google_scc_project_custom_module

Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. You can create a custom module at the organization, folder, or project level. Custom modules that you create at the organization or folder level are inherited by the child folders and projects.

To get more information about ProjectCustomModule, see:

Example Usage - Scc Project Custom Module Basic

resource "google_scc_project_custom_module" "example" {
  display_name = "basic_custom_module"
  enablement_state = "ENABLED"
  custom_config {
    predicate {
      expression = "resource.rotationPeriod > duration(\"2592000s\")"
    }
    resource_selector {
      resource_types = [
        "cloudkms.googleapis.com/CryptoKey",
      ]
    }
    description = "The rotation period of the identified cryptokey resource exceeds 30 days."
    recommendation = "Set the rotation period to at most 30 days."
    severity = "MEDIUM"
  }
}

Example Usage - Scc Project Custom Module Full

resource "google_scc_project_custom_module" "example" {
  display_name = "full_custom_module"
  enablement_state = "ENABLED"
  custom_config {
    predicate {
      expression = "resource.rotationPeriod > duration(\"2592000s\")"
      title = "Purpose of the expression"
      description = "description of the expression"
      location = "location of the expression"
    }
    custom_output {
      properties {
        name = "duration"
        value_expression {
          expression = "resource.rotationPeriod"
          title = "Purpose of the expression"
          description = "description of the expression"
          location = "location of the expression"
        }
      }
    }
    resource_selector {
      resource_types = [
        "cloudkms.googleapis.com/CryptoKey",
      ]
    }
    severity = "LOW"
    description = "Description of the custom module"
    recommendation = "Steps to resolve violation"
  }
}

Argument Reference

The following arguments are supported:

The custom_config block supports:

The predicate block supports:

The custom_output block supports:

The properties block supports:

The value_expression block supports:

The resource_selector block supports:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

ProjectCustomModule can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import ProjectCustomModule using one of the formats above. For example:

import {
  id = "projects/{{project}}/securityHealthAnalyticsSettings/customModules/{{name}}"
  to = google_scc_project_custom_module.default
}

When using the terraform import command, ProjectCustomModule can be imported using one of the formats above. For example:

$ terraform import google_scc_project_custom_module.default projects/{{project}}/securityHealthAnalyticsSettings/customModules/{{name}}
$ terraform import google_scc_project_custom_module.default {{project}}/{{name}}
$ terraform import google_scc_project_custom_module.default {{name}}

User Project Overrides

This resource supports User Project Overrides.