| --- |
| # ---------------------------------------------------------------------------- |
| # |
| # *** AUTO GENERATED CODE *** Type: MMv1 *** |
| # |
| # ---------------------------------------------------------------------------- |
| # |
| # This file is automatically generated by Magic Modules and manual |
| # changes will be clobbered when the file is regenerated. |
| # |
| # Please read more about how to change this file in |
| # .github/CONTRIBUTING.md. |
| # |
| # ---------------------------------------------------------------------------- |
| subcategory: "Security Command Center (SCC)" |
| description: |- |
| A Cloud Security Command Center (Cloud SCC) notification configs. |
| --- |
| |
| # google_scc_notification_config |
| |
| A Cloud Security Command Center (Cloud SCC) notification configs. A |
| notification config is a Cloud SCC resource that contains the |
| configuration to send notifications for create/update events of |
| findings, assets and etc. |
| ~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled |
| in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). |
| Without doing so, you may run into errors during resource creation. |
| |
| |
| To get more information about NotificationConfig, see: |
| |
| * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.notificationConfigs) |
| * How-to Guides |
| * [Official Documentation](https://cloud.google.com/security-command-center/docs) |
| |
| ## Example Usage - Scc Notification Config Basic |
| |
| |
| ```hcl |
| resource "google_pubsub_topic" "scc_notification" { |
| name = "my-topic" |
| } |
| |
| resource "google_scc_notification_config" "custom_notification_config" { |
| config_id = "my-config" |
| organization = "123456789" |
| description = "My custom Cloud Security Command Center Finding Notification Configuration" |
| pubsub_topic = google_pubsub_topic.scc_notification.id |
| |
| streaming_config { |
| filter = "category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\"" |
| } |
| } |
| ``` |
| |
| ## Argument Reference |
| |
| The following arguments are supported: |
| |
| |
| * `pubsub_topic` - |
| (Required) |
| The Pub/Sub topic to send notifications to. Its format is |
| "projects/[project_id]/topics/[topic]". |
| |
| * `streaming_config` - |
| (Required) |
| The config for triggering streaming-based notifications. |
| Structure is [documented below](#nested_streaming_config). |
| |
| * `organization` - |
| (Required) |
| The organization whose Cloud Security Command Center the Notification |
| Config lives in. |
| |
| * `config_id` - |
| (Required) |
| This must be unique within the organization. |
| |
| |
| <a name="nested_streaming_config"></a>The `streaming_config` block supports: |
| |
| * `filter` - |
| (Required) |
| Expression that defines the filter to apply across create/update |
| events of assets or findings as specified by the event type. The |
| expression is a list of zero or more restrictions combined via |
| logical operators AND and OR. Parentheses are supported, and OR |
| has higher precedence than AND. |
| Restrictions have the form <field> <operator> <value> and may have |
| a - character in front of them to indicate negation. The fields |
| map to those defined in the corresponding resource. |
| The supported operators are: |
| * = for all value types. |
| * >, <, >=, <= for integer values. |
| * :, meaning substring matching, for strings. |
| The supported value types are: |
| * string literals in quotes. |
| * integer literals without quotes. |
| * boolean literals true and false without quotes. |
| See |
| [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) |
| for information on how to write a filter. |
| |
| - - - |
| |
| |
| * `description` - |
| (Optional) |
| The description of the notification config (max of 1024 characters). |
| |
| |
| ## Attributes Reference |
| |
| In addition to the arguments listed above, the following computed attributes are exported: |
| |
| * `id` - an identifier for the resource with format `{{name}}` |
| |
| * `name` - |
| The resource name of this notification config, in the format |
| `organizations/{{organization}}/notificationConfigs/{{config_id}}`. |
| |
| * `service_account` - |
| The service account that needs "pubsub.topics.publish" permission to |
| publish to the Pub/Sub topic. |
| |
| |
| ## Timeouts |
| |
| This resource provides the following |
| [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: |
| |
| - `create` - Default is 20 minutes. |
| - `update` - Default is 20 minutes. |
| - `delete` - Default is 20 minutes. |
| |
| ## Import |
| |
| |
| NotificationConfig can be imported using any of these accepted formats: |
| |
| * `organizations/{{organization}}/notificationConfigs/{{name}}` |
| * `{{organization}}/{{name}}` |
| |
| |
| In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import NotificationConfig using one of the formats above. For example: |
| |
| ```tf |
| import { |
| id = "organizations/{{organization}}/notificationConfigs/{{name}}" |
| to = google_scc_notification_config.default |
| } |
| ``` |
| |
| When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), NotificationConfig can be imported using one of the formats above. For example: |
| |
| ``` |
| $ terraform import google_scc_notification_config.default organizations/{{organization}}/notificationConfigs/{{name}} |
| $ terraform import google_scc_notification_config.default {{organization}}/{{name}} |
| ``` |