v5.18.0/website/docs/r/network_security_security_profile.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Network security"
 description: |-
   A security profile defines the behavior associated to a profile type.
 ---

 # google\_network\_security\_security\_profile

 A security profile defines the behavior associated to a profile type.

 ~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
 See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.

 To get more information about SecurityProfile, see:

 * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/projects.locations.securityProfiles)
 * How-to Guides
     * [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles)

 ## Example Usage - Network Security Security Profile Basic


 ```hcl
 resource "google_network_security_security_profile" "default" {
   provider    = google-beta
   name        = "my-security-profile"
   parent      = "organizations/123456789"
   description = "my description"
   type        = "THREAT_PREVENTION"

   labels = {
     foo = "bar"
   }
 }
 ```
 ## Example Usage - Network Security Security Profile Overrides


 ```hcl
 resource "google_network_security_security_profile" "default" {
   provider    = google-beta
   name        = "my-security-profile"
   parent      = "organizations/123456789"
   description = "my description"
   type        = "THREAT_PREVENTION"

   threat_prevention_profile {
     severity_overrides {
       action   = "ALLOW"
       severity = "INFORMATIONAL"
     }

     severity_overrides {
       action   = "DENY"
       severity = "HIGH"
     }

     threat_overrides {
       action    = "ALLOW"
       threat_id = "280647"
     }
   }
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `type` -
   (Required)
   The type of security profile.
   Possible values are: `THREAT_PREVENTION`.

 * `name` -
   (Required)
   The name of the security profile resource.


 - - -


 * `description` -
   (Optional)
   An optional description of the security profile. The Max length is 512 characters.

 * `labels` -
   (Optional)
   A map of key/value label pairs to assign to the resource.

   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.

 * `threat_prevention_profile` -
   (Optional)
   The threat prevention configuration for the security profile.
   Structure is [documented below](#nested_threat_prevention_profile).

 * `location` -
   (Optional)
   The location of the security profile.
   The default value is `global`.

 * `parent` -
   (Optional)
   The name of the parent this security profile belongs to.
   Format: organizations/{organization_id}.


 <a name="nested_threat_prevention_profile"></a>The `threat_prevention_profile` block supports:

 * `severity_overrides` -
   (Optional)
   The configuration for overriding threats actions by severity match.
   Structure is [documented below](#nested_severity_overrides).

 * `threat_overrides` -
   (Optional)
   The configuration for overriding threats actions by threat id match.
   If a threat is matched both by configuration provided in severity overrides
   and threat overrides, the threat overrides action is applied.
   Structure is [documented below](#nested_threat_overrides).


 <a name="nested_severity_overrides"></a>The `severity_overrides` block supports:

 * `action` -
   (Required)
   Threat action override.
   Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.

 * `severity` -
   (Required)
   Severity level to match.
   Possible values are: `CRITICAL`, `HIGH`, `INFORMATIONAL`, `LOW`, `MEDIUM`.

 <a name="nested_threat_overrides"></a>The `threat_overrides` block supports:

 * `action` -
   (Required)
   Threat action.
   Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.

 * `threat_id` -
   (Required)
   Vendor-specific ID of a threat to override.

 * `type` -
   (Output)
   Type of threat.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`

 * `self_link` -
   Server-defined URL of this resource.

 * `create_time` -
   Time the security profile was created in UTC.

 * `update_time` -
   Time the security profile was updated in UTC.

 * `etag` -
   This checksum is computed by the server based on the value of other fields,
   and may be sent on update and delete requests to ensure the client has an up-to-date
   value before proceeding.

 * `terraform_labels` -
   The combination of labels configured directly on the resource
    and default labels configured on the provider.

 * `effective_labels` -
   All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 SecurityProfile can be imported using any of these accepted formats:

 * `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecurityProfile using one of the formats above. For example:

 ```tf
 import {
   id = "{{parent}}/locations/{{location}}/securityProfiles/{{name}}"
   to = google_network_security_security_profile.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecurityProfile can be imported using one of the formats above. For example:

 ```
 $ terraform import google_network_security_security_profile.default {{parent}}/locations/{{location}}/securityProfiles/{{name}}
 ```
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Network security"
	description: \|-
	A security profile defines the behavior associated to a profile type.
	---

	# google\_network\_security\_security\_profile

	A security profile defines the behavior associated to a profile type.

	~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider.
	See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.

	To get more information about SecurityProfile, see:

	* [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/projects.locations.securityProfiles)
	* How-to Guides
	* [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles)

	## Example Usage - Network Security Security Profile Basic


	```hcl
	resource "google_network_security_security_profile" "default" {
	provider = google-beta
	name = "my-security-profile"
	parent = "organizations/123456789"
	description = "my description"
	type = "THREAT_PREVENTION"

	labels = {
	foo = "bar"
	}
	}
	```
	## Example Usage - Network Security Security Profile Overrides


	```hcl
	resource "google_network_security_security_profile" "default" {
	provider = google-beta
	name = "my-security-profile"
	parent = "organizations/123456789"
	description = "my description"
	type = "THREAT_PREVENTION"

	threat_prevention_profile {
	severity_overrides {
	action = "ALLOW"
	severity = "INFORMATIONAL"
	}

	severity_overrides {
	action = "DENY"
	severity = "HIGH"
	}

	threat_overrides {
	action = "ALLOW"
	threat_id = "280647"
	}
	}
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `type` -
	(Required)
	The type of security profile.
	Possible values are: `THREAT_PREVENTION`.

	* `name` -
	(Required)
	The name of the security profile resource.


	- - -


	* `description` -
	(Optional)
	An optional description of the security profile. The Max length is 512 characters.

	* `labels` -
	(Optional)
	A map of key/value label pairs to assign to the resource.

	Note: This field is non-authoritative, and will only manage the labels present in your configuration.
	Please refer to the field `effective_labels` for all of the labels present on the resource.

	* `threat_prevention_profile` -
	(Optional)
	The threat prevention configuration for the security profile.
	Structure is [documented below](#nested_threat_prevention_profile).

	* `location` -
	(Optional)
	The location of the security profile.
	The default value is `global`.

	* `parent` -
	(Optional)
	The name of the parent this security profile belongs to.
	Format: organizations/{organization_id}.


	<a name="nested_threat_prevention_profile"></a>The `threat_prevention_profile` block supports:

	* `severity_overrides` -
	(Optional)
	The configuration for overriding threats actions by severity match.
	Structure is [documented below](#nested_severity_overrides).

	* `threat_overrides` -
	(Optional)
	The configuration for overriding threats actions by threat id match.
	If a threat is matched both by configuration provided in severity overrides
	and threat overrides, the threat overrides action is applied.
	Structure is [documented below](#nested_threat_overrides).


	<a name="nested_severity_overrides"></a>The `severity_overrides` block supports:

	* `action` -
	(Required)
	Threat action override.
	Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.

	* `severity` -
	(Required)
	Severity level to match.
	Possible values are: `CRITICAL`, `HIGH`, `INFORMATIONAL`, `LOW`, `MEDIUM`.

	<a name="nested_threat_overrides"></a>The `threat_overrides` block supports:

	* `action` -
	(Required)
	Threat action.
	Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.

	* `threat_id` -
	(Required)
	Vendor-specific ID of a threat to override.

	* `type` -
	(Output)
	Type of threat.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`

	* `self_link` -
	Server-defined URL of this resource.

	* `create_time` -
	Time the security profile was created in UTC.

	* `update_time` -
	Time the security profile was updated in UTC.

	* `etag` -
	This checksum is computed by the server based on the value of other fields,
	and may be sent on update and delete requests to ensure the client has an up-to-date
	value before proceeding.

	* `terraform_labels` -
	The combination of labels configured directly on the resource
	and default labels configured on the provider.

	* `effective_labels` -
	All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	SecurityProfile can be imported using any of these accepted formats:

	* `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecurityProfile using one of the formats above. For example:

	```tf
	import {
	id = "{{parent}}/locations/{{location}}/securityProfiles/{{name}}"
	to = google_network_security_security_profile.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecurityProfile can be imported using one of the formats above. For example:

	```
	$ terraform import google_network_security_security_profile.default {{parent}}/locations/{{location}}/securityProfiles/{{name}}
	```