| --- |
| # ---------------------------------------------------------------------------- |
| # |
| # *** AUTO GENERATED CODE *** Type: MMv1 *** |
| # |
| # ---------------------------------------------------------------------------- |
| # |
| # This file is automatically generated by Magic Modules and manual |
| # changes will be clobbered when the file is regenerated. |
| # |
| # Please read more about how to change this file in |
| # .github/CONTRIBUTING.md. |
| # |
| # ---------------------------------------------------------------------------- |
| subcategory: "Network security" |
| description: |- |
| A security profile defines the behavior associated to a profile type. |
| --- |
| |
| # google\_network\_security\_security\_profile |
| |
| A security profile defines the behavior associated to a profile type. |
| |
| ~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. |
| See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. |
| |
| To get more information about SecurityProfile, see: |
| |
| * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/projects.locations.securityProfiles) |
| * How-to Guides |
| * [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles) |
| |
| ## Example Usage - Network Security Security Profile Basic |
| |
| |
| ```hcl |
| resource "google_network_security_security_profile" "default" { |
| provider = google-beta |
| name = "my-security-profile" |
| parent = "organizations/123456789" |
| description = "my description" |
| type = "THREAT_PREVENTION" |
| |
| labels = { |
| foo = "bar" |
| } |
| } |
| ``` |
| ## Example Usage - Network Security Security Profile Overrides |
| |
| |
| ```hcl |
| resource "google_network_security_security_profile" "default" { |
| provider = google-beta |
| name = "my-security-profile" |
| parent = "organizations/123456789" |
| description = "my description" |
| type = "THREAT_PREVENTION" |
| |
| threat_prevention_profile { |
| severity_overrides { |
| action = "ALLOW" |
| severity = "INFORMATIONAL" |
| } |
| |
| severity_overrides { |
| action = "DENY" |
| severity = "HIGH" |
| } |
| |
| threat_overrides { |
| action = "ALLOW" |
| threat_id = "280647" |
| } |
| } |
| } |
| ``` |
| |
| ## Argument Reference |
| |
| The following arguments are supported: |
| |
| |
| * `type` - |
| (Required) |
| The type of security profile. |
| Possible values are: `THREAT_PREVENTION`. |
| |
| * `name` - |
| (Required) |
| The name of the security profile resource. |
| |
| |
| - - - |
| |
| |
| * `description` - |
| (Optional) |
| An optional description of the security profile. The Max length is 512 characters. |
| |
| * `labels` - |
| (Optional) |
| A map of key/value label pairs to assign to the resource. |
| |
| **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. |
| Please refer to the field `effective_labels` for all of the labels present on the resource. |
| |
| * `threat_prevention_profile` - |
| (Optional) |
| The threat prevention configuration for the security profile. |
| Structure is [documented below](#nested_threat_prevention_profile). |
| |
| * `location` - |
| (Optional) |
| The location of the security profile. |
| The default value is `global`. |
| |
| * `parent` - |
| (Optional) |
| The name of the parent this security profile belongs to. |
| Format: organizations/{organization_id}. |
| |
| |
| <a name="nested_threat_prevention_profile"></a>The `threat_prevention_profile` block supports: |
| |
| * `severity_overrides` - |
| (Optional) |
| The configuration for overriding threats actions by severity match. |
| Structure is [documented below](#nested_severity_overrides). |
| |
| * `threat_overrides` - |
| (Optional) |
| The configuration for overriding threats actions by threat id match. |
| If a threat is matched both by configuration provided in severity overrides |
| and threat overrides, the threat overrides action is applied. |
| Structure is [documented below](#nested_threat_overrides). |
| |
| |
| <a name="nested_severity_overrides"></a>The `severity_overrides` block supports: |
| |
| * `action` - |
| (Required) |
| Threat action override. |
| Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`. |
| |
| * `severity` - |
| (Required) |
| Severity level to match. |
| Possible values are: `CRITICAL`, `HIGH`, `INFORMATIONAL`, `LOW`, `MEDIUM`. |
| |
| <a name="nested_threat_overrides"></a>The `threat_overrides` block supports: |
| |
| * `action` - |
| (Required) |
| Threat action. |
| Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`. |
| |
| * `threat_id` - |
| (Required) |
| Vendor-specific ID of a threat to override. |
| |
| * `type` - |
| (Output) |
| Type of threat. |
| |
| ## Attributes Reference |
| |
| In addition to the arguments listed above, the following computed attributes are exported: |
| |
| * `id` - an identifier for the resource with format `{{parent}}/locations/{{location}}/securityProfiles/{{name}}` |
| |
| * `self_link` - |
| Server-defined URL of this resource. |
| |
| * `create_time` - |
| Time the security profile was created in UTC. |
| |
| * `update_time` - |
| Time the security profile was updated in UTC. |
| |
| * `etag` - |
| This checksum is computed by the server based on the value of other fields, |
| and may be sent on update and delete requests to ensure the client has an up-to-date |
| value before proceeding. |
| |
| * `terraform_labels` - |
| The combination of labels configured directly on the resource |
| and default labels configured on the provider. |
| |
| * `effective_labels` - |
| All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. |
| |
| |
| ## Timeouts |
| |
| This resource provides the following |
| [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: |
| |
| - `create` - Default is 20 minutes. |
| - `update` - Default is 20 minutes. |
| - `delete` - Default is 20 minutes. |
| |
| ## Import |
| |
| |
| SecurityProfile can be imported using any of these accepted formats: |
| |
| * `{{parent}}/locations/{{location}}/securityProfiles/{{name}}` |
| |
| |
| In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecurityProfile using one of the formats above. For example: |
| |
| ```tf |
| import { |
| id = "{{parent}}/locations/{{location}}/securityProfiles/{{name}}" |
| to = google_network_security_security_profile.default |
| } |
| ``` |
| |
| When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecurityProfile can be imported using one of the formats above. For example: |
| |
| ``` |
| $ terraform import google_network_security_security_profile.default {{parent}}/locations/{{location}}/securityProfiles/{{name}} |
| ``` |