1. Packages
  2. Auth0
  3. API Docs
  4. AttackProtection
Auth0 v2.24.3 published on Wednesday, Sep 20, 2023 by Pulumi

auth0.AttackProtection

Explore with Pulumi AI

auth0 logo
Auth0 v2.24.3 published on Wednesday, Sep 20, 2023 by Pulumi

    Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHAs.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var myProtection = new Auth0.AttackProtection("myProtection", new()
        {
            BreachedPasswordDetection = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionArgs
            {
                AdminNotificationFrequencies = new[]
                {
                    "daily",
                },
                Enabled = true,
                Method = "standard",
                PreUserRegistration = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs
                {
                    Shields = new[]
                    {
                        "block",
                    },
                },
                Shields = new[]
                {
                    "admin_notification",
                    "block",
                },
            },
            BruteForceProtection = new Auth0.Inputs.AttackProtectionBruteForceProtectionArgs
            {
                Allowlists = new[]
                {
                    "127.0.0.1",
                },
                Enabled = true,
                MaxAttempts = 5,
                Mode = "count_per_identifier_and_ip",
                Shields = new[]
                {
                    "block",
                    "user_notification",
                },
            },
            SuspiciousIpThrottling = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingArgs
            {
                Allowlists = new[]
                {
                    "192.168.1.1",
                },
                Enabled = true,
                PreLogin = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs
                {
                    MaxAttempts = 100,
                    Rate = 864000,
                },
                PreUserRegistration = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs
                {
                    MaxAttempts = 50,
                    Rate = 1200,
                },
                Shields = new[]
                {
                    "admin_notification",
                    "block",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewAttackProtection(ctx, "myProtection", &auth0.AttackProtectionArgs{
    			BreachedPasswordDetection: &auth0.AttackProtectionBreachedPasswordDetectionArgs{
    				AdminNotificationFrequencies: pulumi.StringArray{
    					pulumi.String("daily"),
    				},
    				Enabled: pulumi.Bool(true),
    				Method:  pulumi.String("standard"),
    				PreUserRegistration: &auth0.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs{
    					Shields: pulumi.StringArray{
    						pulumi.String("block"),
    					},
    				},
    				Shields: pulumi.StringArray{
    					pulumi.String("admin_notification"),
    					pulumi.String("block"),
    				},
    			},
    			BruteForceProtection: &auth0.AttackProtectionBruteForceProtectionArgs{
    				Allowlists: pulumi.StringArray{
    					pulumi.String("127.0.0.1"),
    				},
    				Enabled:     pulumi.Bool(true),
    				MaxAttempts: pulumi.Int(5),
    				Mode:        pulumi.String("count_per_identifier_and_ip"),
    				Shields: pulumi.StringArray{
    					pulumi.String("block"),
    					pulumi.String("user_notification"),
    				},
    			},
    			SuspiciousIpThrottling: &auth0.AttackProtectionSuspiciousIpThrottlingArgs{
    				Allowlists: pulumi.StringArray{
    					pulumi.String("192.168.1.1"),
    				},
    				Enabled: pulumi.Bool(true),
    				PreLogin: &auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs{
    					MaxAttempts: pulumi.Int(100),
    					Rate:        pulumi.Int(864000),
    				},
    				PreUserRegistration: &auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{
    					MaxAttempts: pulumi.Int(50),
    					Rate:        pulumi.Int(1200),
    				},
    				Shields: pulumi.StringArray{
    					pulumi.String("admin_notification"),
    					pulumi.String("block"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.AttackProtection;
    import com.pulumi.auth0.AttackProtectionArgs;
    import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionArgs;
    import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs;
    import com.pulumi.auth0.inputs.AttackProtectionBruteForceProtectionArgs;
    import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingArgs;
    import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs;
    import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var myProtection = new AttackProtection("myProtection", AttackProtectionArgs.builder()        
                .breachedPasswordDetection(AttackProtectionBreachedPasswordDetectionArgs.builder()
                    .adminNotificationFrequencies("daily")
                    .enabled(true)
                    .method("standard")
                    .preUserRegistration(AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs.builder()
                        .shields("block")
                        .build())
                    .shields(                
                        "admin_notification",
                        "block")
                    .build())
                .bruteForceProtection(AttackProtectionBruteForceProtectionArgs.builder()
                    .allowlists("127.0.0.1")
                    .enabled(true)
                    .maxAttempts(5)
                    .mode("count_per_identifier_and_ip")
                    .shields(                
                        "block",
                        "user_notification")
                    .build())
                .suspiciousIpThrottling(AttackProtectionSuspiciousIpThrottlingArgs.builder()
                    .allowlists("192.168.1.1")
                    .enabled(true)
                    .preLogin(AttackProtectionSuspiciousIpThrottlingPreLoginArgs.builder()
                        .maxAttempts(100)
                        .rate(864000)
                        .build())
                    .preUserRegistration(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.builder()
                        .maxAttempts(50)
                        .rate(1200)
                        .build())
                    .shields(                
                        "admin_notification",
                        "block")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_auth0 as auth0
    
    my_protection = auth0.AttackProtection("myProtection",
        breached_password_detection=auth0.AttackProtectionBreachedPasswordDetectionArgs(
            admin_notification_frequencies=["daily"],
            enabled=True,
            method="standard",
            pre_user_registration=auth0.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs(
                shields=["block"],
            ),
            shields=[
                "admin_notification",
                "block",
            ],
        ),
        brute_force_protection=auth0.AttackProtectionBruteForceProtectionArgs(
            allowlists=["127.0.0.1"],
            enabled=True,
            max_attempts=5,
            mode="count_per_identifier_and_ip",
            shields=[
                "block",
                "user_notification",
            ],
        ),
        suspicious_ip_throttling=auth0.AttackProtectionSuspiciousIpThrottlingArgs(
            allowlists=["192.168.1.1"],
            enabled=True,
            pre_login=auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs(
                max_attempts=100,
                rate=864000,
            ),
            pre_user_registration=auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs(
                max_attempts=50,
                rate=1200,
            ),
            shields=[
                "admin_notification",
                "block",
            ],
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const myProtection = new auth0.AttackProtection("myProtection", {
        breachedPasswordDetection: {
            adminNotificationFrequencies: ["daily"],
            enabled: true,
            method: "standard",
            preUserRegistration: {
                shields: ["block"],
            },
            shields: [
                "admin_notification",
                "block",
            ],
        },
        bruteForceProtection: {
            allowlists: ["127.0.0.1"],
            enabled: true,
            maxAttempts: 5,
            mode: "count_per_identifier_and_ip",
            shields: [
                "block",
                "user_notification",
            ],
        },
        suspiciousIpThrottling: {
            allowlists: ["192.168.1.1"],
            enabled: true,
            preLogin: {
                maxAttempts: 100,
                rate: 864000,
            },
            preUserRegistration: {
                maxAttempts: 50,
                rate: 1200,
            },
            shields: [
                "admin_notification",
                "block",
            ],
        },
    });
    
    resources:
      myProtection:
        type: auth0:AttackProtection
        properties:
          breachedPasswordDetection:
            adminNotificationFrequencies:
              - daily
            enabled: true
            method: standard
            preUserRegistration:
              shields:
                - block
            shields:
              - admin_notification
              - block
          bruteForceProtection:
            allowlists:
              - 127.0.0.1
            enabled: true
            maxAttempts: 5
            mode: count_per_identifier_and_ip
            shields:
              - block
              - user_notification
          suspiciousIpThrottling:
            allowlists:
              - 192.168.1.1
            enabled: true
            preLogin:
              maxAttempts: 100
              rate: 864000
            preUserRegistration:
              maxAttempts: 50
              rate: 1200
            shields:
              - admin_notification
              - block
    

    Create AttackProtection Resource

    new AttackProtection(name: string, args?: AttackProtectionArgs, opts?: CustomResourceOptions);
    @overload
    def AttackProtection(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         breached_password_detection: Optional[AttackProtectionBreachedPasswordDetectionArgs] = None,
                         brute_force_protection: Optional[AttackProtectionBruteForceProtectionArgs] = None,
                         suspicious_ip_throttling: Optional[AttackProtectionSuspiciousIpThrottlingArgs] = None)
    @overload
    def AttackProtection(resource_name: str,
                         args: Optional[AttackProtectionArgs] = None,
                         opts: Optional[ResourceOptions] = None)
    func NewAttackProtection(ctx *Context, name string, args *AttackProtectionArgs, opts ...ResourceOption) (*AttackProtection, error)
    public AttackProtection(string name, AttackProtectionArgs? args = null, CustomResourceOptions? opts = null)
    public AttackProtection(String name, AttackProtectionArgs args)
    public AttackProtection(String name, AttackProtectionArgs args, CustomResourceOptions options)
    
    type: auth0:AttackProtection
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AttackProtection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AttackProtection resource accepts the following input properties:

    BreachedPasswordDetection AttackProtectionBreachedPasswordDetection

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    BruteForceProtection AttackProtectionBruteForceProtection

    Brute-force protection safeguards against a single IP address attacking a single user account.

    SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottling

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    BruteForceProtection AttackProtectionBruteForceProtectionArgs

    Brute-force protection safeguards against a single IP address attacking a single user account.

    SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    breachedPasswordDetection AttackProtectionBreachedPasswordDetection

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    bruteForceProtection AttackProtectionBruteForceProtection

    Brute-force protection safeguards against a single IP address attacking a single user account.

    suspiciousIpThrottling AttackProtectionSuspiciousIpThrottling

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    breachedPasswordDetection AttackProtectionBreachedPasswordDetection

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    bruteForceProtection AttackProtectionBruteForceProtection

    Brute-force protection safeguards against a single IP address attacking a single user account.

    suspiciousIpThrottling AttackProtectionSuspiciousIpThrottling

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    breached_password_detection AttackProtectionBreachedPasswordDetectionArgs

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    brute_force_protection AttackProtectionBruteForceProtectionArgs

    Brute-force protection safeguards against a single IP address attacking a single user account.

    suspicious_ip_throttling AttackProtectionSuspiciousIpThrottlingArgs

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    breachedPasswordDetection Property Map

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    bruteForceProtection Property Map

    Brute-force protection safeguards against a single IP address attacking a single user account.

    suspiciousIpThrottling Property Map

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AttackProtection resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing AttackProtection Resource

    Get an existing AttackProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AttackProtectionState, opts?: CustomResourceOptions): AttackProtection
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            breached_password_detection: Optional[AttackProtectionBreachedPasswordDetectionArgs] = None,
            brute_force_protection: Optional[AttackProtectionBruteForceProtectionArgs] = None,
            suspicious_ip_throttling: Optional[AttackProtectionSuspiciousIpThrottlingArgs] = None) -> AttackProtection
    func GetAttackProtection(ctx *Context, name string, id IDInput, state *AttackProtectionState, opts ...ResourceOption) (*AttackProtection, error)
    public static AttackProtection Get(string name, Input<string> id, AttackProtectionState? state, CustomResourceOptions? opts = null)
    public static AttackProtection get(String name, Output<String> id, AttackProtectionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    BreachedPasswordDetection AttackProtectionBreachedPasswordDetection

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    BruteForceProtection AttackProtectionBruteForceProtection

    Brute-force protection safeguards against a single IP address attacking a single user account.

    SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottling

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    BruteForceProtection AttackProtectionBruteForceProtectionArgs

    Brute-force protection safeguards against a single IP address attacking a single user account.

    SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    breachedPasswordDetection AttackProtectionBreachedPasswordDetection

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    bruteForceProtection AttackProtectionBruteForceProtection

    Brute-force protection safeguards against a single IP address attacking a single user account.

    suspiciousIpThrottling AttackProtectionSuspiciousIpThrottling

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    breachedPasswordDetection AttackProtectionBreachedPasswordDetection

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    bruteForceProtection AttackProtectionBruteForceProtection

    Brute-force protection safeguards against a single IP address attacking a single user account.

    suspiciousIpThrottling AttackProtectionSuspiciousIpThrottling

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    breached_password_detection AttackProtectionBreachedPasswordDetectionArgs

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    brute_force_protection AttackProtectionBruteForceProtectionArgs

    Brute-force protection safeguards against a single IP address attacking a single user account.

    suspicious_ip_throttling AttackProtectionSuspiciousIpThrottlingArgs

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    breachedPasswordDetection Property Map

    Breached password detection protects your applications from bad actors logging in with stolen credentials.

    bruteForceProtection Property Map

    Brute-force protection safeguards against a single IP address attacking a single user account.

    suspiciousIpThrottling Property Map

    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    Supporting Types

    AttackProtectionBreachedPasswordDetection, AttackProtectionBreachedPasswordDetectionArgs

    AdminNotificationFrequencies List<string>

    When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

    Enabled bool

    Whether breached password detection is active.

    Method string

    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

    PreUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    Shields List<string>

    Action to take when a breached password is detected.

    AdminNotificationFrequencies []string

    When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

    Enabled bool

    Whether breached password detection is active.

    Method string

    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

    PreUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    Shields []string

    Action to take when a breached password is detected.

    adminNotificationFrequencies List<String>

    When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

    enabled Boolean

    Whether breached password detection is active.

    method String

    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

    preUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    shields List<String>

    Action to take when a breached password is detected.

    adminNotificationFrequencies string[]

    When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

    enabled boolean

    Whether breached password detection is active.

    method string

    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

    preUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    shields string[]

    Action to take when a breached password is detected.

    admin_notification_frequencies Sequence[str]

    When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

    enabled bool

    Whether breached password detection is active.

    method str

    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

    pre_user_registration AttackProtectionBreachedPasswordDetectionPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    shields Sequence[str]

    Action to take when a breached password is detected.

    adminNotificationFrequencies List<String>

    When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

    enabled Boolean

    Whether breached password detection is active.

    method String

    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

    preUserRegistration Property Map

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    shields List<String>

    Action to take when a breached password is detected.

    AttackProtectionBreachedPasswordDetectionPreUserRegistration, AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs

    Shields List<string>
    Shields []string
    shields List<String>
    shields string[]
    shields Sequence[str]
    shields List<String>

    AttackProtectionBruteForceProtection, AttackProtectionBruteForceProtectionArgs

    Allowlists List<string>

    List of trusted IP addresses that will not have attack protection enforced against them.

    Enabled bool

    Whether brute force attack protections are active.

    MaxAttempts int

    Maximum number of unsuccessful attempts. Only available on public tenants.

    Mode string

    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

    Shields List<string>

    Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

    Allowlists []string

    List of trusted IP addresses that will not have attack protection enforced against them.

    Enabled bool

    Whether brute force attack protections are active.

    MaxAttempts int

    Maximum number of unsuccessful attempts. Only available on public tenants.

    Mode string

    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

    Shields []string

    Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

    allowlists List<String>

    List of trusted IP addresses that will not have attack protection enforced against them.

    enabled Boolean

    Whether brute force attack protections are active.

    maxAttempts Integer

    Maximum number of unsuccessful attempts. Only available on public tenants.

    mode String

    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

    shields List<String>

    Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

    allowlists string[]

    List of trusted IP addresses that will not have attack protection enforced against them.

    enabled boolean

    Whether brute force attack protections are active.

    maxAttempts number

    Maximum number of unsuccessful attempts. Only available on public tenants.

    mode string

    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

    shields string[]

    Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

    allowlists Sequence[str]

    List of trusted IP addresses that will not have attack protection enforced against them.

    enabled bool

    Whether brute force attack protections are active.

    max_attempts int

    Maximum number of unsuccessful attempts. Only available on public tenants.

    mode str

    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

    shields Sequence[str]

    Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

    allowlists List<String>

    List of trusted IP addresses that will not have attack protection enforced against them.

    enabled Boolean

    Whether brute force attack protections are active.

    maxAttempts Number

    Maximum number of unsuccessful attempts. Only available on public tenants.

    mode String

    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

    shields List<String>

    Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

    AttackProtectionSuspiciousIpThrottling, AttackProtectionSuspiciousIpThrottlingArgs

    Allowlists List<string>

    List of trusted IP addresses that will not have attack protection enforced against them.

    Enabled bool

    Whether suspicious IP throttling attack protections are active.

    PreLogin AttackProtectionSuspiciousIpThrottlingPreLogin

    Configuration options that apply before every login attempt. Only available on public tenants.

    PreUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    Shields List<string>

    Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

    Allowlists []string

    List of trusted IP addresses that will not have attack protection enforced against them.

    Enabled bool

    Whether suspicious IP throttling attack protections are active.

    PreLogin AttackProtectionSuspiciousIpThrottlingPreLogin

    Configuration options that apply before every login attempt. Only available on public tenants.

    PreUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    Shields []string

    Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

    allowlists List<String>

    List of trusted IP addresses that will not have attack protection enforced against them.

    enabled Boolean

    Whether suspicious IP throttling attack protections are active.

    preLogin AttackProtectionSuspiciousIpThrottlingPreLogin

    Configuration options that apply before every login attempt. Only available on public tenants.

    preUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    shields List<String>

    Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

    allowlists string[]

    List of trusted IP addresses that will not have attack protection enforced against them.

    enabled boolean

    Whether suspicious IP throttling attack protections are active.

    preLogin AttackProtectionSuspiciousIpThrottlingPreLogin

    Configuration options that apply before every login attempt. Only available on public tenants.

    preUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    shields string[]

    Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

    allowlists Sequence[str]

    List of trusted IP addresses that will not have attack protection enforced against them.

    enabled bool

    Whether suspicious IP throttling attack protections are active.

    pre_login AttackProtectionSuspiciousIpThrottlingPreLogin

    Configuration options that apply before every login attempt. Only available on public tenants.

    pre_user_registration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    shields Sequence[str]

    Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

    allowlists List<String>

    List of trusted IP addresses that will not have attack protection enforced against them.

    enabled Boolean

    Whether suspicious IP throttling attack protections are active.

    preLogin Property Map

    Configuration options that apply before every login attempt. Only available on public tenants.

    preUserRegistration Property Map

    Configuration options that apply before every user registration attempt. Only available on public tenants.

    shields List<String>

    Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

    AttackProtectionSuspiciousIpThrottlingPreLogin, AttackProtectionSuspiciousIpThrottlingPreLoginArgs

    maxAttempts Integer
    rate Integer
    maxAttempts number
    rate number
    maxAttempts Number
    rate Number

    AttackProtectionSuspiciousIpThrottlingPreUserRegistration, AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs

    maxAttempts Integer
    rate Integer
    maxAttempts number
    rate number
    maxAttempts Number
    rate Number

    Import

    As this is not a resource identifiable by an ID within the Auth0 Management API, attack_protection can be imported using a random string. # We recommend Version 4 UUID # Example

     $ pulumi import auth0:index/attackProtection:AttackProtection my_protection 24940d4b-4bd4-44e7-894e-f92e4de36a40
    

    Package Details

    Repository
    Auth0 pulumi/pulumi-auth0
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the auth0 Terraform Provider.

    auth0 logo
    Auth0 v2.24.3 published on Wednesday, Sep 20, 2023 by Pulumi