blob: 850f86c4277feac05a22f3f830d710b5e3ad914d [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Network security"
description: |-
A security profile defines the behavior associated to a profile type.
---
# google\_network\_security\_security\_profile
A security profile defines the behavior associated to a profile type.
~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
To get more information about SecurityProfile, see:
* [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/projects.locations.securityProfiles)
* How-to Guides
* [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles)
## Example Usage - Network Security Security Profile Basic
```hcl
resource "google_network_security_security_profile" "default" {
provider = google-beta
name = "my-security-profile"
parent = "organizations/123456789"
description = "my description"
type = "THREAT_PREVENTION"
labels = {
foo = "bar"
}
}
```
## Example Usage - Network Security Security Profile Overrides
```hcl
resource "google_network_security_security_profile" "default" {
provider = google-beta
name = "my-security-profile"
parent = "organizations/123456789"
description = "my description"
type = "THREAT_PREVENTION"
threat_prevention_profile {
severity_overrides {
action = "ALLOW"
severity = "INFORMATIONAL"
}
severity_overrides {
action = "DENY"
severity = "HIGH"
}
threat_overrides {
action = "ALLOW"
threat_id = "280647"
}
}
}
```
## Argument Reference
The following arguments are supported:
* `type` -
(Required)
The type of security profile.
Possible values are: `THREAT_PREVENTION`.
* `name` -
(Required)
The name of the security profile resource.
- - -
* `description` -
(Optional)
An optional description of the security profile. The Max length is 512 characters.
* `labels` -
(Optional)
A map of key/value label pairs to assign to the resource.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field `effective_labels` for all of the labels present on the resource.
* `threat_prevention_profile` -
(Optional)
The threat prevention configuration for the security profile.
Structure is [documented below](#nested_threat_prevention_profile).
* `location` -
(Optional)
The location of the security profile.
The default value is `global`.
* `parent` -
(Optional)
The name of the parent this security profile belongs to.
Format: organizations/{organization_id}.
<a name="nested_threat_prevention_profile"></a>The `threat_prevention_profile` block supports:
* `severity_overrides` -
(Optional)
The configuration for overriding threats actions by severity match.
Structure is [documented below](#nested_severity_overrides).
* `threat_overrides` -
(Optional)
The configuration for overriding threats actions by threat id match.
If a threat is matched both by configuration provided in severity overrides
and threat overrides, the threat overrides action is applied.
Structure is [documented below](#nested_threat_overrides).
<a name="nested_severity_overrides"></a>The `severity_overrides` block supports:
* `action` -
(Required)
Threat action override.
Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.
* `severity` -
(Required)
Severity level to match.
Possible values are: `CRITICAL`, `HIGH`, `INFORMATIONAL`, `LOW`, `MEDIUM`.
<a name="nested_threat_overrides"></a>The `threat_overrides` block supports:
* `action` -
(Required)
Threat action.
Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.
* `threat_id` -
(Required)
Vendor-specific ID of a threat to override.
* `type` -
(Output)
Type of threat.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`
* `self_link` -
Server-defined URL of this resource.
* `create_time` -
Time the security profile was created in UTC.
* `update_time` -
Time the security profile was updated in UTC.
* `etag` -
This checksum is computed by the server based on the value of other fields,
and may be sent on update and delete requests to ensure the client has an up-to-date
value before proceeding.
* `terraform_labels` -
The combination of labels configured directly on the resource
and default labels configured on the provider.
* `effective_labels` -
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
SecurityProfile can be imported using any of these accepted formats:
* `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecurityProfile using one of the formats above. For example:
```tf
import {
id = "{{parent}}/locations/{{location}}/securityProfiles/{{name}}"
to = google_network_security_security_profile.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecurityProfile can be imported using one of the formats above. For example:
```
$ terraform import google_network_security_security_profile.default {{parent}}/locations/{{location}}/securityProfiles/{{name}}
```