Represents a deployment of a security posture on a resource. A posture contains user curated policy sets. A posture can be deployed on a project or on a folder or on an organization. To deploy a posture we need to populate the posture's name and its revision_id in the posture deployment configuration. Every update to a deployed posture generates a new revision_id. Thus, the updated revision_id should be used in the respective posture deployment's configuration to deploy that posture on a resource.
To get more information about PostureDeployment, see:
resource "google_securityposture_posture" "posture_1" {
posture_id = "posture_1"
parent = "organizations/123456789"
location = "global"
state = "ACTIVE"
description = "a new posture"
policy_sets {
policy_set_id = "org_policy_set"
description = "set of org policies"
policies {
policy_id = "policy_1"
constraint {
org_policy_constraint {
canned_constraint_id = "storage.uniformBucketLevelAccess"
policy_rules {
enforce = true
}
}
}
}
}
}
resource "google_securityposture_posture_deployment" "postureDeployment" {
posture_deployment_id = "posture_deployment_1"
parent = "organizations/123456789"
location = "global"
description = "a new posture deployment"
target_resource = "projects/1111111111111"
posture_id = google_securityposture_posture.posture_1.name
posture_revision_id = google_securityposture_posture.posture_1.revision_id
}
The following arguments are supported:
target_resource
-
(Required)
The resource on which the posture should be deployed. This can be in one of the following formats:
projects/{project_number},
folders/{folder_number},
organizations/{organization_id}
posture_id
-
(Required)
Relative name of the posture which needs to be deployed. It should be in the format:
organizations/{organization_id}/locations/{location}/postures/{posture_id}
posture_revision_id
-
(Required)
Revision_id the posture which needs to be deployed.
parent
-
(Required)
The parent of the resource, an organization. Format should be organizations/{organization_id}
.
location
-
(Required)
The location of the resource, eg. global`.
posture_deployment_id
-
(Required)
ID of the posture deployment.
description
-
(Optional)
Description of the posture deployment.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}
name
-
Name of the posture deployment instance.
state
-
State of the posture deployment. A posture deployment can be in the following terminal states:
ACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED.
create_time
-
Time the posture deployment was created in UTC.
update_time
-
Time the posture deployment was updated in UTC.
etag
-
For Resource freshness validation (https://google.aip.dev/154)
reconciling
-
If set, there are currently changes in flight to the posture deployment.
desired_posture_id
-
This is an output only optional field which will be filled in case when
PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.
It denotes the desired posture to be deployed.
desired_posture_revision_id
-
This is an output only optional field which will be filled in case when
PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.
It denotes the desired posture revision_id to be deployed.
failure_message
-
This is a output only optional field which will be filled in case where
PostureDeployment enters a failure state like UPDATE_FAILED or
CREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's
CREATE/UPDATE/DELETE methods.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.PostureDeployment can be imported using any of these accepted formats:
{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}
In Terraform v1.5.0 and later, use an import
block to import PostureDeployment using one of the formats above. For example:
import {
id = "{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}"
to = google_securityposture_posture_deployment.default
}
When using the terraform import
command, PostureDeployment can be imported using one of the formats above. For example:
$ terraform import google_securityposture_posture_deployment.default {{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}