blob: 8495450195622f008a68b3826e8b9bbbf8172c6a [file] [log] [blame] [edit]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Security Command Center (SCC)"
description: |-
A Cloud Security Command Center (Cloud SCC) notification configs.
---
# google_scc_notification_config
A Cloud Security Command Center (Cloud SCC) notification configs. A
notification config is a Cloud SCC resource that contains the
configuration to send notifications for create/update events of
findings, assets and etc.
~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled
in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).
Without doing so, you may run into errors during resource creation.
To get more information about NotificationConfig, see:
* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.notificationConfigs)
* How-to Guides
* [Official Documentation](https://cloud.google.com/security-command-center/docs)
## Example Usage - Scc Notification Config Basic
```hcl
resource "google_pubsub_topic" "scc_notification" {
name = "my-topic"
}
resource "google_scc_notification_config" "custom_notification_config" {
config_id = "my-config"
organization = "123456789"
description = "My custom Cloud Security Command Center Finding Notification Configuration"
pubsub_topic = google_pubsub_topic.scc_notification.id
streaming_config {
filter = "category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\""
}
}
```
## Argument Reference
The following arguments are supported:
* `pubsub_topic` -
(Required)
The Pub/Sub topic to send notifications to. Its format is
"projects/[project_id]/topics/[topic]".
* `streaming_config` -
(Required)
The config for triggering streaming-based notifications.
Structure is [documented below](#nested_streaming_config).
* `organization` -
(Required)
The organization whose Cloud Security Command Center the Notification
Config lives in.
* `config_id` -
(Required)
This must be unique within the organization.
<a name="nested_streaming_config"></a>The `streaming_config` block supports:
* `filter` -
(Required)
Expression that defines the filter to apply across create/update
events of assets or findings as specified by the event type. The
expression is a list of zero or more restrictions combined via
logical operators AND and OR. Parentheses are supported, and OR
has higher precedence than AND.
Restrictions have the form <field> <operator> <value> and may have
a - character in front of them to indicate negation. The fields
map to those defined in the corresponding resource.
The supported operators are:
* = for all value types.
* >, <, >=, <= for integer values.
* :, meaning substring matching, for strings.
The supported value types are:
* string literals in quotes.
* integer literals without quotes.
* boolean literals true and false without quotes.
See
[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)
for information on how to write a filter.
- - -
* `description` -
(Optional)
The description of the notification config (max of 1024 characters).
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `{{name}}`
* `name` -
The resource name of this notification config, in the format
`organizations/{{organization}}/notificationConfigs/{{config_id}}`.
* `service_account` -
The service account that needs "pubsub.topics.publish" permission to
publish to the Pub/Sub topic.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
NotificationConfig can be imported using any of these accepted formats:
* `organizations/{{organization}}/notificationConfigs/{{name}}`
* `{{organization}}/{{name}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import NotificationConfig using one of the formats above. For example:
```tf
import {
id = "organizations/{{organization}}/notificationConfigs/{{name}}"
to = google_scc_notification_config.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), NotificationConfig can be imported using one of the formats above. For example:
```
$ terraform import google_scc_notification_config.default organizations/{{organization}}/notificationConfigs/{{name}}
$ terraform import google_scc_notification_config.default {{organization}}/{{name}}
```