7f75c7b025e54bc5635f754b2f888665"
}