An intercept deployment is a zonal resource that references the forwarding rule of an internal passthrough Network Load Balancer whose backends are packet inspection VMs. The intercept deployment represents the producer's inspection service offering for a zone.
For a complete overview of the service producer resources, see Service producer .
Specifications
Intercept deployments have the following specifications:
-
An intercept deployment is a zonal, per-project resource.
-
The name of an intercept deployment has the following format:
projects/ PROJECT_ID /locations/ ZONE /interceptDeployments/ DEPLOYMENT_IDFor example, the name for an intercept deployment with the ID
example-intercept-deploymentin projectexample-projectof zoneus-east1-aisprojects/example-project/locations/us-east1-a/interceptDeployments/example-intercept-deployment. -
You can associate each intercept deployment with exactly one intercept deployment group. The intercept deployment group can reference no more than a single intercept deployment for each zone.
Identity and Access Management roles
The following table describes the Identity and Access Management (IAM) roles required for managing the intercept deployments:
networksecurity.interceptDeploymentAdmin
)
on the project where the intercept deployment is created.networksecurity.interceptDeploymentAdmin
)
on the project where the intercept deployment is created.- Intercept Deployment Admin role (
networksecurity.interceptDeploymentAdmin) - Intercept Deployment Viewer role (
networksecurity.interceptDeploymentViewer)
- Intercept Deployment Admin role (
networksecurity.interceptDeploymentAdmin) - Intercept Deployment Viewer role (
networksecurity.interceptDeploymentViewer)
networksecurity.interceptDeploymentAdmin
)
on the project.Quotas
To view quotas associated with intercept deployments, see Quotas and limits .
