Google Cloud v8.40.0, Aug 11 25

Google Cloud v8.40.0 published on Monday, Aug 11, 2025 by Pulumi

gcp.apigee.SecurityAction

Explore with Pulumi AI

Google Cloud v8.40.0 published on Monday, Aug 11, 2025 by Pulumi

pulumi/pulumi-gcp

Example Usage

Apigee Security Action Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const current = gcp.organizations.getClientConfig({});
const apigeeNetwork = new gcp.compute.Network("apigee_network", {name: "my-network"});
const apigeeRange = new gcp.compute.GlobalAddress("apigee_range", {
    name: "my-address",
    purpose: "VPC_PEERING",
    addressType: "INTERNAL",
    prefixLength: 16,
    network: apigeeNetwork.id,
});
const apigeeVpcConnection = new gcp.servicenetworking.Connection("apigee_vpc_connection", {
    network: apigeeNetwork.id,
    service: "servicenetworking.googleapis.com",
    reservedPeeringRanges: [apigeeRange.name],
});
const apigeeOrg = new gcp.apigee.Organization("apigee_org", {
    analyticsRegion: "us-central1",
    projectId: current.then(current => current.project),
    authorizedNetwork: apigeeNetwork.id,
}, {
    dependsOn: [apigeeVpcConnection],
});
const env = new gcp.apigee.Environment("env", {
    name: "my-environment",
    description: "Apigee Environment",
    displayName: "environment-1",
    orgId: apigeeOrg.id,
});
const apigeeOrgSecurityAddonsConfig = new gcp.apigee.AddonsConfig("apigee_org_security_addons_config", {
    org: apigeeOrg.name,
    addonsConfig: {
        apiSecurityConfig: {
            enabled: true,
        },
    },
});
const apigeeSecurityAction = new gcp.apigee.SecurityAction("apigee_security_action", {
    securityActionId: "my-security-action",
    orgId: apigeeOrg.name,
    envId: env.name,
    description: "Apigee Security Action",
    state: "ENABLED",
    conditionConfig: {
        ipAddressRanges: [
            "100.0.220.1",
            "200.0.0.1",
        ],
        botReasons: [
            "Flooder",
            "Public Cloud Azure",
            "Public Cloud AWS",
        ],
    },
    allow: {},
    expireTime: "2025-12-31T23:59:59Z",
}, {
    dependsOn: [apigeeOrgSecurityAddonsConfig],
});

import pulumi
import pulumi_gcp as gcp

current = gcp.organizations.get_client_config()
apigee_network = gcp.compute.Network("apigee_network", name="my-network")
apigee_range = gcp.compute.GlobalAddress("apigee_range",
    name="my-address",
    purpose="VPC_PEERING",
    address_type="INTERNAL",
    prefix_length=16,
    network=apigee_network.id)
apigee_vpc_connection = gcp.servicenetworking.Connection("apigee_vpc_connection",
    network=apigee_network.id,
    service="servicenetworking.googleapis.com",
    reserved_peering_ranges=[apigee_range.name])
apigee_org = gcp.apigee.Organization("apigee_org",
    analytics_region="us-central1",
    project_id=current.project,
    authorized_network=apigee_network.id,
    opts = pulumi.ResourceOptions(depends_on=[apigee_vpc_connection]))
env = gcp.apigee.Environment("env",
    name="my-environment",
    description="Apigee Environment",
    display_name="environment-1",
    org_id=apigee_org.id)
apigee_org_security_addons_config = gcp.apigee.AddonsConfig("apigee_org_security_addons_config",
    org=apigee_org.name,
    addons_config={
        "api_security_config": {
            "enabled": True,
        },
    })
apigee_security_action = gcp.apigee.SecurityAction("apigee_security_action",
    security_action_id="my-security-action",
    org_id=apigee_org.name,
    env_id=env.name,
    description="Apigee Security Action",
    state="ENABLED",
    condition_config={
        "ip_address_ranges": [
            "100.0.220.1",
            "200.0.0.1",
        ],
        "bot_reasons": [
            "Flooder",
            "Public Cloud Azure",
            "Public Cloud AWS",
        ],
    },
    allow={},
    expire_time="2025-12-31T23:59:59Z",
    opts = pulumi.ResourceOptions(depends_on=[apigee_org_security_addons_config]))

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/apigee"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/servicenetworking"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := organizations.GetClientConfig(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		apigeeNetwork, err := compute.NewNetwork(ctx, "apigee_network", &compute.NetworkArgs{
			Name: pulumi.String("my-network"),
		})
		if err != nil {
			return err
		}
		apigeeRange, err := compute.NewGlobalAddress(ctx, "apigee_range", &compute.GlobalAddressArgs{
			Name:         pulumi.String("my-address"),
			Purpose:      pulumi.String("VPC_PEERING"),
			AddressType:  pulumi.String("INTERNAL"),
			PrefixLength: pulumi.Int(16),
			Network:      apigeeNetwork.ID(),
		})
		if err != nil {
			return err
		}
		apigeeVpcConnection, err := servicenetworking.NewConnection(ctx, "apigee_vpc_connection", &servicenetworking.ConnectionArgs{
			Network: apigeeNetwork.ID(),
			Service: pulumi.String("servicenetworking.googleapis.com"),
			ReservedPeeringRanges: pulumi.StringArray{
				apigeeRange.Name,
			},
		})
		if err != nil {
			return err
		}
		apigeeOrg, err := apigee.NewOrganization(ctx, "apigee_org", &apigee.OrganizationArgs{
			AnalyticsRegion:   pulumi.String("us-central1"),
			ProjectId:         pulumi.String(current.Project),
			AuthorizedNetwork: apigeeNetwork.ID(),
		}, pulumi.DependsOn([]pulumi.Resource{
			apigeeVpcConnection,
		}))
		if err != nil {
			return err
		}
		env, err := apigee.NewEnvironment(ctx, "env", &apigee.EnvironmentArgs{
			Name:        pulumi.String("my-environment"),
			Description: pulumi.String("Apigee Environment"),
			DisplayName: pulumi.String("environment-1"),
			OrgId:       apigeeOrg.ID(),
		})
		if err != nil {
			return err
		}
		apigeeOrgSecurityAddonsConfig, err := apigee.NewAddonsConfig(ctx, "apigee_org_security_addons_config", &apigee.AddonsConfigArgs{
			Org: apigeeOrg.Name,
			AddonsConfig: &apigee.AddonsConfigAddonsConfigArgs{
				ApiSecurityConfig: &apigee.AddonsConfigAddonsConfigApiSecurityConfigArgs{
					Enabled: pulumi.Bool(true),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = apigee.NewSecurityAction(ctx, "apigee_security_action", &apigee.SecurityActionArgs{
			SecurityActionId: pulumi.String("my-security-action"),
			OrgId:            apigeeOrg.Name,
			EnvId:            env.Name,
			Description:      pulumi.String("Apigee Security Action"),
			State:            pulumi.String("ENABLED"),
			ConditionConfig: &apigee.SecurityActionConditionConfigArgs{
				IpAddressRanges: pulumi.StringArray{
					pulumi.String("100.0.220.1"),
					pulumi.String("200.0.0.1"),
				},
				BotReasons: pulumi.StringArray{
					pulumi.String("Flooder"),
					pulumi.String("Public Cloud Azure"),
					pulumi.String("Public Cloud AWS"),
				},
			},
			Allow:      &apigee.SecurityActionAllowArgs{},
			ExpireTime: pulumi.String("2025-12-31T23:59:59Z"),
		}, pulumi.DependsOn([]pulumi.Resource{
			apigeeOrgSecurityAddonsConfig,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var current = Gcp.Organizations.GetClientConfig.Invoke();

    var apigeeNetwork = new Gcp.Compute.Network("apigee_network", new()
    {
        Name = "my-network",
    });

    var apigeeRange = new Gcp.Compute.GlobalAddress("apigee_range", new()
    {
        Name = "my-address",
        Purpose = "VPC_PEERING",
        AddressType = "INTERNAL",
        PrefixLength = 16,
        Network = apigeeNetwork.Id,
    });

    var apigeeVpcConnection = new Gcp.ServiceNetworking.Connection("apigee_vpc_connection", new()
    {
        Network = apigeeNetwork.Id,
        Service = "servicenetworking.googleapis.com",
        ReservedPeeringRanges = new[]
        {
            apigeeRange.Name,
        },
    });

    var apigeeOrg = new Gcp.Apigee.Organization("apigee_org", new()
    {
        AnalyticsRegion = "us-central1",
        ProjectId = current.Apply(getClientConfigResult => getClientConfigResult.Project),
        AuthorizedNetwork = apigeeNetwork.Id,
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            apigeeVpcConnection,
        },
    });

    var env = new Gcp.Apigee.Environment("env", new()
    {
        Name = "my-environment",
        Description = "Apigee Environment",
        DisplayName = "environment-1",
        OrgId = apigeeOrg.Id,
    });

    var apigeeOrgSecurityAddonsConfig = new Gcp.Apigee.AddonsConfig("apigee_org_security_addons_config", new()
    {
        Org = apigeeOrg.Name,
        AddonsConfigDetails = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigArgs
        {
            ApiSecurityConfig = new Gcp.Apigee.Inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs
            {
                Enabled = true,
            },
        },
    });

    var apigeeSecurityAction = new Gcp.Apigee.SecurityAction("apigee_security_action", new()
    {
        SecurityActionId = "my-security-action",
        OrgId = apigeeOrg.Name,
        EnvId = env.Name,
        Description = "Apigee Security Action",
        State = "ENABLED",
        ConditionConfig = new Gcp.Apigee.Inputs.SecurityActionConditionConfigArgs
        {
            IpAddressRanges = new[]
            {
                "100.0.220.1",
                "200.0.0.1",
            },
            BotReasons = new[]
            {
                "Flooder",
                "Public Cloud Azure",
                "Public Cloud AWS",
            },
        },
        Allow = null,
        ExpireTime = "2025-12-31T23:59:59Z",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            apigeeOrgSecurityAddonsConfig,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.servicenetworking.Connection;
import com.pulumi.gcp.servicenetworking.ConnectionArgs;
import com.pulumi.gcp.apigee.Organization;
import com.pulumi.gcp.apigee.OrganizationArgs;
import com.pulumi.gcp.apigee.Environment;
import com.pulumi.gcp.apigee.EnvironmentArgs;
import com.pulumi.gcp.apigee.AddonsConfig;
import com.pulumi.gcp.apigee.AddonsConfigArgs;
import com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigArgs;
import com.pulumi.gcp.apigee.inputs.AddonsConfigAddonsConfigApiSecurityConfigArgs;
import com.pulumi.gcp.apigee.SecurityAction;
import com.pulumi.gcp.apigee.SecurityActionArgs;
import com.pulumi.gcp.apigee.inputs.SecurityActionConditionConfigArgs;
import com.pulumi.gcp.apigee.inputs.SecurityActionAllowArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = OrganizationsFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);

        var apigeeNetwork = new Network("apigeeNetwork", NetworkArgs.builder()
            .name("my-network")
            .build());

        var apigeeRange = new GlobalAddress("apigeeRange", GlobalAddressArgs.builder()
            .name("my-address")
            .purpose("VPC_PEERING")
            .addressType("INTERNAL")
            .prefixLength(16)
            .network(apigeeNetwork.id())
            .build());

        var apigeeVpcConnection = new Connection("apigeeVpcConnection", ConnectionArgs.builder()
            .network(apigeeNetwork.id())
            .service("servicenetworking.googleapis.com")
            .reservedPeeringRanges(apigeeRange.name())
            .build());

        var apigeeOrg = new Organization("apigeeOrg", OrganizationArgs.builder()
            .analyticsRegion("us-central1")
            .projectId(current.project())
            .authorizedNetwork(apigeeNetwork.id())
            .build(), CustomResourceOptions.builder()
                .dependsOn(apigeeVpcConnection)
                .build());

        var env = new Environment("env", EnvironmentArgs.builder()
            .name("my-environment")
            .description("Apigee Environment")
            .displayName("environment-1")
            .orgId(apigeeOrg.id())
            .build());

        var apigeeOrgSecurityAddonsConfig = new AddonsConfig("apigeeOrgSecurityAddonsConfig", AddonsConfigArgs.builder()
            .org(apigeeOrg.name())
            .addonsConfig(AddonsConfigAddonsConfigArgs.builder()
                .apiSecurityConfig(AddonsConfigAddonsConfigApiSecurityConfigArgs.builder()
                    .enabled(true)
                    .build())
                .build())
            .build());

        var apigeeSecurityAction = new SecurityAction("apigeeSecurityAction", SecurityActionArgs.builder()
            .securityActionId("my-security-action")
            .orgId(apigeeOrg.name())
            .envId(env.name())
            .description("Apigee Security Action")
            .state("ENABLED")
            .conditionConfig(SecurityActionConditionConfigArgs.builder()
                .ipAddressRanges(                
                    "100.0.220.1",
                    "200.0.0.1")
                .botReasons(                
                    "Flooder",
                    "Public Cloud Azure",
                    "Public Cloud AWS")
                .build())
            .allow(SecurityActionAllowArgs.builder()
                .build())
            .expireTime("2025-12-31T23:59:59Z")
            .build(), CustomResourceOptions.builder()
                .dependsOn(apigeeOrgSecurityAddonsConfig)
                .build());

    }
}

resources:
  apigeeNetwork:
    type: gcp:compute:Network
    name: apigee_network
    properties:
      name: my-network
  apigeeRange:
    type: gcp:compute:GlobalAddress
    name: apigee_range
    properties:
      name: my-address
      purpose: VPC_PEERING
      addressType: INTERNAL
      prefixLength: 16
      network: ${apigeeNetwork.id}
  apigeeVpcConnection:
    type: gcp:servicenetworking:Connection
    name: apigee_vpc_connection
    properties:
      network: ${apigeeNetwork.id}
      service: servicenetworking.googleapis.com
      reservedPeeringRanges:
        - ${apigeeRange.name}
  apigeeOrg:
    type: gcp:apigee:Organization
    name: apigee_org
    properties:
      analyticsRegion: us-central1
      projectId: ${current.project}
      authorizedNetwork: ${apigeeNetwork.id}
    options:
      dependsOn:
        - ${apigeeVpcConnection}
  env:
    type: gcp:apigee:Environment
    properties:
      name: my-environment
      description: Apigee Environment
      displayName: environment-1
      orgId: ${apigeeOrg.id}
  apigeeOrgSecurityAddonsConfig:
    type: gcp:apigee:AddonsConfig
    name: apigee_org_security_addons_config
    properties:
      org: ${apigeeOrg.name}
      addonsConfig:
        apiSecurityConfig:
          enabled: true
  apigeeSecurityAction:
    type: gcp:apigee:SecurityAction
    name: apigee_security_action
    properties:
      securityActionId: my-security-action
      orgId: ${apigeeOrg.name}
      envId: ${env.name}
      description: Apigee Security Action
      state: ENABLED
      conditionConfig:
        ipAddressRanges:
          - 100.0.220.1
          - 200.0.0.1
        botReasons:
          - Flooder
          - Public Cloud Azure
          - Public Cloud AWS
      allow: {}
      expireTime: 2025-12-31T23:59:59Z
    options:
      dependsOn:
        - ${apigeeOrgSecurityAddonsConfig}
variables:
  current:
    fn::invoke:
      function: gcp:organizations:getClientConfig
      arguments: {}

Create SecurityAction Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityAction(name: string, args: SecurityActionArgs, opts?: CustomResourceOptions);

@overload
def SecurityAction(resource_name: str,
                   args: SecurityActionArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def SecurityAction(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   condition_config: Optional[SecurityActionConditionConfigArgs] = None,
                   env_id: Optional[str] = None,
                   org_id: Optional[str] = None,
                   security_action_id: Optional[str] = None,
                   state: Optional[str] = None,
                   allow: Optional[SecurityActionAllowArgs] = None,
                   api_proxies: Optional[Sequence[str]] = None,
                   deny: Optional[SecurityActionDenyArgs] = None,
                   description: Optional[str] = None,
                   expire_time: Optional[str] = None,
                   flag: Optional[SecurityActionFlagArgs] = None,
                   ttl: Optional[str] = None)

func NewSecurityAction(ctx *Context, name string, args SecurityActionArgs, opts ...ResourceOption) (*SecurityAction, error)

public SecurityAction(string name, SecurityActionArgs args, CustomResourceOptions? opts = null)

public SecurityAction(String name, SecurityActionArgs args)
public SecurityAction(String name, SecurityActionArgs args, CustomResourceOptions options)

type: gcp:apigee:SecurityAction
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityActionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityActionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityActionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityActionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityActionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var securityActionResource = new Gcp.Apigee.SecurityAction("securityActionResource", new()
{
    ConditionConfig = new Gcp.Apigee.Inputs.SecurityActionConditionConfigArgs
    {
        AccessTokens = new[]
        {
            "string",
        },
        ApiKeys = new[]
        {
            "string",
        },
        ApiProducts = new[]
        {
            "string",
        },
        Asns = new[]
        {
            "string",
        },
        BotReasons = new[]
        {
            "string",
        },
        DeveloperApps = new[]
        {
            "string",
        },
        Developers = new[]
        {
            "string",
        },
        HttpMethods = new[]
        {
            "string",
        },
        IpAddressRanges = new[]
        {
            "string",
        },
        RegionCodes = new[]
        {
            "string",
        },
        UserAgents = new[]
        {
            "string",
        },
    },
    EnvId = "string",
    OrgId = "string",
    SecurityActionId = "string",
    State = "string",
    Allow = null,
    ApiProxies = new[]
    {
        "string",
    },
    Deny = new Gcp.Apigee.Inputs.SecurityActionDenyArgs
    {
        ResponseCode = 0,
    },
    Description = "string",
    ExpireTime = "string",
    Flag = new Gcp.Apigee.Inputs.SecurityActionFlagArgs
    {
        Headers = new[]
        {
            new Gcp.Apigee.Inputs.SecurityActionFlagHeaderArgs
            {
                Name = "string",
                Value = "string",
            },
        },
    },
    Ttl = "string",
});

example, err := apigee.NewSecurityAction(ctx, "securityActionResource", &apigee.SecurityActionArgs{
	ConditionConfig: &apigee.SecurityActionConditionConfigArgs{
		AccessTokens: pulumi.StringArray{
			pulumi.String("string"),
		},
		ApiKeys: pulumi.StringArray{
			pulumi.String("string"),
		},
		ApiProducts: pulumi.StringArray{
			pulumi.String("string"),
		},
		Asns: pulumi.StringArray{
			pulumi.String("string"),
		},
		BotReasons: pulumi.StringArray{
			pulumi.String("string"),
		},
		DeveloperApps: pulumi.StringArray{
			pulumi.String("string"),
		},
		Developers: pulumi.StringArray{
			pulumi.String("string"),
		},
		HttpMethods: pulumi.StringArray{
			pulumi.String("string"),
		},
		IpAddressRanges: pulumi.StringArray{
			pulumi.String("string"),
		},
		RegionCodes: pulumi.StringArray{
			pulumi.String("string"),
		},
		UserAgents: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	EnvId:            pulumi.String("string"),
	OrgId:            pulumi.String("string"),
	SecurityActionId: pulumi.String("string"),
	State:            pulumi.String("string"),
	Allow:            &apigee.SecurityActionAllowArgs{},
	ApiProxies: pulumi.StringArray{
		pulumi.String("string"),
	},
	Deny: &apigee.SecurityActionDenyArgs{
		ResponseCode: pulumi.Int(0),
	},
	Description: pulumi.String("string"),
	ExpireTime:  pulumi.String("string"),
	Flag: &apigee.SecurityActionFlagArgs{
		Headers: apigee.SecurityActionFlagHeaderArray{
			&apigee.SecurityActionFlagHeaderArgs{
				Name:  pulumi.String("string"),
				Value: pulumi.String("string"),
			},
		},
	},
	Ttl: pulumi.String("string"),
})

var securityActionResource = new SecurityAction("securityActionResource", SecurityActionArgs.builder()
    .conditionConfig(SecurityActionConditionConfigArgs.builder()
        .accessTokens("string")
        .apiKeys("string")
        .apiProducts("string")
        .asns("string")
        .botReasons("string")
        .developerApps("string")
        .developers("string")
        .httpMethods("string")
        .ipAddressRanges("string")
        .regionCodes("string")
        .userAgents("string")
        .build())
    .envId("string")
    .orgId("string")
    .securityActionId("string")
    .state("string")
    .allow(SecurityActionAllowArgs.builder()
        .build())
    .apiProxies("string")
    .deny(SecurityActionDenyArgs.builder()
        .responseCode(0)
        .build())
    .description("string")
    .expireTime("string")
    .flag(SecurityActionFlagArgs.builder()
        .headers(SecurityActionFlagHeaderArgs.builder()
            .name("string")
            .value("string")
            .build())
        .build())
    .ttl("string")
    .build());

security_action_resource = gcp.apigee.SecurityAction("securityActionResource",
    condition_config={
        "access_tokens": ["string"],
        "api_keys": ["string"],
        "api_products": ["string"],
        "asns": ["string"],
        "bot_reasons": ["string"],
        "developer_apps": ["string"],
        "developers": ["string"],
        "http_methods": ["string"],
        "ip_address_ranges": ["string"],
        "region_codes": ["string"],
        "user_agents": ["string"],
    },
    env_id="string",
    org_id="string",
    security_action_id="string",
    state="string",
    allow={},
    api_proxies=["string"],
    deny={
        "response_code": 0,
    },
    description="string",
    expire_time="string",
    flag={
        "headers": [{
            "name": "string",
            "value": "string",
        }],
    },
    ttl="string")

const securityActionResource = new gcp.apigee.SecurityAction("securityActionResource", {
    conditionConfig: {
        accessTokens: ["string"],
        apiKeys: ["string"],
        apiProducts: ["string"],
        asns: ["string"],
        botReasons: ["string"],
        developerApps: ["string"],
        developers: ["string"],
        httpMethods: ["string"],
        ipAddressRanges: ["string"],
        regionCodes: ["string"],
        userAgents: ["string"],
    },
    envId: "string",
    orgId: "string",
    securityActionId: "string",
    state: "string",
    allow: {},
    apiProxies: ["string"],
    deny: {
        responseCode: 0,
    },
    description: "string",
    expireTime: "string",
    flag: {
        headers: [{
            name: "string",
            value: "string",
        }],
    },
    ttl: "string",
});

type: gcp:apigee:SecurityAction
properties:
    allow: {}
    apiProxies:
        - string
    conditionConfig:
        accessTokens:
            - string
        apiKeys:
            - string
        apiProducts:
            - string
        asns:
            - string
        botReasons:
            - string
        developerApps:
            - string
        developers:
            - string
        httpMethods:
            - string
        ipAddressRanges:
            - string
        regionCodes:
            - string
        userAgents:
            - string
    deny:
        responseCode: 0
    description: string
    envId: string
    expireTime: string
    flag:
        headers:
            - name: string
              value: string
    orgId: string
    securityActionId: string
    state: string
    ttl: string

SecurityAction Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecurityAction resource accepts the following input properties:

ConditionConfig SecurityActionConditionConfig: A valid SecurityAction must contain at least one condition. Structure is documented below.
EnvId string: The Apigee environment that this security action applies to.
OrgId string: The organization that this security action applies to.
SecurityActionId string: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
State string: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
Allow SecurityActionAllow: Allow a request through if it matches this SecurityAction.
ApiProxies List<string>: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
Deny SecurityActionDeny: Deny a request through if it matches this SecurityAction. Structure is documented below.
Description string: An optional user provided description of the SecurityAction.
ExpireTime string: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Flag SecurityActionFlag: Flag a request through if it matches this SecurityAction. Structure is documented below.
Ttl string: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

ConditionConfig SecurityActionConditionConfigArgs: A valid SecurityAction must contain at least one condition. Structure is documented below.
EnvId string: The Apigee environment that this security action applies to.
OrgId string: The organization that this security action applies to.
SecurityActionId string: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
State string: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
Allow SecurityActionAllowArgs: Allow a request through if it matches this SecurityAction.
ApiProxies []string: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
Deny SecurityActionDenyArgs: Deny a request through if it matches this SecurityAction. Structure is documented below.
Description string: An optional user provided description of the SecurityAction.
ExpireTime string: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Flag SecurityActionFlagArgs: Flag a request through if it matches this SecurityAction. Structure is documented below.
Ttl string: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

conditionConfig SecurityActionConditionConfig: A valid SecurityAction must contain at least one condition. Structure is documented below.
envId String: The Apigee environment that this security action applies to.
orgId String: The organization that this security action applies to.
securityActionId String: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
state String: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
allow SecurityActionAllow: Allow a request through if it matches this SecurityAction.
apiProxies List<String>: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
deny SecurityActionDeny: Deny a request through if it matches this SecurityAction. Structure is documented below.
description String: An optional user provided description of the SecurityAction.
expireTime String: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
flag SecurityActionFlag: Flag a request through if it matches this SecurityAction. Structure is documented below.
ttl String: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

conditionConfig SecurityActionConditionConfig: A valid SecurityAction must contain at least one condition. Structure is documented below.
envId string: The Apigee environment that this security action applies to.
orgId string: The organization that this security action applies to.
securityActionId string: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
state string: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
allow SecurityActionAllow: Allow a request through if it matches this SecurityAction.
apiProxies string[]: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
deny SecurityActionDeny: Deny a request through if it matches this SecurityAction. Structure is documented below.
description string: An optional user provided description of the SecurityAction.
expireTime string: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
flag SecurityActionFlag: Flag a request through if it matches this SecurityAction. Structure is documented below.
ttl string: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

condition_config SecurityActionConditionConfigArgs: A valid SecurityAction must contain at least one condition. Structure is documented below.
env_id str: The Apigee environment that this security action applies to.
org_id str: The organization that this security action applies to.
security_action_id str: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
state str: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
allow SecurityActionAllowArgs: Allow a request through if it matches this SecurityAction.
api_proxies Sequence[str]: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
deny SecurityActionDenyArgs: Deny a request through if it matches this SecurityAction. Structure is documented below.
description str: An optional user provided description of the SecurityAction.
expire_time str: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
flag SecurityActionFlagArgs: Flag a request through if it matches this SecurityAction. Structure is documented below.
ttl str: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

conditionConfig Property Map: A valid SecurityAction must contain at least one condition. Structure is documented below.
envId String: The Apigee environment that this security action applies to.
orgId String: The organization that this security action applies to.
securityActionId String: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
state String: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
allow Property Map: Allow a request through if it matches this SecurityAction.
apiProxies List<String>: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
deny Property Map: Deny a request through if it matches this SecurityAction. Structure is documented below.
description String: An optional user provided description of the SecurityAction.
expireTime String: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
flag Property Map: Flag a request through if it matches this SecurityAction. Structure is documented below.
ttl String: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityAction resource produces the following output properties:

CreateTime string: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Id string: The provider-assigned unique ID for this managed resource.
UpdateTime string: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

CreateTime string: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Id string: The provider-assigned unique ID for this managed resource.
UpdateTime string: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

createTime String: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
id String: The provider-assigned unique ID for this managed resource.
updateTime String: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

createTime string: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
id string: The provider-assigned unique ID for this managed resource.
updateTime string: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

create_time str: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
id str: The provider-assigned unique ID for this managed resource.
update_time str: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

createTime String: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
id String: The provider-assigned unique ID for this managed resource.
updateTime String: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

Look up Existing SecurityAction Resource

Get an existing SecurityAction resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityActionState, opts?: CustomResourceOptions): SecurityAction

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow: Optional[SecurityActionAllowArgs] = None,
        api_proxies: Optional[Sequence[str]] = None,
        condition_config: Optional[SecurityActionConditionConfigArgs] = None,
        create_time: Optional[str] = None,
        deny: Optional[SecurityActionDenyArgs] = None,
        description: Optional[str] = None,
        env_id: Optional[str] = None,
        expire_time: Optional[str] = None,
        flag: Optional[SecurityActionFlagArgs] = None,
        org_id: Optional[str] = None,
        security_action_id: Optional[str] = None,
        state: Optional[str] = None,
        ttl: Optional[str] = None,
        update_time: Optional[str] = None) -> SecurityAction

func GetSecurityAction(ctx *Context, name string, id IDInput, state *SecurityActionState, opts ...ResourceOption) (*SecurityAction, error)

public static SecurityAction Get(string name, Input<string> id, SecurityActionState? state, CustomResourceOptions? opts = null)

public static SecurityAction get(String name, Output<String> id, SecurityActionState state, CustomResourceOptions options)

resources:  _:    type: gcp:apigee:SecurityAction    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Allow SecurityActionAllow: Allow a request through if it matches this SecurityAction.
ApiProxies List<string>: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
ConditionConfig SecurityActionConditionConfig: A valid SecurityAction must contain at least one condition. Structure is documented below.
CreateTime string: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Deny SecurityActionDeny: Deny a request through if it matches this SecurityAction. Structure is documented below.
Description string: An optional user provided description of the SecurityAction.
EnvId string: The Apigee environment that this security action applies to.
ExpireTime string: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Flag SecurityActionFlag: Flag a request through if it matches this SecurityAction. Structure is documented below.
OrgId string: The organization that this security action applies to.
SecurityActionId string: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
State string: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
Ttl string: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
UpdateTime string: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

Allow SecurityActionAllowArgs: Allow a request through if it matches this SecurityAction.
ApiProxies []string: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
ConditionConfig SecurityActionConditionConfigArgs: A valid SecurityAction must contain at least one condition. Structure is documented below.
CreateTime string: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Deny SecurityActionDenyArgs: Deny a request through if it matches this SecurityAction. Structure is documented below.
Description string: An optional user provided description of the SecurityAction.
EnvId string: The Apigee environment that this security action applies to.
ExpireTime string: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Flag SecurityActionFlagArgs: Flag a request through if it matches this SecurityAction. Structure is documented below.
OrgId string: The organization that this security action applies to.
SecurityActionId string: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
State string: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
Ttl string: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
UpdateTime string: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

allow SecurityActionAllow: Allow a request through if it matches this SecurityAction.
apiProxies List<String>: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
conditionConfig SecurityActionConditionConfig: A valid SecurityAction must contain at least one condition. Structure is documented below.
createTime String: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
deny SecurityActionDeny: Deny a request through if it matches this SecurityAction. Structure is documented below.
description String: An optional user provided description of the SecurityAction.
envId String: The Apigee environment that this security action applies to.
expireTime String: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
flag SecurityActionFlag: Flag a request through if it matches this SecurityAction. Structure is documented below.
orgId String: The organization that this security action applies to.
securityActionId String: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
state String: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
ttl String: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
updateTime String: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

allow SecurityActionAllow: Allow a request through if it matches this SecurityAction.
apiProxies string[]: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
conditionConfig SecurityActionConditionConfig: A valid SecurityAction must contain at least one condition. Structure is documented below.
createTime string: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
deny SecurityActionDeny: Deny a request through if it matches this SecurityAction. Structure is documented below.
description string: An optional user provided description of the SecurityAction.
envId string: The Apigee environment that this security action applies to.
expireTime string: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
flag SecurityActionFlag: Flag a request through if it matches this SecurityAction. Structure is documented below.
orgId string: The organization that this security action applies to.
securityActionId string: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
state string: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
ttl string: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
updateTime string: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

allow SecurityActionAllowArgs: Allow a request through if it matches this SecurityAction.
api_proxies Sequence[str]: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
condition_config SecurityActionConditionConfigArgs: A valid SecurityAction must contain at least one condition. Structure is documented below.
create_time str: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
deny SecurityActionDenyArgs: Deny a request through if it matches this SecurityAction. Structure is documented below.
description str: An optional user provided description of the SecurityAction.
env_id str: The Apigee environment that this security action applies to.
expire_time str: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
flag SecurityActionFlagArgs: Flag a request through if it matches this SecurityAction. Structure is documented below.
org_id str: The organization that this security action applies to.
security_action_id str: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
state str: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
ttl str: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
update_time str: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

allow Property Map: Allow a request through if it matches this SecurityAction.
apiProxies List<String>: If unset, this would apply to all proxies in the environment. If set, this action is enforced only if at least one proxy in the repeated list is deployed at the time of enforcement. If set, several restrictions are enforced on SecurityActions. There can be at most 100 enabled actions with proxies set in an env. Several other restrictions apply on conditions and are detailed later.
conditionConfig Property Map: A valid SecurityAction must contain at least one condition. Structure is documented below.
createTime String: The create time for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
deny Property Map: Deny a request through if it matches this SecurityAction. Structure is documented below.
description String: An optional user provided description of the SecurityAction.
envId String: The Apigee environment that this security action applies to.
expireTime String: The expiration for this SecurityAction. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
flag Property Map: Flag a request through if it matches this SecurityAction. Structure is documented below.
orgId String: The organization that this security action applies to.
securityActionId String: The ID to use for the SecurityAction, which will become the final component of the action's resource name. This value should be 0-61 characters, and valid format is (^a-z?$).
state String: Only an ENABLED SecurityAction is enforced. An ENABLED SecurityAction past its expiration time will not be enforced. Possible values are: ENABLED, DISABLED.
ttl String: The TTL for this SecurityAction. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
updateTime String: The update time for this SecurityAction. This reflects when this SecurityAction changed states. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

Supporting Types

SecurityActionConditionConfig, SecurityActionConditionConfigArgs

AccessTokens List<string>: A list of accessTokens. Limit 1000 per action.
ApiKeys List<string>: A list of API keys. Limit 1000 per action.
ApiProducts List<string>: A list of API Products. Limit 1000 per action.
Asns List<string>: A list of ASN numbers to act on, e.g. 23. https://en.wikipedia.org/wiki/Autonomous_system_(Internet) This uses int64 instead of uint32 because of https://linter.aip.dev/141/forbidden-types.
BotReasons List<string>: A list of Bot Reasons. Current options: Flooder, Brute Guessor, Static Content Scraper, OAuth Abuser, Robot Abuser, TorListRule, Advanced Anomaly Detection, Advanced API Scraper, Search Engine Crawlers, Public Clouds, Public Cloud AWS, Public Cloud Azure, and Public Cloud Google.
DeveloperApps List<string>: A list of developer apps. Limit 1000 per action.
Developers List<string>: A list of developers. Limit 1000 per action.
HttpMethods List<string>: Act only on particular HTTP methods. E.g. A read-only API can block POST/PUT/DELETE methods. Accepted values are: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE and PATCH.
IpAddressRanges List<string>: A list of IP addresses. This could be either IPv4 or IPv6. Limited to 100 per action.
RegionCodes List<string>: A list of countries/region codes to act on, e.g. US. This follows https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
UserAgents List<string>: A list of user agents to deny. We look for exact matches. Limit 50 per action.

AccessTokens []string: A list of accessTokens. Limit 1000 per action.
ApiKeys []string: A list of API keys. Limit 1000 per action.
ApiProducts []string: A list of API Products. Limit 1000 per action.
Asns []string: A list of ASN numbers to act on, e.g. 23. https://en.wikipedia.org/wiki/Autonomous_system_(Internet) This uses int64 instead of uint32 because of https://linter.aip.dev/141/forbidden-types.
BotReasons []string: A list of Bot Reasons. Current options: Flooder, Brute Guessor, Static Content Scraper, OAuth Abuser, Robot Abuser, TorListRule, Advanced Anomaly Detection, Advanced API Scraper, Search Engine Crawlers, Public Clouds, Public Cloud AWS, Public Cloud Azure, and Public Cloud Google.
DeveloperApps []string: A list of developer apps. Limit 1000 per action.
Developers []string: A list of developers. Limit 1000 per action.
HttpMethods []string: Act only on particular HTTP methods. E.g. A read-only API can block POST/PUT/DELETE methods. Accepted values are: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE and PATCH.
IpAddressRanges []string: A list of IP addresses. This could be either IPv4 or IPv6. Limited to 100 per action.
RegionCodes []string: A list of countries/region codes to act on, e.g. US. This follows https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
UserAgents []string: A list of user agents to deny. We look for exact matches. Limit 50 per action.

accessTokens List<String>: A list of accessTokens. Limit 1000 per action.
apiKeys List<String>: A list of API keys. Limit 1000 per action.
apiProducts List<String>: A list of API Products. Limit 1000 per action.
asns List<String>: A list of ASN numbers to act on, e.g. 23. https://en.wikipedia.org/wiki/Autonomous_system_(Internet) This uses int64 instead of uint32 because of https://linter.aip.dev/141/forbidden-types.
botReasons List<String>: A list of Bot Reasons. Current options: Flooder, Brute Guessor, Static Content Scraper, OAuth Abuser, Robot Abuser, TorListRule, Advanced Anomaly Detection, Advanced API Scraper, Search Engine Crawlers, Public Clouds, Public Cloud AWS, Public Cloud Azure, and Public Cloud Google.
developerApps List<String>: A list of developer apps. Limit 1000 per action.
developers List<String>: A list of developers. Limit 1000 per action.
httpMethods List<String>: Act only on particular HTTP methods. E.g. A read-only API can block POST/PUT/DELETE methods. Accepted values are: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE and PATCH.
ipAddressRanges List<String>: A list of IP addresses. This could be either IPv4 or IPv6. Limited to 100 per action.
regionCodes List<String>: A list of countries/region codes to act on, e.g. US. This follows https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
userAgents List<String>: A list of user agents to deny. We look for exact matches. Limit 50 per action.

accessTokens string[]: A list of accessTokens. Limit 1000 per action.
apiKeys string[]: A list of API keys. Limit 1000 per action.
apiProducts string[]: A list of API Products. Limit 1000 per action.
asns string[]: A list of ASN numbers to act on, e.g. 23. https://en.wikipedia.org/wiki/Autonomous_system_(Internet) This uses int64 instead of uint32 because of https://linter.aip.dev/141/forbidden-types.
botReasons string[]: A list of Bot Reasons. Current options: Flooder, Brute Guessor, Static Content Scraper, OAuth Abuser, Robot Abuser, TorListRule, Advanced Anomaly Detection, Advanced API Scraper, Search Engine Crawlers, Public Clouds, Public Cloud AWS, Public Cloud Azure, and Public Cloud Google.
developerApps string[]: A list of developer apps. Limit 1000 per action.
developers string[]: A list of developers. Limit 1000 per action.
httpMethods string[]: Act only on particular HTTP methods. E.g. A read-only API can block POST/PUT/DELETE methods. Accepted values are: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE and PATCH.
ipAddressRanges string[]: A list of IP addresses. This could be either IPv4 or IPv6. Limited to 100 per action.
regionCodes string[]: A list of countries/region codes to act on, e.g. US. This follows https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
userAgents string[]: A list of user agents to deny. We look for exact matches. Limit 50 per action.

access_tokens Sequence[str]: A list of accessTokens. Limit 1000 per action.
api_keys Sequence[str]: A list of API keys. Limit 1000 per action.
api_products Sequence[str]: A list of API Products. Limit 1000 per action.
asns Sequence[str]: A list of ASN numbers to act on, e.g. 23. https://en.wikipedia.org/wiki/Autonomous_system_(Internet) This uses int64 instead of uint32 because of https://linter.aip.dev/141/forbidden-types.
bot_reasons Sequence[str]: A list of Bot Reasons. Current options: Flooder, Brute Guessor, Static Content Scraper, OAuth Abuser, Robot Abuser, TorListRule, Advanced Anomaly Detection, Advanced API Scraper, Search Engine Crawlers, Public Clouds, Public Cloud AWS, Public Cloud Azure, and Public Cloud Google.
developer_apps Sequence[str]: A list of developer apps. Limit 1000 per action.
developers Sequence[str]: A list of developers. Limit 1000 per action.
http_methods Sequence[str]: Act only on particular HTTP methods. E.g. A read-only API can block POST/PUT/DELETE methods. Accepted values are: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE and PATCH.
ip_address_ranges Sequence[str]: A list of IP addresses. This could be either IPv4 or IPv6. Limited to 100 per action.
region_codes Sequence[str]: A list of countries/region codes to act on, e.g. US. This follows https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
user_agents Sequence[str]: A list of user agents to deny. We look for exact matches. Limit 50 per action.

accessTokens List<String>: A list of accessTokens. Limit 1000 per action.
apiKeys List<String>: A list of API keys. Limit 1000 per action.
apiProducts List<String>: A list of API Products. Limit 1000 per action.
asns List<String>: A list of ASN numbers to act on, e.g. 23. https://en.wikipedia.org/wiki/Autonomous_system_(Internet) This uses int64 instead of uint32 because of https://linter.aip.dev/141/forbidden-types.
botReasons List<String>: A list of Bot Reasons. Current options: Flooder, Brute Guessor, Static Content Scraper, OAuth Abuser, Robot Abuser, TorListRule, Advanced Anomaly Detection, Advanced API Scraper, Search Engine Crawlers, Public Clouds, Public Cloud AWS, Public Cloud Azure, and Public Cloud Google.
developerApps List<String>: A list of developer apps. Limit 1000 per action.
developers List<String>: A list of developers. Limit 1000 per action.
httpMethods List<String>: Act only on particular HTTP methods. E.g. A read-only API can block POST/PUT/DELETE methods. Accepted values are: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE and PATCH.
ipAddressRanges List<String>: A list of IP addresses. This could be either IPv4 or IPv6. Limited to 100 per action.
regionCodes List<String>: A list of countries/region codes to act on, e.g. US. This follows https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
userAgents List<String>: A list of user agents to deny. We look for exact matches. Limit 50 per action.

SecurityActionDeny, SecurityActionDenyArgs

ResponseCode int: The HTTP response code if the Action = DENY.

ResponseCode int: The HTTP response code if the Action = DENY.

responseCode Integer: The HTTP response code if the Action = DENY.

responseCode number: The HTTP response code if the Action = DENY.

response_code int: The HTTP response code if the Action = DENY.

responseCode Number: The HTTP response code if the Action = DENY.

SecurityActionFlag, SecurityActionFlagArgs

Headers List<SecurityActionFlagHeader>: A list of HTTP headers to be sent to the target in case of a FLAG SecurityAction. Limit 5 headers per SecurityAction. At least one is mandatory. Structure is documented below.

Headers []SecurityActionFlagHeader: A list of HTTP headers to be sent to the target in case of a FLAG SecurityAction. Limit 5 headers per SecurityAction. At least one is mandatory. Structure is documented below.

headers List<SecurityActionFlagHeader>: A list of HTTP headers to be sent to the target in case of a FLAG SecurityAction. Limit 5 headers per SecurityAction. At least one is mandatory. Structure is documented below.

headers SecurityActionFlagHeader[]: A list of HTTP headers to be sent to the target in case of a FLAG SecurityAction. Limit 5 headers per SecurityAction. At least one is mandatory. Structure is documented below.

headers Sequence[SecurityActionFlagHeader]: A list of HTTP headers to be sent to the target in case of a FLAG SecurityAction. Limit 5 headers per SecurityAction. At least one is mandatory. Structure is documented below.

headers List<Property Map>: A list of HTTP headers to be sent to the target in case of a FLAG SecurityAction. Limit 5 headers per SecurityAction. At least one is mandatory. Structure is documented below.

SecurityActionFlagHeader, SecurityActionFlagHeaderArgs

Name string: The header name to be sent to the target.
Value string: The header value to be sent to the target.

Name string: The header name to be sent to the target.
Value string: The header value to be sent to the target.

name String: The header name to be sent to the target.
value String: The header value to be sent to the target.

name string: The header name to be sent to the target.
value string: The header value to be sent to the target.

name str: The header name to be sent to the target.
value str: The header value to be sent to the target.

name String: The header name to be sent to the target.
value String: The header value to be sent to the target.

Import

SecurityAction can be imported using any of these accepted formats:

organizations/{{org_id}}/environments/{{env_id}}/securityActions/{{security_action_id}}
{{org_id}}/{{env_id}}/{{security_action_id}}

When using the pulumi import command, SecurityAction can be imported using one of the formats above. For example:

$ pulumi import gcp:apigee/securityAction:SecurityAction default organizations/{{org_id}}/environments/{{env_id}}/securityActions/{{security_action_id}}

$ pulumi import gcp:apigee/securityAction:SecurityAction default {{org_id}}/{{env_id}}/{{security_action_id}}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.40.0 published on Monday, Aug 11, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.apigee.SecurityAction

On this page

On this page

Example Usage

Apigee Security Action Basic

Create SecurityAction Resource

Constructor syntax

Parameters

Constructor example

SecurityAction Resource Properties

Inputs

Outputs

Look up Existing SecurityAction Resource

Supporting Types

SecurityActionConditionConfig, SecurityActionConditionConfigArgs

SecurityActionDeny, SecurityActionDenyArgs

SecurityActionFlag, SecurityActionFlagArgs

SecurityActionFlagHeader, SecurityActionFlagHeaderArgs

Import

Package Details

On this page

On this page