An intercept deployment is a zonal resource that references the forwarding rule of an internal passthrough Network Load Balancer whose backends are packet inspection VMs. The intercept deployment represents the producer's inspection service offering for a zone.
For a complete overview of the service producer resources, see Service producer.
Specifications
Intercept deployments have the following specifications:
An intercept deployment is a zonal, per-project resource.
The name of an intercept deployment has the following format:
projects/PROJECT_ID/locations/ZONE/interceptDeployments/DEPLOYMENT_IDFor example, the name for an intercept deployment with the ID
example-intercept-deploymentin projectexample-projectof zoneus-east1-aisprojects/example-project/locations/us-east1-a/interceptDeployments/example-intercept-deployment.You can associate each intercept deployment with exactly one intercept deployment group. The intercept deployment group can reference no more than a single intercept deployment for each zone.
Identity and Access Management roles
The following table describes the Identity and Access Management (IAM) roles required for managing the intercept deployments:
| Management task | Necessary role |
|---|---|
| Create an intercept deployment | Intercept Deployment Admin role (networksecurity.interceptDeploymentAdmin)
on the project where the intercept deployment is created. |
| Modify an existing intercept deployment | Intercept Deployment Admin role (networksecurity.interceptDeploymentAdmin)
on the project where the intercept deployment is created. |
| View details about the intercept deployment in a project | Any of the following roles for the project:
|
| View all the intercept deployments in your project | Any of the following roles for the project:
|
| Delete an intercept deployment | Intercept Deployment Admin role (networksecurity.interceptDeploymentAdmin)
on the project.
|
Quotas
To view quotas associated with intercept deployments, see Quotas and limits.