The gcp:modelarmor/floorsetting:Floorsetting resource, part of the Pulumi GCP provider, defines minimum content filtering requirements for Model Armor templates at a specific point in the Google Cloud resource hierarchy (organization, folder, or project). This guide focuses on three capabilities: establishing floor settings at hierarchy levels, configuring content filters with confidence thresholds, and inspection mode for testing filter behavior.
Floor settings apply to a parent resource that must already exist. When multiple floor settings conflict, settings lower in the hierarchy take precedence. The examples are intentionally small. Combine them with your own project structure and filter requirements.
Create a minimal floor setting with empty filters
Organizations establishing Model Armor governance start by creating a floor setting at a specific hierarchy level without enforcing specific filter rules.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const floorsetting_basic = new gcp.modelarmor.Floorsetting("floorsetting-basic", {
parent: "projects/my-project-name",
location: "global",
filterConfig: {},
});
import pulumi
import pulumi_gcp as gcp
floorsetting_basic = gcp.modelarmor.Floorsetting("floorsetting-basic",
parent="projects/my-project-name",
location="global",
filter_config={})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/modelarmor"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := modelarmor.NewFloorsetting(ctx, "floorsetting-basic", &modelarmor.FloorsettingArgs{
Parent: pulumi.String("projects/my-project-name"),
Location: pulumi.String("global"),
FilterConfig: &modelarmor.FloorsettingFilterConfigArgs{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var floorsetting_basic = new Gcp.ModelArmor.Floorsetting("floorsetting-basic", new()
{
Parent = "projects/my-project-name",
Location = "global",
FilterConfig = null,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.modelarmor.Floorsetting;
import com.pulumi.gcp.modelarmor.FloorsettingArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFilterConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var floorsetting_basic = new Floorsetting("floorsetting-basic", FloorsettingArgs.builder()
.parent("projects/my-project-name")
.location("global")
.filterConfig(FloorsettingFilterConfigArgs.builder()
.build())
.build());
}
}
resources:
floorsetting-basic:
type: gcp:modelarmor:Floorsetting
properties:
parent: projects/my-project-name
location: global
filterConfig: {}
The parent property specifies where in the resource hierarchy this floor setting applies (project, folder, or organization). The location property is typically “global”. The empty filterConfig establishes the floor setting without defining filter rules yet.
Enforce content filters with confidence thresholds
Teams protecting AI applications configure filter rules that block dangerous content, detect sensitive data, and prevent jailbreak attempts.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const floorsetting_filter_config = new gcp.modelarmor.Floorsetting("floorsetting-filter-config", {
location: "global",
parent: "project/my-project-name",
filterConfig: {
raiSettings: {
raiFilters: [{
filterType: "DANGEROUS",
confidenceLevel: "MEDIUM_AND_ABOVE",
}],
},
sdpSettings: {
basicConfig: {
filterEnforcement: "ENABLED",
},
},
piAndJailbreakFilterSettings: {
filterEnforcement: "ENABLED",
confidenceLevel: "HIGH",
},
maliciousUriFilterSettings: {
filterEnforcement: "ENABLED",
},
},
enableFloorSettingEnforcement: true,
});
import pulumi
import pulumi_gcp as gcp
floorsetting_filter_config = gcp.modelarmor.Floorsetting("floorsetting-filter-config",
location="global",
parent="project/my-project-name",
filter_config={
"rai_settings": {
"rai_filters": [{
"filter_type": "DANGEROUS",
"confidence_level": "MEDIUM_AND_ABOVE",
}],
},
"sdp_settings": {
"basic_config": {
"filter_enforcement": "ENABLED",
},
},
"pi_and_jailbreak_filter_settings": {
"filter_enforcement": "ENABLED",
"confidence_level": "HIGH",
},
"malicious_uri_filter_settings": {
"filter_enforcement": "ENABLED",
},
},
enable_floor_setting_enforcement=True)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/modelarmor"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := modelarmor.NewFloorsetting(ctx, "floorsetting-filter-config", &modelarmor.FloorsettingArgs{
Location: pulumi.String("global"),
Parent: pulumi.String("project/my-project-name"),
FilterConfig: &modelarmor.FloorsettingFilterConfigArgs{
RaiSettings: &modelarmor.FloorsettingFilterConfigRaiSettingsArgs{
RaiFilters: modelarmor.FloorsettingFilterConfigRaiSettingsRaiFilterArray{
&modelarmor.FloorsettingFilterConfigRaiSettingsRaiFilterArgs{
FilterType: pulumi.String("DANGEROUS"),
ConfidenceLevel: pulumi.String("MEDIUM_AND_ABOVE"),
},
},
},
SdpSettings: &modelarmor.FloorsettingFilterConfigSdpSettingsArgs{
BasicConfig: &modelarmor.FloorsettingFilterConfigSdpSettingsBasicConfigArgs{
FilterEnforcement: pulumi.String("ENABLED"),
},
},
PiAndJailbreakFilterSettings: &modelarmor.FloorsettingFilterConfigPiAndJailbreakFilterSettingsArgs{
FilterEnforcement: pulumi.String("ENABLED"),
ConfidenceLevel: pulumi.String("HIGH"),
},
MaliciousUriFilterSettings: &modelarmor.FloorsettingFilterConfigMaliciousUriFilterSettingsArgs{
FilterEnforcement: pulumi.String("ENABLED"),
},
},
EnableFloorSettingEnforcement: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var floorsetting_filter_config = new Gcp.ModelArmor.Floorsetting("floorsetting-filter-config", new()
{
Location = "global",
Parent = "project/my-project-name",
FilterConfig = new Gcp.ModelArmor.Inputs.FloorsettingFilterConfigArgs
{
RaiSettings = new Gcp.ModelArmor.Inputs.FloorsettingFilterConfigRaiSettingsArgs
{
RaiFilters = new[]
{
new Gcp.ModelArmor.Inputs.FloorsettingFilterConfigRaiSettingsRaiFilterArgs
{
FilterType = "DANGEROUS",
ConfidenceLevel = "MEDIUM_AND_ABOVE",
},
},
},
SdpSettings = new Gcp.ModelArmor.Inputs.FloorsettingFilterConfigSdpSettingsArgs
{
BasicConfig = new Gcp.ModelArmor.Inputs.FloorsettingFilterConfigSdpSettingsBasicConfigArgs
{
FilterEnforcement = "ENABLED",
},
},
PiAndJailbreakFilterSettings = new Gcp.ModelArmor.Inputs.FloorsettingFilterConfigPiAndJailbreakFilterSettingsArgs
{
FilterEnforcement = "ENABLED",
ConfidenceLevel = "HIGH",
},
MaliciousUriFilterSettings = new Gcp.ModelArmor.Inputs.FloorsettingFilterConfigMaliciousUriFilterSettingsArgs
{
FilterEnforcement = "ENABLED",
},
},
EnableFloorSettingEnforcement = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.modelarmor.Floorsetting;
import com.pulumi.gcp.modelarmor.FloorsettingArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFilterConfigArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFilterConfigRaiSettingsArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFilterConfigSdpSettingsArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFilterConfigSdpSettingsBasicConfigArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFilterConfigPiAndJailbreakFilterSettingsArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFilterConfigMaliciousUriFilterSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var floorsetting_filter_config = new Floorsetting("floorsetting-filter-config", FloorsettingArgs.builder()
.location("global")
.parent("project/my-project-name")
.filterConfig(FloorsettingFilterConfigArgs.builder()
.raiSettings(FloorsettingFilterConfigRaiSettingsArgs.builder()
.raiFilters(FloorsettingFilterConfigRaiSettingsRaiFilterArgs.builder()
.filterType("DANGEROUS")
.confidenceLevel("MEDIUM_AND_ABOVE")
.build())
.build())
.sdpSettings(FloorsettingFilterConfigSdpSettingsArgs.builder()
.basicConfig(FloorsettingFilterConfigSdpSettingsBasicConfigArgs.builder()
.filterEnforcement("ENABLED")
.build())
.build())
.piAndJailbreakFilterSettings(FloorsettingFilterConfigPiAndJailbreakFilterSettingsArgs.builder()
.filterEnforcement("ENABLED")
.confidenceLevel("HIGH")
.build())
.maliciousUriFilterSettings(FloorsettingFilterConfigMaliciousUriFilterSettingsArgs.builder()
.filterEnforcement("ENABLED")
.build())
.build())
.enableFloorSettingEnforcement(true)
.build());
}
}
resources:
floorsetting-filter-config:
type: gcp:modelarmor:Floorsetting
properties:
location: global
parent: project/my-project-name
filterConfig:
raiSettings:
raiFilters:
- filterType: DANGEROUS
confidenceLevel: MEDIUM_AND_ABOVE
sdpSettings:
basicConfig:
filterEnforcement: ENABLED
piAndJailbreakFilterSettings:
filterEnforcement: ENABLED
confidenceLevel: HIGH
maliciousUriFilterSettings:
filterEnforcement: ENABLED
enableFloorSettingEnforcement: true
The filterConfig property defines multiple filter types. The raiSettings block configures Responsible AI filters with filterType (e.g., “DANGEROUS”) and confidenceLevel thresholds. The sdpSettings block enables sensitive data protection. The piAndJailbreakFilterSettings and maliciousUriFilterSettings blocks add additional protection layers. Setting enableFloorSettingEnforcement to true activates these rules for all Model Armor templates under this parent.
Enable inspection mode with logging and language detection
Before enforcing filters in production, teams run floor settings in inspection mode to observe what would be blocked without actually blocking requests.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const floorsetting_integrated_metadata = new gcp.modelarmor.Floorsetting("floorsetting-integrated-metadata", {
location: "global",
parent: "projects/my-project-name",
filterConfig: {},
enableFloorSettingEnforcement: false,
aiPlatformFloorSetting: {
inspectOnly: true,
enableCloudLogging: true,
},
floorSettingMetadata: {
multiLanguageDetection: {
enableMultiLanguageDetection: false,
},
},
});
import pulumi
import pulumi_gcp as gcp
floorsetting_integrated_metadata = gcp.modelarmor.Floorsetting("floorsetting-integrated-metadata",
location="global",
parent="projects/my-project-name",
filter_config={},
enable_floor_setting_enforcement=False,
ai_platform_floor_setting={
"inspect_only": True,
"enable_cloud_logging": True,
},
floor_setting_metadata={
"multi_language_detection": {
"enable_multi_language_detection": False,
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/modelarmor"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := modelarmor.NewFloorsetting(ctx, "floorsetting-integrated-metadata", &modelarmor.FloorsettingArgs{
Location: pulumi.String("global"),
Parent: pulumi.String("projects/my-project-name"),
FilterConfig: &modelarmor.FloorsettingFilterConfigArgs{},
EnableFloorSettingEnforcement: pulumi.Bool(false),
AiPlatformFloorSetting: &modelarmor.FloorsettingAiPlatformFloorSettingArgs{
InspectOnly: pulumi.Bool(true),
EnableCloudLogging: pulumi.Bool(true),
},
FloorSettingMetadata: &modelarmor.FloorsettingFloorSettingMetadataArgs{
MultiLanguageDetection: &modelarmor.FloorsettingFloorSettingMetadataMultiLanguageDetectionArgs{
EnableMultiLanguageDetection: pulumi.Bool(false),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var floorsetting_integrated_metadata = new Gcp.ModelArmor.Floorsetting("floorsetting-integrated-metadata", new()
{
Location = "global",
Parent = "projects/my-project-name",
FilterConfig = null,
EnableFloorSettingEnforcement = false,
AiPlatformFloorSetting = new Gcp.ModelArmor.Inputs.FloorsettingAiPlatformFloorSettingArgs
{
InspectOnly = true,
EnableCloudLogging = true,
},
FloorSettingMetadata = new Gcp.ModelArmor.Inputs.FloorsettingFloorSettingMetadataArgs
{
MultiLanguageDetection = new Gcp.ModelArmor.Inputs.FloorsettingFloorSettingMetadataMultiLanguageDetectionArgs
{
EnableMultiLanguageDetection = false,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.modelarmor.Floorsetting;
import com.pulumi.gcp.modelarmor.FloorsettingArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFilterConfigArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingAiPlatformFloorSettingArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFloorSettingMetadataArgs;
import com.pulumi.gcp.modelarmor.inputs.FloorsettingFloorSettingMetadataMultiLanguageDetectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var floorsetting_integrated_metadata = new Floorsetting("floorsetting-integrated-metadata", FloorsettingArgs.builder()
.location("global")
.parent("projects/my-project-name")
.filterConfig(FloorsettingFilterConfigArgs.builder()
.build())
.enableFloorSettingEnforcement(false)
.aiPlatformFloorSetting(FloorsettingAiPlatformFloorSettingArgs.builder()
.inspectOnly(true)
.enableCloudLogging(true)
.build())
.floorSettingMetadata(FloorsettingFloorSettingMetadataArgs.builder()
.multiLanguageDetection(FloorsettingFloorSettingMetadataMultiLanguageDetectionArgs.builder()
.enableMultiLanguageDetection(false)
.build())
.build())
.build());
}
}
resources:
floorsetting-integrated-metadata:
type: gcp:modelarmor:Floorsetting
properties:
location: global
parent: projects/my-project-name
filterConfig: {}
enableFloorSettingEnforcement: false
aiPlatformFloorSetting:
inspectOnly: true
enableCloudLogging: true
floorSettingMetadata:
multiLanguageDetection:
enableMultiLanguageDetection: false
The aiPlatformFloorSetting block controls AI Platform integration. Setting inspectOnly to true enables observation mode, while enableCloudLogging captures filter decisions to Cloud Logging. The floorSettingMetadata block configures multi-language detection for non-English content. Setting enableFloorSettingEnforcement to false ensures the floor setting observes but doesn’t block.
Beyond these examples
These snippets focus on specific floor setting features: hierarchy-based floor settings, content filtering (RAI, SDP, jailbreak, malicious URIs), and inspection mode and Cloud Logging integration. They’re intentionally minimal rather than complete governance policies.
The examples require pre-existing infrastructure such as a Google Cloud project, folder, or organization. They focus on configuring floor settings rather than provisioning the resource hierarchy.
To keep things focused, common floor setting patterns are omitted, including:
- Integrated services configuration (integratedServices)
- Google MCP Server floor settings (googleMcpServerFloorSetting)
- Filter confidence level tuning beyond examples shown
- Hierarchy conflict resolution (lower levels override higher)
These omissions are intentional: the goal is to illustrate how each floor setting feature is wired, not provide drop-in governance modules. See the Model Armor Floorsetting resource reference for all available configuration options.
Let's configure GCP Model Armor Floor Settings
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Resource Hierarchy & Scope
What happens when multiple floor settings conflict at different hierarchy levels?
Settings lower in the resource hierarchy take precedence. For example, a project-level floor setting overrides folder-level or organization-level settings.
What are the valid values for the parent property?
The
parent can be projects/{project}, folders/{folder}, or organizations/{organizationId}, depending on where you want to apply the floor setting in your resource hierarchy.Configuration & Filters
What's the minimum configuration needed to create a floor setting?
You need three required properties:
parent (resource hierarchy level), location (typically global), and filterConfig (which can be an empty object for basic setup).How do I configure content filters for Model Armor?
Use filterConfig with nested settings:
raiSettingsfor RAI filters with filter types and confidence levelssdpSettingsfor SDP configurationpiAndJailbreakFilterSettingsfor PI and jailbreak detectionmaliciousUriFilterSettingsfor malicious URI detection
What filter types and confidence levels are available?
The examples show
DANGEROUS as a filter type with confidence levels like MEDIUM_AND_ABOVE and HIGH. Each filter can be configured with its own confidence threshold.How do I enable or disable floor setting enforcement?
Set
enableFloorSettingEnforcement to true to enable enforcement or false to disable it. When disabled, the floor setting acts as a guideline rather than a requirement.Immutability & Lifecycle
What properties can't be changed after creating a floor setting?
Both
location and parent are immutable. You’ll need to recreate the floor setting if you need to change either of these values.Integration & Metadata
How do I enable AI Platform cloud logging?
Configure
aiPlatformFloorSetting with enableCloudLogging set to true. You can also set inspectOnly to true for inspection-only mode.How do I configure multi-language detection?
Use
floorSettingMetadata.multiLanguageDetection.enableMultiLanguageDetection and set it to true or false to control multi-language detection behavior.