A security profile defines the behavior associated to a profile type.
To get more information about SecurityProfile, see:
resource "google_network_security_security_profile" "default" {
provider = google-beta
name = "my-security-profile"
parent = "organizations/123456789"
description = "my description"
type = "THREAT_PREVENTION"
labels = {
foo = "bar"
}
}
resource "google_network_security_security_profile" "default" {
provider = google-beta
name = "my-security-profile"
parent = "organizations/123456789"
description = "my description"
type = "THREAT_PREVENTION"
threat_prevention_profile {
severity_overrides {
action = "ALLOW"
severity = "INFORMATIONAL"
}
severity_overrides {
action = "DENY"
severity = "HIGH"
}
threat_overrides {
action = "ALLOW"
threat_id = "280647"
}
}
}
The following arguments are supported:
type
-
(Required)
The type of security profile.
Possible values are: THREAT_PREVENTION
.
name
-
(Required)
The name of the security profile resource.
description
-
(Optional)
An optional description of the security profile. The Max length is 512 characters.
labels
-
(Optional)
A map of key/value label pairs to assign to the resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
threat_prevention_profile
-
(Optional)
The threat prevention configuration for the security profile.
Structure is documented below.
location
-
(Optional)
The location of the security profile.
The default value is global
.
parent
-
(Optional)
The name of the parent this security profile belongs to.
Format: organizations/{organization_id}.
The threat_prevention_profile
block supports:
severity_overrides
-
(Optional)
The configuration for overriding threats actions by severity match.
Structure is documented below.
threat_overrides
-
(Optional)
The configuration for overriding threats actions by threat id match.
If a threat is matched both by configuration provided in severity overrides
and threat overrides, the threat overrides action is applied.
Structure is documented below.
The severity_overrides
block supports:
action
-
(Required)
Threat action override.
Possible values are: ALERT
, ALLOW
, DEFAULT_ACTION
, DENY
.
severity
-
(Required)
Severity level to match.
Possible values are: CRITICAL
, HIGH
, INFORMATIONAL
, LOW
, MEDIUM
.
The threat_overrides
block supports:
action
-
(Required)
Threat action.
Possible values are: ALERT
, ALLOW
, DEFAULT_ACTION
, DENY
.
threat_id
-
(Required)
Vendor-specific ID of a threat to override.
type
-
(Output)
Type of threat.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{parent}}/locations/{{location}}/securityProfiles/{{name}}
self_link
-
Server-defined URL of this resource.
create_time
-
Time the security profile was created in UTC.
update_time
-
Time the security profile was updated in UTC.
etag
-
This checksum is computed by the server based on the value of other fields,
and may be sent on update and delete requests to ensure the client has an up-to-date
value before proceeding.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.SecurityProfile can be imported using any of these accepted formats:
{{parent}}/locations/{{location}}/securityProfiles/{{name}}
In Terraform v1.5.0 and later, use an import
block to import SecurityProfile using one of the formats above. For example:
import {
id = "{{parent}}/locations/{{location}}/securityProfiles/{{name}}"
to = google_network_security_security_profile.default
}
When using the terraform import
command, SecurityProfile can be imported using one of the formats above. For example:
$ terraform import google_network_security_security_profile.default {{parent}}/locations/{{location}}/securityProfiles/{{name}}