google_securityposture_posture_deployment

Represents a deployment of a security posture on a resource. A posture contains user curated policy sets. A posture can be deployed on a project or on a folder or on an organization. To deploy a posture we need to populate the posture's name and its revision_id in the posture deployment configuration. Every update to a deployed posture generates a new revision_id. Thus, the updated revision_id should be used in the respective posture deployment's configuration to deploy that posture on a resource.

To get more information about PostureDeployment, see:

Example Usage - Securityposture Posture Deployment Basic

resource "google_securityposture_posture" "posture_1" {
    posture_id  = "posture_1"
    parent      = "organizations/123456789"
    location    = "global"
    state       = "ACTIVE"
    description = "a new posture"
    policy_sets {
        policy_set_id = "org_policy_set"
        description   = "set of org policies"
        policies {
            policy_id = "policy_1"
            constraint {
                org_policy_constraint {
                    canned_constraint_id = "storage.uniformBucketLevelAccess"
                    policy_rules {
                        enforce = true
                    }
                }
            }
        }
    }
}

resource "google_securityposture_posture_deployment" "postureDeployment" {
    posture_deployment_id = "posture_deployment_1"
    parent                = "organizations/123456789"
    location              = "global"
    description           = "a new posture deployment"
    target_resource       = "projects/1111111111111"
    posture_id            = google_securityposture_posture.posture_1.name
    posture_revision_id   = google_securityposture_posture.posture_1.revision_id
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

PostureDeployment can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import PostureDeployment using one of the formats above. For example:

import {
  id = "{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}"
  to = google_securityposture_posture_deployment.default
}

When using the terraform import command, PostureDeployment can be imported using one of the formats above. For example:

$ terraform import google_securityposture_posture_deployment.default {{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}