Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / 7018e2f3f116fdacfd66c03551fbf0c3db62170a / . / v5.18.0 / website / docs / r / securityposture_posture_deployment.html.markdown
blob: c4de68a6ca1933a05e49c720c4c718056d6d2082 [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Security Posture"
description: |-
Represents a deployment of a security posture on a resource.
---
# google\_securityposture\_posture\_deployment
Represents a deployment of a security posture on a resource. A posture contains user curated policy sets. A posture can
be deployed on a project or on a folder or on an organization. To deploy a posture we need to populate the posture's name
and its revision_id in the posture deployment configuration. Every update to a deployed posture generates a new revision_id.
Thus, the updated revision_id should be used in the respective posture deployment's configuration to deploy that posture
on a resource.
To get more information about PostureDeployment, see:
* How-to Guides
* [Create and deploy a posture](https://cloud.google.com/security-command-center/docs/how-to-use-security-posture)
## Example Usage - Securityposture Posture Deployment Basic
```hcl
resource "google_securityposture_posture" "posture1" {
posture_id = "posture_1"
parent = "organizations/123456789"
location = "global"
state = "ACTIVE"
description = "a new posture"
policy_sets {
policy_set_id = "org_policy_set"
description = "set of org policies"
policies {
policy_id = "policy_1"
constraint {
org_policy_constraint {
canned_constraint_id = "storage.uniformBucketLevelAccess"
policy_rules {
enforce = true
}
}
}
}
}
}
resource "google_securityposture_posture_deployment" "postureDeployment" {
posture_deployment_id = "posture_deployment_1"
parent = "organizations/123456789"
location = "global"
description = "a new posture deployment"
target_resource = "projects/1111111111111"
posture_id = google_securityposture_posture.posture1.name
posture_revision_id = google_securityposture_posture.posture1.revision_id
}
```
## Argument Reference
The following arguments are supported:
* `target_resource` -
(Required)
The resource on which the posture should be deployed. This can be in one of the following formats:
projects/{project_number},
folders/{folder_number},
organizations/{organization_id}
* `posture_id` -
(Required)
Relative name of the posture which needs to be deployed. It should be in the format:
organizations/{organization_id}/locations/{location}/postures/{posture_id}
* `posture_revision_id` -
(Required)
Revision_id the posture which needs to be deployed.
* `parent` -
(Required)
The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
* `location` -
(Required)
The location of the resource, eg. global`.
* `posture_deployment_id` -
(Required)
ID of the posture deployment.
- - -
* `description` -
(Optional)
Description of the posture deployment.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}`
* `name` -
Name of the posture deployment instance.
* `state` -
State of the posture deployment. A posture deployment can be in the following terminal states:
ACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED.
* `create_time` -
Time the posture deployment was created in UTC.
* `update_time` -
Time the posture deployment was updated in UTC.
* `etag` -
For Resource freshness validation (https://google.aip.dev/154)
* `reconciling` -
If set, there are currently changes in flight to the posture deployment.
* `desired_posture_id` -
This is an output only optional field which will be filled in case when
PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.
It denotes the desired posture to be deployed.
* `desired_posture_revision_id` -
This is an output only optional field which will be filled in case when
PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.
It denotes the desired posture revision_id to be deployed.
* `failure_message` -
This is a output only optional field which will be filled in case where
PostureDeployment enters a failure state like UPDATE_FAILED or
CREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's
CREATE/UPDATE/DELETE methods.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
PostureDeployment can be imported using any of these accepted formats:
* `{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import PostureDeployment using one of the formats above. For example:
```tf
import {
id = "{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}"
to = google_securityposture_posture_deployment.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), PostureDeployment can be imported using one of the formats above. For example:
```
$ terraform import google_securityposture_posture_deployment.default {{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}
```