Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. You can create a custom module at the organization, folder, or project level. Custom modules that you create at the organization or folder level are inherited by the child folders and projects.
To get more information about FolderCustomModule, see:
resource "google_folder" "folder" {
parent = "organizations/123456789"
display_name = "folder-name"
}
resource "google_scc_folder_custom_module" "example" {
folder = google_folder.folder.folder_id
display_name = "basic_custom_module"
enablement_state = "ENABLED"
custom_config {
predicate {
expression = "resource.rotationPeriod > duration(\"2592000s\")"
}
resource_selector {
resource_types = [
"cloudkms.googleapis.com/CryptoKey",
]
}
description = "The rotation period of the identified cryptokey resource exceeds 30 days."
recommendation = "Set the rotation period to at most 30 days."
severity = "MEDIUM"
}
}
resource "google_folder" "folder" {
parent = "organizations/123456789"
display_name = "folder-name"
}
resource "google_scc_folder_custom_module" "example" {
folder = google_folder.folder.folder_id
display_name = "full_custom_module"
enablement_state = "ENABLED"
custom_config {
predicate {
expression = "resource.rotationPeriod > duration(\"2592000s\")"
title = "Purpose of the expression"
description = "description of the expression"
location = "location of the expression"
}
custom_output {
properties {
name = "duration"
value_expression {
expression = "resource.rotationPeriod"
title = "Purpose of the expression"
description = "description of the expression"
location = "location of the expression"
}
}
}
resource_selector {
resource_types = [
"cloudkms.googleapis.com/CryptoKey",
]
}
severity = "LOW"
description = "Description of the custom module"
recommendation = "Steps to resolve violation"
}
}
The following arguments are supported:
display_name
-
(Required)
The display name of the Security Health Analytics custom module. This
display name becomes the finding category for all findings that are
returned by this custom module. The display name must be between 1 and
128 characters, start with a lowercase letter, and contain alphanumeric
characters or underscores only.
enablement_state
-
(Required)
The enablement state of the custom module.
Possible values are: ENABLED
, DISABLED
.
custom_config
-
(Required)
The user specified custom configuration for the module.
Structure is documented below.
folder
-
(Required)
Numerical ID of the parent folder.
The custom_config
block supports:
predicate
-
(Required)
The CEL expression to evaluate to produce findings. When the expression evaluates
to true against a resource, a finding is generated.
Structure is documented below.
custom_output
-
(Optional)
Custom output properties.
Structure is documented below.
resource_selector
-
(Required)
The resource types that the custom module operates on. Each custom module
can specify up to 5 resource types.
Structure is documented below.
severity
-
(Required)
The severity to assign to findings generated by the module.
Possible values are: CRITICAL
, HIGH
, MEDIUM
, LOW
.
description
-
(Optional)
Text that describes the vulnerability or misconfiguration that the custom
module detects. This explanation is returned with each finding instance to
help investigators understand the detected issue. The text must be enclosed in quotation marks.
recommendation
-
(Required)
An explanation of the recommended steps that security teams can take to resolve
the detected issue. This explanation is returned with each finding generated by
this module in the nextSteps property of the finding JSON.
expression
-
(Required)
Textual representation of an expression in Common Expression Language syntax.
title
-
(Optional)
Title for the expression, i.e. a short string describing its purpose. This can
be used e.g. in UIs which allow to enter the expression.
description
-
(Optional)
Description of the expression. This is a longer text which describes the
expression, e.g. when hovered over it in a UI.
location
-
(Optional)
String indicating the location of the expression for error reporting, e.g. a
file name and a position in the file.
The custom_output
block supports:
properties
-
(Optional)
A list of custom output properties to add to the finding.
Structure is documented below.The properties
block supports:
name
-
(Optional)
Name of the property for the custom output.
value_expression
-
(Optional)
The CEL expression for the custom output. A resource property can be specified
to return the value of the property or a text string enclosed in quotation marks.
Structure is documented below.
The value_expression
block supports:
expression
-
(Required)
Textual representation of an expression in Common Expression Language syntax.
title
-
(Optional)
Title for the expression, i.e. a short string describing its purpose. This can
be used e.g. in UIs which allow to enter the expression.
description
-
(Optional)
Description of the expression. This is a longer text which describes the
expression, e.g. when hovered over it in a UI.
location
-
(Optional)
String indicating the location of the expression for error reporting, e.g. a
file name and a position in the file.
The resource_selector
block supports:
resource_types
-
(Required)
The resource types to run the detector on.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}}
name
-
The resource name of the custom module. Its format is "folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}".
The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.
update_time
-
The time at which the custom module was last updated.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and
up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
last_editor
-
The editor that last updated the custom module.
ancestor_module
-
If empty, indicates that the custom module was created in the organization, folder,
or project in which you are viewing the custom module. Otherwise, ancestor_module
specifies the organization or folder from which the custom module is inherited.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.FolderCustomModule can be imported using any of these accepted formats:
folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}}
{{folder}}/{{name}}
In Terraform v1.5.0 and later, use an import
block to import FolderCustomModule using one of the formats above. For example:
import {
id = "folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}}"
to = google_scc_folder_custom_module.default
}
When using the terraform import
command, FolderCustomModule can be imported using one of the formats above. For example:
$ terraform import google_scc_folder_custom_module.default folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}}
$ terraform import google_scc_folder_custom_module.default {{folder}}/{{name}}