auth0 logo
Auth0 v2.18.0, Mar 20 23

auth0.AttackProtection

Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHAs.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var myProtection = new Auth0.AttackProtection("myProtection", new()
    {
        BreachedPasswordDetection = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionArgs
        {
            AdminNotificationFrequencies = new[]
            {
                "daily",
            },
            Enabled = true,
            Method = "standard",
            PreUserRegistration = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs
            {
                Shields = new[]
                {
                    "block",
                },
            },
            Shields = new[]
            {
                "admin_notification",
                "block",
            },
        },
        BruteForceProtection = new Auth0.Inputs.AttackProtectionBruteForceProtectionArgs
        {
            Allowlists = new[]
            {
                "127.0.0.1",
            },
            Enabled = true,
            MaxAttempts = 5,
            Mode = "count_per_identifier_and_ip",
            Shields = new[]
            {
                "block",
                "user_notification",
            },
        },
        SuspiciousIpThrottling = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingArgs
        {
            Allowlists = new[]
            {
                "192.168.1.1",
            },
            Enabled = true,
            PreLogin = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs
            {
                MaxAttempts = 100,
                Rate = 864000,
            },
            PreUserRegistration = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs
            {
                MaxAttempts = 50,
                Rate = 1200,
            },
            Shields = new[]
            {
                "admin_notification",
                "block",
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewAttackProtection(ctx, "myProtection", &auth0.AttackProtectionArgs{
			BreachedPasswordDetection: &auth0.AttackProtectionBreachedPasswordDetectionArgs{
				AdminNotificationFrequencies: pulumi.StringArray{
					pulumi.String("daily"),
				},
				Enabled: pulumi.Bool(true),
				Method:  pulumi.String("standard"),
				PreUserRegistration: &auth0.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs{
					Shields: pulumi.StringArray{
						pulumi.String("block"),
					},
				},
				Shields: pulumi.StringArray{
					pulumi.String("admin_notification"),
					pulumi.String("block"),
				},
			},
			BruteForceProtection: &auth0.AttackProtectionBruteForceProtectionArgs{
				Allowlists: pulumi.StringArray{
					pulumi.String("127.0.0.1"),
				},
				Enabled:     pulumi.Bool(true),
				MaxAttempts: pulumi.Int(5),
				Mode:        pulumi.String("count_per_identifier_and_ip"),
				Shields: pulumi.StringArray{
					pulumi.String("block"),
					pulumi.String("user_notification"),
				},
			},
			SuspiciousIpThrottling: &auth0.AttackProtectionSuspiciousIpThrottlingArgs{
				Allowlists: pulumi.StringArray{
					pulumi.String("192.168.1.1"),
				},
				Enabled: pulumi.Bool(true),
				PreLogin: &auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs{
					MaxAttempts: pulumi.Int(100),
					Rate:        pulumi.Int(864000),
				},
				PreUserRegistration: &auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{
					MaxAttempts: pulumi.Int(50),
					Rate:        pulumi.Int(1200),
				},
				Shields: pulumi.StringArray{
					pulumi.String("admin_notification"),
					pulumi.String("block"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.AttackProtection;
import com.pulumi.auth0.AttackProtectionArgs;
import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionArgs;
import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs;
import com.pulumi.auth0.inputs.AttackProtectionBruteForceProtectionArgs;
import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingArgs;
import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs;
import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myProtection = new AttackProtection("myProtection", AttackProtectionArgs.builder()        
            .breachedPasswordDetection(AttackProtectionBreachedPasswordDetectionArgs.builder()
                .adminNotificationFrequencies("daily")
                .enabled(true)
                .method("standard")
                .preUserRegistration(AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs.builder()
                    .shields("block")
                    .build())
                .shields(                
                    "admin_notification",
                    "block")
                .build())
            .bruteForceProtection(AttackProtectionBruteForceProtectionArgs.builder()
                .allowlists("127.0.0.1")
                .enabled(true)
                .maxAttempts(5)
                .mode("count_per_identifier_and_ip")
                .shields(                
                    "block",
                    "user_notification")
                .build())
            .suspiciousIpThrottling(AttackProtectionSuspiciousIpThrottlingArgs.builder()
                .allowlists("192.168.1.1")
                .enabled(true)
                .preLogin(AttackProtectionSuspiciousIpThrottlingPreLoginArgs.builder()
                    .maxAttempts(100)
                    .rate(864000)
                    .build())
                .preUserRegistration(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.builder()
                    .maxAttempts(50)
                    .rate(1200)
                    .build())
                .shields(                
                    "admin_notification",
                    "block")
                .build())
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

my_protection = auth0.AttackProtection("myProtection",
    breached_password_detection=auth0.AttackProtectionBreachedPasswordDetectionArgs(
        admin_notification_frequencies=["daily"],
        enabled=True,
        method="standard",
        pre_user_registration=auth0.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs(
            shields=["block"],
        ),
        shields=[
            "admin_notification",
            "block",
        ],
    ),
    brute_force_protection=auth0.AttackProtectionBruteForceProtectionArgs(
        allowlists=["127.0.0.1"],
        enabled=True,
        max_attempts=5,
        mode="count_per_identifier_and_ip",
        shields=[
            "block",
            "user_notification",
        ],
    ),
    suspicious_ip_throttling=auth0.AttackProtectionSuspiciousIpThrottlingArgs(
        allowlists=["192.168.1.1"],
        enabled=True,
        pre_login=auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs(
            max_attempts=100,
            rate=864000,
        ),
        pre_user_registration=auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs(
            max_attempts=50,
            rate=1200,
        ),
        shields=[
            "admin_notification",
            "block",
        ],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myProtection = new auth0.AttackProtection("myProtection", {
    breachedPasswordDetection: {
        adminNotificationFrequencies: ["daily"],
        enabled: true,
        method: "standard",
        preUserRegistration: {
            shields: ["block"],
        },
        shields: [
            "admin_notification",
            "block",
        ],
    },
    bruteForceProtection: {
        allowlists: ["127.0.0.1"],
        enabled: true,
        maxAttempts: 5,
        mode: "count_per_identifier_and_ip",
        shields: [
            "block",
            "user_notification",
        ],
    },
    suspiciousIpThrottling: {
        allowlists: ["192.168.1.1"],
        enabled: true,
        preLogin: {
            maxAttempts: 100,
            rate: 864000,
        },
        preUserRegistration: {
            maxAttempts: 50,
            rate: 1200,
        },
        shields: [
            "admin_notification",
            "block",
        ],
    },
});
resources:
  myProtection:
    type: auth0:AttackProtection
    properties:
      breachedPasswordDetection:
        adminNotificationFrequencies:
          - daily
        enabled: true
        method: standard
        preUserRegistration:
          shields:
            - block
        shields:
          - admin_notification
          - block
      bruteForceProtection:
        allowlists:
          - 127.0.0.1
        enabled: true
        maxAttempts: 5
        mode: count_per_identifier_and_ip
        shields:
          - block
          - user_notification
      suspiciousIpThrottling:
        allowlists:
          - 192.168.1.1
        enabled: true
        preLogin:
          maxAttempts: 100
          rate: 864000
        preUserRegistration:
          maxAttempts: 50
          rate: 1200
        shields:
          - admin_notification
          - block

Create AttackProtection Resource

new AttackProtection(name: string, args?: AttackProtectionArgs, opts?: CustomResourceOptions);
@overload
def AttackProtection(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     breached_password_detection: Optional[AttackProtectionBreachedPasswordDetectionArgs] = None,
                     brute_force_protection: Optional[AttackProtectionBruteForceProtectionArgs] = None,
                     suspicious_ip_throttling: Optional[AttackProtectionSuspiciousIpThrottlingArgs] = None)
@overload
def AttackProtection(resource_name: str,
                     args: Optional[AttackProtectionArgs] = None,
                     opts: Optional[ResourceOptions] = None)
func NewAttackProtection(ctx *Context, name string, args *AttackProtectionArgs, opts ...ResourceOption) (*AttackProtection, error)
public AttackProtection(string name, AttackProtectionArgs? args = null, CustomResourceOptions? opts = null)
public AttackProtection(String name, AttackProtectionArgs args)
public AttackProtection(String name, AttackProtectionArgs args, CustomResourceOptions options)
type: auth0:AttackProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AttackProtectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AttackProtectionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AttackProtectionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AttackProtectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AttackProtectionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AttackProtection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AttackProtection resource accepts the following input properties:

BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

BruteForceProtection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

BruteForceProtection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

breachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

bruteForceProtection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

suspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

breachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

bruteForceProtection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

suspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

breached_password_detection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

brute_force_protection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

suspicious_ip_throttling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

breachedPasswordDetection Property Map

Breached password detection protects your applications from bad actors logging in with stolen credentials.

bruteForceProtection Property Map

Brute-force protection safeguards against a single IP address attacking a single user account.

suspiciousIpThrottling Property Map

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

Outputs

All input properties are implicitly available as output properties. Additionally, the AttackProtection resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing AttackProtection Resource

Get an existing AttackProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AttackProtectionState, opts?: CustomResourceOptions): AttackProtection
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        breached_password_detection: Optional[AttackProtectionBreachedPasswordDetectionArgs] = None,
        brute_force_protection: Optional[AttackProtectionBruteForceProtectionArgs] = None,
        suspicious_ip_throttling: Optional[AttackProtectionSuspiciousIpThrottlingArgs] = None) -> AttackProtection
func GetAttackProtection(ctx *Context, name string, id IDInput, state *AttackProtectionState, opts ...ResourceOption) (*AttackProtection, error)
public static AttackProtection Get(string name, Input<string> id, AttackProtectionState? state, CustomResourceOptions? opts = null)
public static AttackProtection get(String name, Output<String> id, AttackProtectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

BruteForceProtection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

BruteForceProtection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

breachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

bruteForceProtection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

suspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

breachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

bruteForceProtection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

suspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

breached_password_detection AttackProtectionBreachedPasswordDetectionArgs

Breached password detection protects your applications from bad actors logging in with stolen credentials.

brute_force_protection AttackProtectionBruteForceProtectionArgs

Brute-force protection safeguards against a single IP address attacking a single user account.

suspicious_ip_throttling AttackProtectionSuspiciousIpThrottlingArgs

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

breachedPasswordDetection Property Map

Breached password detection protects your applications from bad actors logging in with stolen credentials.

bruteForceProtection Property Map

Brute-force protection safeguards against a single IP address attacking a single user account.

suspiciousIpThrottling Property Map

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

Supporting Types

AttackProtectionBreachedPasswordDetection

AdminNotificationFrequencies List<string>

When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

Enabled bool

Whether breached password detection is active.

Method string

The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

PreUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

Shields List<string>

Action to take when a breached password is detected.

AdminNotificationFrequencies []string

When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

Enabled bool

Whether breached password detection is active.

Method string

The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

PreUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

Shields []string

Action to take when a breached password is detected.

adminNotificationFrequencies List<String>

When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

enabled Boolean

Whether breached password detection is active.

method String

The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

preUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

shields List<String>

Action to take when a breached password is detected.

adminNotificationFrequencies string[]

When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

enabled boolean

Whether breached password detection is active.

method string

The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

preUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

shields string[]

Action to take when a breached password is detected.

admin_notification_frequencies Sequence[str]

When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

enabled bool

Whether breached password detection is active.

method str

The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

pre_user_registration AttackProtectionBreachedPasswordDetectionPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

shields Sequence[str]

Action to take when a breached password is detected.

adminNotificationFrequencies List<String>

When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.

enabled Boolean

Whether breached password detection is active.

method String

The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.

preUserRegistration Property Map

Configuration options that apply before every user registration attempt. Only available on public tenants.

shields List<String>

Action to take when a breached password is detected.

AttackProtectionBreachedPasswordDetectionPreUserRegistration

Shields List<string>
Shields []string
shields List<String>
shields string[]
shields Sequence[str]
shields List<String>

AttackProtectionBruteForceProtection

Allowlists List<string>

List of trusted IP addresses that will not have attack protection enforced against them.

Enabled bool

Whether brute force attack protections are active.

MaxAttempts int

Maximum number of unsuccessful attempts. Only available on public tenants.

Mode string

Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

Shields List<string>

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

Allowlists []string

List of trusted IP addresses that will not have attack protection enforced against them.

Enabled bool

Whether brute force attack protections are active.

MaxAttempts int

Maximum number of unsuccessful attempts. Only available on public tenants.

Mode string

Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

Shields []string

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

allowlists List<String>

List of trusted IP addresses that will not have attack protection enforced against them.

enabled Boolean

Whether brute force attack protections are active.

maxAttempts Integer

Maximum number of unsuccessful attempts. Only available on public tenants.

mode String

Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

shields List<String>

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

allowlists string[]

List of trusted IP addresses that will not have attack protection enforced against them.

enabled boolean

Whether brute force attack protections are active.

maxAttempts number

Maximum number of unsuccessful attempts. Only available on public tenants.

mode string

Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

shields string[]

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

allowlists Sequence[str]

List of trusted IP addresses that will not have attack protection enforced against them.

enabled bool

Whether brute force attack protections are active.

max_attempts int

Maximum number of unsuccessful attempts. Only available on public tenants.

mode str

Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

shields Sequence[str]

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

allowlists List<String>

List of trusted IP addresses that will not have attack protection enforced against them.

enabled Boolean

Whether brute force attack protections are active.

maxAttempts Number

Maximum number of unsuccessful attempts. Only available on public tenants.

mode String

Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip or count_per_identifier.

shields List<String>

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification

AttackProtectionSuspiciousIpThrottling

Allowlists List<string>

List of trusted IP addresses that will not have attack protection enforced against them.

Enabled bool

Whether suspicious IP throttling attack protections are active.

PreLogin AttackProtectionSuspiciousIpThrottlingPreLogin

Configuration options that apply before every login attempt. Only available on public tenants.

PreUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

Shields List<string>

Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

Allowlists []string

List of trusted IP addresses that will not have attack protection enforced against them.

Enabled bool

Whether suspicious IP throttling attack protections are active.

PreLogin AttackProtectionSuspiciousIpThrottlingPreLogin

Configuration options that apply before every login attempt. Only available on public tenants.

PreUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

Shields []string

Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

allowlists List<String>

List of trusted IP addresses that will not have attack protection enforced against them.

enabled Boolean

Whether suspicious IP throttling attack protections are active.

preLogin AttackProtectionSuspiciousIpThrottlingPreLogin

Configuration options that apply before every login attempt. Only available on public tenants.

preUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

shields List<String>

Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

allowlists string[]

List of trusted IP addresses that will not have attack protection enforced against them.

enabled boolean

Whether suspicious IP throttling attack protections are active.

preLogin AttackProtectionSuspiciousIpThrottlingPreLogin

Configuration options that apply before every login attempt. Only available on public tenants.

preUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

shields string[]

Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

allowlists Sequence[str]

List of trusted IP addresses that will not have attack protection enforced against them.

enabled bool

Whether suspicious IP throttling attack protections are active.

pre_login AttackProtectionSuspiciousIpThrottlingPreLogin

Configuration options that apply before every login attempt. Only available on public tenants.

pre_user_registration AttackProtectionSuspiciousIpThrottlingPreUserRegistration

Configuration options that apply before every user registration attempt. Only available on public tenants.

shields Sequence[str]

Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

allowlists List<String>

List of trusted IP addresses that will not have attack protection enforced against them.

enabled Boolean

Whether suspicious IP throttling attack protections are active.

preLogin Property Map

Configuration options that apply before every login attempt. Only available on public tenants.

preUserRegistration Property Map

Configuration options that apply before every user registration attempt. Only available on public tenants.

shields List<String>

Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification

AttackProtectionSuspiciousIpThrottlingPreLogin

maxAttempts Integer
rate Integer
maxAttempts number
rate number
maxAttempts Number
rate Number

AttackProtectionSuspiciousIpThrottlingPreUserRegistration

maxAttempts Integer
rate Integer
maxAttempts number
rate number
maxAttempts Number
rate Number

Import

As this is not a resource identifiable by an ID within the Auth0 Management API, attack_protection can be imported using a random string. # We recommend Version 4 UUID # Example

 $ pulumi import auth0:index/attackProtection:AttackProtection my_protection 24940d4b-4bd4-44e7-894e-f92e4de36a40

Package Details

Repository
Auth0 pulumi/pulumi-auth0
License
Apache-2.0
Notes

This Pulumi package is based on the auth0 Terraform Provider.