1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. assuredworkloads
  5. Workload
Google Cloud Classic v7.2.1 published on Wednesday, Nov 22, 2023 by Pulumi

gcp.assuredworkloads.Workload

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.2.1 published on Wednesday, Nov 22, 2023 by Pulumi

    The AssuredWorkloads Workload resource

    Example Usage

    Basic_workload

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
        {
            BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
            ComplianceRegime = "FEDRAMP_MODERATE",
            DisplayName = "{{display}}",
            KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
            {
                NextRotationTime = "9999-10-02T15:01:23Z",
                RotationPeriod = "10368000s",
            },
            Labels = 
            {
                { "label-one", "value-one" },
            },
            Location = "us-west1",
            Organization = "123456789",
            ProvisionedResourcesParent = "folders/519620126891",
            ResourceSettings = new[]
            {
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    DisplayName = "folder-display-name",
                    ResourceType = "CONSUMER_FOLDER",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceType = "ENCRYPTION_KEYS_PROJECT",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceId = "ring",
                    ResourceType = "KEYRING",
                },
            },
            ViolationNotificationsEnabled = true,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/assuredworkloads"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
    			BillingAccount:   pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
    			ComplianceRegime: pulumi.String("FEDRAMP_MODERATE"),
    			DisplayName:      pulumi.String("{{display}}"),
    			KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
    				NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
    				RotationPeriod:   pulumi.String("10368000s"),
    			},
    			Labels: pulumi.StringMap{
    				"label-one": pulumi.String("value-one"),
    			},
    			Location:                   pulumi.String("us-west1"),
    			Organization:               pulumi.String("123456789"),
    			ProvisionedResourcesParent: pulumi.String("folders/519620126891"),
    			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					DisplayName:  pulumi.String("folder-display-name"),
    					ResourceType: pulumi.String("CONSUMER_FOLDER"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceId:   pulumi.String("ring"),
    					ResourceType: pulumi.String("KEYRING"),
    				},
    			},
    			ViolationNotificationsEnabled: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.assuredworkloads.Workload;
    import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var primary = new Workload("primary", WorkloadArgs.builder()        
                .billingAccount("billingAccounts/000000-0000000-0000000-000000")
                .complianceRegime("FEDRAMP_MODERATE")
                .displayName("{{display}}")
                .kmsSettings(WorkloadKmsSettingsArgs.builder()
                    .nextRotationTime("9999-10-02T15:01:23Z")
                    .rotationPeriod("10368000s")
                    .build())
                .labels(Map.of("label-one", "value-one"))
                .location("us-west1")
                .organization("123456789")
                .provisionedResourcesParent("folders/519620126891")
                .resourceSettings(            
                    WorkloadResourceSettingArgs.builder()
                        .displayName("folder-display-name")
                        .resourceType("CONSUMER_FOLDER")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceType("ENCRYPTION_KEYS_PROJECT")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceId("ring")
                        .resourceType("KEYRING")
                        .build())
                .violationNotificationsEnabled(true)
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    primary = gcp.assuredworkloads.Workload("primary",
        billing_account="billingAccounts/000000-0000000-0000000-000000",
        compliance_regime="FEDRAMP_MODERATE",
        display_name="{{display}}",
        kms_settings=gcp.assuredworkloads.WorkloadKmsSettingsArgs(
            next_rotation_time="9999-10-02T15:01:23Z",
            rotation_period="10368000s",
        ),
        labels={
            "label-one": "value-one",
        },
        location="us-west1",
        organization="123456789",
        provisioned_resources_parent="folders/519620126891",
        resource_settings=[
            gcp.assuredworkloads.WorkloadResourceSettingArgs(
                display_name="folder-display-name",
                resource_type="CONSUMER_FOLDER",
            ),
            gcp.assuredworkloads.WorkloadResourceSettingArgs(
                resource_type="ENCRYPTION_KEYS_PROJECT",
            ),
            gcp.assuredworkloads.WorkloadResourceSettingArgs(
                resource_id="ring",
                resource_type="KEYRING",
            ),
        ],
        violation_notifications_enabled=True)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const primary = new gcp.assuredworkloads.Workload("primary", {
        billingAccount: "billingAccounts/000000-0000000-0000000-000000",
        complianceRegime: "FEDRAMP_MODERATE",
        displayName: "{{display}}",
        kmsSettings: {
            nextRotationTime: "9999-10-02T15:01:23Z",
            rotationPeriod: "10368000s",
        },
        labels: {
            "label-one": "value-one",
        },
        location: "us-west1",
        organization: "123456789",
        provisionedResourcesParent: "folders/519620126891",
        resourceSettings: [
            {
                displayName: "folder-display-name",
                resourceType: "CONSUMER_FOLDER",
            },
            {
                resourceType: "ENCRYPTION_KEYS_PROJECT",
            },
            {
                resourceId: "ring",
                resourceType: "KEYRING",
            },
        ],
        violationNotificationsEnabled: true,
    });
    
    resources:
      primary:
        type: gcp:assuredworkloads:Workload
        properties:
          billingAccount: billingAccounts/000000-0000000-0000000-000000
          complianceRegime: FEDRAMP_MODERATE
          displayName: '{{display}}'
          kmsSettings:
            nextRotationTime: 9999-10-02T15:01:23Z
            rotationPeriod: 10368000s
          labels:
            label-one: value-one
          location: us-west1
          organization: '123456789'
          provisionedResourcesParent: folders/519620126891
          resourceSettings:
            - displayName: folder-display-name
              resourceType: CONSUMER_FOLDER
            - resourceType: ENCRYPTION_KEYS_PROJECT
            - resourceId: ring
              resourceType: KEYRING
          violationNotificationsEnabled: true
    

    Sovereign_controls_workload

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var primary = new Gcp.AssuredWorkloads.Workload("primary", new()
        {
            ComplianceRegime = "EU_REGIONS_AND_SUPPORT",
            DisplayName = "display",
            Location = "europe-west9",
            Organization = "123456789",
            BillingAccount = "billingAccounts/000000-0000000-0000000-000000",
            EnableSovereignControls = true,
            KmsSettings = new Gcp.AssuredWorkloads.Inputs.WorkloadKmsSettingsArgs
            {
                NextRotationTime = "9999-10-02T15:01:23Z",
                RotationPeriod = "10368000s",
            },
            ResourceSettings = new[]
            {
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceType = "CONSUMER_FOLDER",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceType = "ENCRYPTION_KEYS_PROJECT",
                },
                new Gcp.AssuredWorkloads.Inputs.WorkloadResourceSettingArgs
                {
                    ResourceId = "ring",
                    ResourceType = "KEYRING",
                },
            },
            Labels = 
            {
                { "label-one", "value-one" },
            },
        }, new CustomResourceOptions
        {
            Provider = google_beta,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/assuredworkloads"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := assuredworkloads.NewWorkload(ctx, "primary", &assuredworkloads.WorkloadArgs{
    			ComplianceRegime:        pulumi.String("EU_REGIONS_AND_SUPPORT"),
    			DisplayName:             pulumi.String("display"),
    			Location:                pulumi.String("europe-west9"),
    			Organization:            pulumi.String("123456789"),
    			BillingAccount:          pulumi.String("billingAccounts/000000-0000000-0000000-000000"),
    			EnableSovereignControls: pulumi.Bool(true),
    			KmsSettings: &assuredworkloads.WorkloadKmsSettingsArgs{
    				NextRotationTime: pulumi.String("9999-10-02T15:01:23Z"),
    				RotationPeriod:   pulumi.String("10368000s"),
    			},
    			ResourceSettings: assuredworkloads.WorkloadResourceSettingArray{
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceType: pulumi.String("CONSUMER_FOLDER"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceType: pulumi.String("ENCRYPTION_KEYS_PROJECT"),
    				},
    				&assuredworkloads.WorkloadResourceSettingArgs{
    					ResourceId:   pulumi.String("ring"),
    					ResourceType: pulumi.String("KEYRING"),
    				},
    			},
    			Labels: pulumi.StringMap{
    				"label-one": pulumi.String("value-one"),
    			},
    		}, pulumi.Provider(google_beta))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.assuredworkloads.Workload;
    import com.pulumi.gcp.assuredworkloads.WorkloadArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadKmsSettingsArgs;
    import com.pulumi.gcp.assuredworkloads.inputs.WorkloadResourceSettingArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var primary = new Workload("primary", WorkloadArgs.builder()        
                .complianceRegime("EU_REGIONS_AND_SUPPORT")
                .displayName("display")
                .location("europe-west9")
                .organization("123456789")
                .billingAccount("billingAccounts/000000-0000000-0000000-000000")
                .enableSovereignControls(true)
                .kmsSettings(WorkloadKmsSettingsArgs.builder()
                    .nextRotationTime("9999-10-02T15:01:23Z")
                    .rotationPeriod("10368000s")
                    .build())
                .resourceSettings(            
                    WorkloadResourceSettingArgs.builder()
                        .resourceType("CONSUMER_FOLDER")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceType("ENCRYPTION_KEYS_PROJECT")
                        .build(),
                    WorkloadResourceSettingArgs.builder()
                        .resourceId("ring")
                        .resourceType("KEYRING")
                        .build())
                .labels(Map.of("label-one", "value-one"))
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    primary = gcp.assuredworkloads.Workload("primary",
        compliance_regime="EU_REGIONS_AND_SUPPORT",
        display_name="display",
        location="europe-west9",
        organization="123456789",
        billing_account="billingAccounts/000000-0000000-0000000-000000",
        enable_sovereign_controls=True,
        kms_settings=gcp.assuredworkloads.WorkloadKmsSettingsArgs(
            next_rotation_time="9999-10-02T15:01:23Z",
            rotation_period="10368000s",
        ),
        resource_settings=[
            gcp.assuredworkloads.WorkloadResourceSettingArgs(
                resource_type="CONSUMER_FOLDER",
            ),
            gcp.assuredworkloads.WorkloadResourceSettingArgs(
                resource_type="ENCRYPTION_KEYS_PROJECT",
            ),
            gcp.assuredworkloads.WorkloadResourceSettingArgs(
                resource_id="ring",
                resource_type="KEYRING",
            ),
        ],
        labels={
            "label-one": "value-one",
        },
        opts=pulumi.ResourceOptions(provider=google_beta))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const primary = new gcp.assuredworkloads.Workload("primary", {
        complianceRegime: "EU_REGIONS_AND_SUPPORT",
        displayName: "display",
        location: "europe-west9",
        organization: "123456789",
        billingAccount: "billingAccounts/000000-0000000-0000000-000000",
        enableSovereignControls: true,
        kmsSettings: {
            nextRotationTime: "9999-10-02T15:01:23Z",
            rotationPeriod: "10368000s",
        },
        resourceSettings: [
            {
                resourceType: "CONSUMER_FOLDER",
            },
            {
                resourceType: "ENCRYPTION_KEYS_PROJECT",
            },
            {
                resourceId: "ring",
                resourceType: "KEYRING",
            },
        ],
        labels: {
            "label-one": "value-one",
        },
    }, {
        provider: google_beta,
    });
    
    resources:
      primary:
        type: gcp:assuredworkloads:Workload
        properties:
          complianceRegime: EU_REGIONS_AND_SUPPORT
          displayName: display
          location: europe-west9
          organization: '123456789'
          billingAccount: billingAccounts/000000-0000000-0000000-000000
          enableSovereignControls: true
          kmsSettings:
            nextRotationTime: 9999-10-02T15:01:23Z
            rotationPeriod: 10368000s
          resourceSettings:
            - resourceType: CONSUMER_FOLDER
            - resourceType: ENCRYPTION_KEYS_PROJECT
            - resourceId: ring
              resourceType: KEYRING
          labels:
            label-one: value-one
        options:
          provider: ${["google-beta"]}
    

    Create Workload Resource

    new Workload(name: string, args: WorkloadArgs, opts?: CustomResourceOptions);
    @overload
    def Workload(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 billing_account: Optional[str] = None,
                 compliance_regime: Optional[str] = None,
                 display_name: Optional[str] = None,
                 enable_sovereign_controls: Optional[bool] = None,
                 kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
                 labels: Optional[Mapping[str, str]] = None,
                 location: Optional[str] = None,
                 organization: Optional[str] = None,
                 partner: Optional[str] = None,
                 partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
                 provisioned_resources_parent: Optional[str] = None,
                 resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
                 violation_notifications_enabled: Optional[bool] = None)
    @overload
    def Workload(resource_name: str,
                 args: WorkloadArgs,
                 opts: Optional[ResourceOptions] = None)
    func NewWorkload(ctx *Context, name string, args WorkloadArgs, opts ...ResourceOption) (*Workload, error)
    public Workload(string name, WorkloadArgs args, CustomResourceOptions? opts = null)
    public Workload(String name, WorkloadArgs args)
    public Workload(String name, WorkloadArgs args, CustomResourceOptions options)
    
    type: gcp:assuredworkloads:Workload
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WorkloadArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Workload Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Workload resource accepts the following input properties:

    ComplianceRegime string

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    DisplayName string

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    Location string

    The location for the resource

    Organization string

    The organization for the resource


    BillingAccount string

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    EnableSovereignControls bool

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    KmsSettings WorkloadKmsSettings

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    Labels Dictionary<string, string>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    Partner string

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    PartnerPermissions WorkloadPartnerPermissions

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    ProvisionedResourcesParent string

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    ResourceSettings List<WorkloadResourceSetting>

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    ViolationNotificationsEnabled bool

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    ComplianceRegime string

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    DisplayName string

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    Location string

    The location for the resource

    Organization string

    The organization for the resource


    BillingAccount string

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    EnableSovereignControls bool

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    KmsSettings WorkloadKmsSettingsArgs

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    Labels map[string]string

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    Partner string

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    PartnerPermissions WorkloadPartnerPermissionsArgs

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    ProvisionedResourcesParent string

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    ResourceSettings []WorkloadResourceSettingArgs

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    ViolationNotificationsEnabled bool

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    complianceRegime String

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    displayName String

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    location String

    The location for the resource

    organization String

    The organization for the resource


    billingAccount String

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    enableSovereignControls Boolean

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    kmsSettings WorkloadKmsSettings

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    labels Map<String,String>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    partner String

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    partnerPermissions WorkloadPartnerPermissions

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    provisionedResourcesParent String

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    resourceSettings List<WorkloadResourceSetting>

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    violationNotificationsEnabled Boolean

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    complianceRegime string

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    displayName string

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    location string

    The location for the resource

    organization string

    The organization for the resource


    billingAccount string

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    enableSovereignControls boolean

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    kmsSettings WorkloadKmsSettings

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    labels {[key: string]: string}

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    partner string

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    partnerPermissions WorkloadPartnerPermissions

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    provisionedResourcesParent string

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    resourceSettings WorkloadResourceSetting[]

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    violationNotificationsEnabled boolean

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    compliance_regime str

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    display_name str

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    location str

    The location for the resource

    organization str

    The organization for the resource


    billing_account str

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    enable_sovereign_controls bool

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    kms_settings WorkloadKmsSettingsArgs

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    labels Mapping[str, str]

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    partner str

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    partner_permissions WorkloadPartnerPermissionsArgs

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    provisioned_resources_parent str

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    resource_settings Sequence[WorkloadResourceSettingArgs]

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    violation_notifications_enabled bool

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    complianceRegime String

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    displayName String

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    location String

    The location for the resource

    organization String

    The organization for the resource


    billingAccount String

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    enableSovereignControls Boolean

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    kmsSettings Property Map

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    labels Map<String>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    partner String

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    partnerPermissions Property Map

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    provisionedResourcesParent String

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    resourceSettings List<Property Map>

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    violationNotificationsEnabled Boolean

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Workload resource produces the following output properties:

    ComplianceStatuses List<WorkloadComplianceStatus>

    Output only. Count of active Violations in the Workload.

    CompliantButDisallowedServices List<string>

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    CreateTime string

    Output only. Immutable. The Workload creation timestamp.

    EffectiveLabels Dictionary<string, object>

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    EkmProvisioningResponses List<WorkloadEkmProvisioningResponse>

    Optional. Represents the Ekm Provisioning State of the given workload.

    Id string

    The provider-assigned unique ID for this managed resource.

    KajEnrollmentState string

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    Name string

    Output only. The resource name of the workload.

    PulumiLabels Dictionary<string, object>

    The combination of labels configured directly on the resource and default labels configured on the provider.

    Resources List<WorkloadResource>

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    SaaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    ComplianceStatuses []WorkloadComplianceStatus

    Output only. Count of active Violations in the Workload.

    CompliantButDisallowedServices []string

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    CreateTime string

    Output only. Immutable. The Workload creation timestamp.

    EffectiveLabels map[string]interface{}

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    EkmProvisioningResponses []WorkloadEkmProvisioningResponse

    Optional. Represents the Ekm Provisioning State of the given workload.

    Id string

    The provider-assigned unique ID for this managed resource.

    KajEnrollmentState string

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    Name string

    Output only. The resource name of the workload.

    PulumiLabels map[string]interface{}

    The combination of labels configured directly on the resource and default labels configured on the provider.

    Resources []WorkloadResource

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    SaaEnrollmentResponses []WorkloadSaaEnrollmentResponse

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    complianceStatuses List<WorkloadComplianceStatus>

    Output only. Count of active Violations in the Workload.

    compliantButDisallowedServices List<String>

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    createTime String

    Output only. Immutable. The Workload creation timestamp.

    effectiveLabels Map<String,Object>

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    ekmProvisioningResponses List<WorkloadEkmProvisioningResponse>

    Optional. Represents the Ekm Provisioning State of the given workload.

    id String

    The provider-assigned unique ID for this managed resource.

    kajEnrollmentState String

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    name String

    Output only. The resource name of the workload.

    pulumiLabels Map<String,Object>

    The combination of labels configured directly on the resource and default labels configured on the provider.

    resources List<WorkloadResource>

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    saaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    complianceStatuses WorkloadComplianceStatus[]

    Output only. Count of active Violations in the Workload.

    compliantButDisallowedServices string[]

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    createTime string

    Output only. Immutable. The Workload creation timestamp.

    effectiveLabels {[key: string]: any}

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    ekmProvisioningResponses WorkloadEkmProvisioningResponse[]

    Optional. Represents the Ekm Provisioning State of the given workload.

    id string

    The provider-assigned unique ID for this managed resource.

    kajEnrollmentState string

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    name string

    Output only. The resource name of the workload.

    pulumiLabels {[key: string]: any}

    The combination of labels configured directly on the resource and default labels configured on the provider.

    resources WorkloadResource[]

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    saaEnrollmentResponses WorkloadSaaEnrollmentResponse[]

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    compliance_statuses Sequence[WorkloadComplianceStatus]

    Output only. Count of active Violations in the Workload.

    compliant_but_disallowed_services Sequence[str]

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    create_time str

    Output only. Immutable. The Workload creation timestamp.

    effective_labels Mapping[str, Any]

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    ekm_provisioning_responses Sequence[WorkloadEkmProvisioningResponse]

    Optional. Represents the Ekm Provisioning State of the given workload.

    id str

    The provider-assigned unique ID for this managed resource.

    kaj_enrollment_state str

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    name str

    Output only. The resource name of the workload.

    pulumi_labels Mapping[str, Any]

    The combination of labels configured directly on the resource and default labels configured on the provider.

    resources Sequence[WorkloadResource]

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    saa_enrollment_responses Sequence[WorkloadSaaEnrollmentResponse]

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    complianceStatuses List<Property Map>

    Output only. Count of active Violations in the Workload.

    compliantButDisallowedServices List<String>

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    createTime String

    Output only. Immutable. The Workload creation timestamp.

    effectiveLabels Map<Any>

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    ekmProvisioningResponses List<Property Map>

    Optional. Represents the Ekm Provisioning State of the given workload.

    id String

    The provider-assigned unique ID for this managed resource.

    kajEnrollmentState String

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    name String

    Output only. The resource name of the workload.

    pulumiLabels Map<Any>

    The combination of labels configured directly on the resource and default labels configured on the provider.

    resources List<Property Map>

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    saaEnrollmentResponses List<Property Map>

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    Look up Existing Workload Resource

    Get an existing Workload resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WorkloadState, opts?: CustomResourceOptions): Workload
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            billing_account: Optional[str] = None,
            compliance_regime: Optional[str] = None,
            compliance_statuses: Optional[Sequence[WorkloadComplianceStatusArgs]] = None,
            compliant_but_disallowed_services: Optional[Sequence[str]] = None,
            create_time: Optional[str] = None,
            display_name: Optional[str] = None,
            effective_labels: Optional[Mapping[str, Any]] = None,
            ekm_provisioning_responses: Optional[Sequence[WorkloadEkmProvisioningResponseArgs]] = None,
            enable_sovereign_controls: Optional[bool] = None,
            kaj_enrollment_state: Optional[str] = None,
            kms_settings: Optional[WorkloadKmsSettingsArgs] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            organization: Optional[str] = None,
            partner: Optional[str] = None,
            partner_permissions: Optional[WorkloadPartnerPermissionsArgs] = None,
            provisioned_resources_parent: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, Any]] = None,
            resource_settings: Optional[Sequence[WorkloadResourceSettingArgs]] = None,
            resources: Optional[Sequence[WorkloadResourceArgs]] = None,
            saa_enrollment_responses: Optional[Sequence[WorkloadSaaEnrollmentResponseArgs]] = None,
            violation_notifications_enabled: Optional[bool] = None) -> Workload
    func GetWorkload(ctx *Context, name string, id IDInput, state *WorkloadState, opts ...ResourceOption) (*Workload, error)
    public static Workload Get(string name, Input<string> id, WorkloadState? state, CustomResourceOptions? opts = null)
    public static Workload get(String name, Output<String> id, WorkloadState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    BillingAccount string

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    ComplianceRegime string

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    ComplianceStatuses List<WorkloadComplianceStatus>

    Output only. Count of active Violations in the Workload.

    CompliantButDisallowedServices List<string>

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    CreateTime string

    Output only. Immutable. The Workload creation timestamp.

    DisplayName string

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    EffectiveLabels Dictionary<string, object>

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    EkmProvisioningResponses List<WorkloadEkmProvisioningResponse>

    Optional. Represents the Ekm Provisioning State of the given workload.

    EnableSovereignControls bool

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    KajEnrollmentState string

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    KmsSettings WorkloadKmsSettings

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    Labels Dictionary<string, string>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    Location string

    The location for the resource

    Name string

    Output only. The resource name of the workload.

    Organization string

    The organization for the resource


    Partner string

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    PartnerPermissions WorkloadPartnerPermissions

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    ProvisionedResourcesParent string

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    PulumiLabels Dictionary<string, object>

    The combination of labels configured directly on the resource and default labels configured on the provider.

    ResourceSettings List<WorkloadResourceSetting>

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    Resources List<WorkloadResource>

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    SaaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    ViolationNotificationsEnabled bool

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    BillingAccount string

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    ComplianceRegime string

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    ComplianceStatuses []WorkloadComplianceStatusArgs

    Output only. Count of active Violations in the Workload.

    CompliantButDisallowedServices []string

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    CreateTime string

    Output only. Immutable. The Workload creation timestamp.

    DisplayName string

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    EffectiveLabels map[string]interface{}

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    EkmProvisioningResponses []WorkloadEkmProvisioningResponseArgs

    Optional. Represents the Ekm Provisioning State of the given workload.

    EnableSovereignControls bool

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    KajEnrollmentState string

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    KmsSettings WorkloadKmsSettingsArgs

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    Labels map[string]string

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    Location string

    The location for the resource

    Name string

    Output only. The resource name of the workload.

    Organization string

    The organization for the resource


    Partner string

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    PartnerPermissions WorkloadPartnerPermissionsArgs

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    ProvisionedResourcesParent string

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    PulumiLabels map[string]interface{}

    The combination of labels configured directly on the resource and default labels configured on the provider.

    ResourceSettings []WorkloadResourceSettingArgs

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    Resources []WorkloadResourceArgs

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    SaaEnrollmentResponses []WorkloadSaaEnrollmentResponseArgs

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    ViolationNotificationsEnabled bool

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    billingAccount String

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    complianceRegime String

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    complianceStatuses List<WorkloadComplianceStatus>

    Output only. Count of active Violations in the Workload.

    compliantButDisallowedServices List<String>

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    createTime String

    Output only. Immutable. The Workload creation timestamp.

    displayName String

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    effectiveLabels Map<String,Object>

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    ekmProvisioningResponses List<WorkloadEkmProvisioningResponse>

    Optional. Represents the Ekm Provisioning State of the given workload.

    enableSovereignControls Boolean

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    kajEnrollmentState String

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    kmsSettings WorkloadKmsSettings

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    labels Map<String,String>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    location String

    The location for the resource

    name String

    Output only. The resource name of the workload.

    organization String

    The organization for the resource


    partner String

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    partnerPermissions WorkloadPartnerPermissions

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    provisionedResourcesParent String

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    pulumiLabels Map<String,Object>

    The combination of labels configured directly on the resource and default labels configured on the provider.

    resourceSettings List<WorkloadResourceSetting>

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    resources List<WorkloadResource>

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    saaEnrollmentResponses List<WorkloadSaaEnrollmentResponse>

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    violationNotificationsEnabled Boolean

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    billingAccount string

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    complianceRegime string

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    complianceStatuses WorkloadComplianceStatus[]

    Output only. Count of active Violations in the Workload.

    compliantButDisallowedServices string[]

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    createTime string

    Output only. Immutable. The Workload creation timestamp.

    displayName string

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    effectiveLabels {[key: string]: any}

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    ekmProvisioningResponses WorkloadEkmProvisioningResponse[]

    Optional. Represents the Ekm Provisioning State of the given workload.

    enableSovereignControls boolean

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    kajEnrollmentState string

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    kmsSettings WorkloadKmsSettings

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    labels {[key: string]: string}

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    location string

    The location for the resource

    name string

    Output only. The resource name of the workload.

    organization string

    The organization for the resource


    partner string

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    partnerPermissions WorkloadPartnerPermissions

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    provisionedResourcesParent string

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    pulumiLabels {[key: string]: any}

    The combination of labels configured directly on the resource and default labels configured on the provider.

    resourceSettings WorkloadResourceSetting[]

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    resources WorkloadResource[]

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    saaEnrollmentResponses WorkloadSaaEnrollmentResponse[]

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    violationNotificationsEnabled boolean

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    billing_account str

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    compliance_regime str

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    compliance_statuses Sequence[WorkloadComplianceStatusArgs]

    Output only. Count of active Violations in the Workload.

    compliant_but_disallowed_services Sequence[str]

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    create_time str

    Output only. Immutable. The Workload creation timestamp.

    display_name str

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    effective_labels Mapping[str, Any]

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    ekm_provisioning_responses Sequence[WorkloadEkmProvisioningResponseArgs]

    Optional. Represents the Ekm Provisioning State of the given workload.

    enable_sovereign_controls bool

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    kaj_enrollment_state str

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    kms_settings WorkloadKmsSettingsArgs

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    labels Mapping[str, str]

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    location str

    The location for the resource

    name str

    Output only. The resource name of the workload.

    organization str

    The organization for the resource


    partner str

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    partner_permissions WorkloadPartnerPermissionsArgs

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    provisioned_resources_parent str

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    pulumi_labels Mapping[str, Any]

    The combination of labels configured directly on the resource and default labels configured on the provider.

    resource_settings Sequence[WorkloadResourceSettingArgs]

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    resources Sequence[WorkloadResourceArgs]

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    saa_enrollment_responses Sequence[WorkloadSaaEnrollmentResponseArgs]

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    violation_notifications_enabled bool

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    billingAccount String

    Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF.

    complianceRegime String

    Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT

    complianceStatuses List<Property Map>

    Output only. Count of active Violations in the Workload.

    compliantButDisallowedServices List<String>

    Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.

    createTime String

    Output only. Immutable. The Workload creation timestamp.

    displayName String

    Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

    effectiveLabels Map<Any>

    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

    ekmProvisioningResponses List<Property Map>

    Optional. Represents the Ekm Provisioning State of the given workload.

    enableSovereignControls Boolean

    Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.

    kajEnrollmentState String

    Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE

    kmsSettings Property Map

    DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.

    labels Map<String>

    Optional. Labels applied to the workload.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    location String

    The location for the resource

    name String

    Output only. The resource name of the workload.

    organization String

    The organization for the resource


    partner String

    Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN

    partnerPermissions Property Map

    Optional. Permissions granted to the AW Partner SA account for the customer workload

    provisionedResourcesParent String

    Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}

    pulumiLabels Map<Any>

    The combination of labels configured directly on the resource and default labels configured on the provider.

    resourceSettings List<Property Map>

    Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

    resources List<Property Map>

    Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

    saaEnrollmentResponses List<Property Map>

    Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.

    violationNotificationsEnabled Boolean

    Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

    Supporting Types

    WorkloadComplianceStatus, WorkloadComplianceStatusArgs

    WorkloadEkmProvisioningResponse, WorkloadEkmProvisioningResponseArgs

    WorkloadKmsSettings, WorkloadKmsSettingsArgs

    NextRotationTime string

    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.

    RotationPeriod string

    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    NextRotationTime string

    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.

    RotationPeriod string

    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    nextRotationTime String

    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.

    rotationPeriod String

    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    nextRotationTime string

    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.

    rotationPeriod string

    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    next_rotation_time str

    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.

    rotation_period str

    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    nextRotationTime String

    Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.

    rotationPeriod String

    Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    WorkloadPartnerPermissions, WorkloadPartnerPermissionsArgs

    AssuredWorkloadsMonitoring bool

    Optional. Allow partner to view violation alerts.

    DataLogsViewer bool

    Allow the partner to view inspectability logs and monitoring violations.

    ServiceAccessApprover bool

    Optional. Allow partner to view access approval logs.

    AssuredWorkloadsMonitoring bool

    Optional. Allow partner to view violation alerts.

    DataLogsViewer bool

    Allow the partner to view inspectability logs and monitoring violations.

    ServiceAccessApprover bool

    Optional. Allow partner to view access approval logs.

    assuredWorkloadsMonitoring Boolean

    Optional. Allow partner to view violation alerts.

    dataLogsViewer Boolean

    Allow the partner to view inspectability logs and monitoring violations.

    serviceAccessApprover Boolean

    Optional. Allow partner to view access approval logs.

    assuredWorkloadsMonitoring boolean

    Optional. Allow partner to view violation alerts.

    dataLogsViewer boolean

    Allow the partner to view inspectability logs and monitoring violations.

    serviceAccessApprover boolean

    Optional. Allow partner to view access approval logs.

    assured_workloads_monitoring bool

    Optional. Allow partner to view violation alerts.

    data_logs_viewer bool

    Allow the partner to view inspectability logs and monitoring violations.

    service_access_approver bool

    Optional. Allow partner to view access approval logs.

    assuredWorkloadsMonitoring Boolean

    Optional. Allow partner to view violation alerts.

    dataLogsViewer Boolean

    Allow the partner to view inspectability logs and monitoring violations.

    serviceAccessApprover Boolean

    Optional. Allow partner to view access approval logs.

    WorkloadResource, WorkloadResourceArgs

    ResourceId int

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    ResourceType string

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    ResourceId int

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    ResourceType string

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    resourceId Integer

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    resourceType String

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    resourceId number

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    resourceType string

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    resource_id int

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    resource_type str

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    resourceId Number

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    resourceType String

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    WorkloadResourceSetting, WorkloadResourceSettingArgs

    DisplayName string

    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.

    ResourceId string

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    ResourceType string

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    DisplayName string

    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.

    ResourceId string

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    ResourceType string

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    displayName String

    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.

    resourceId String

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    resourceType String

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    displayName string

    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.

    resourceId string

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    resourceType string

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    display_name str

    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.

    resource_id str

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    resource_type str

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    displayName String

    User-assigned resource display name. If not empty it will be used to create a resource with the specified name.

    resourceId String

    Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.

    resourceType String

    Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

    WorkloadSaaEnrollmentResponse, WorkloadSaaEnrollmentResponseArgs

    SetupErrors List<string>
    SetupStatus string
    SetupErrors []string
    SetupStatus string
    setupErrors List<String>
    setupStatus String
    setupErrors string[]
    setupStatus string
    setup_errors Sequence[str]
    setup_status str
    setupErrors List<String>
    setupStatus String

    Import

    Workload can be imported using any of these accepted formats* organizations/{{organization}}/locations/{{location}}/workloads/{{name}} * {{organization}}/{{location}}/{{name}} In Terraform v1.5.0 and later, use an import block to import Workload using one of the formats above. For exampletf import {

    id = “organizations/{{organization}}/locations/{{location}}/workloads/{{name}}”

    to = google_assured_workloads_workload.default }

     $ pulumi import gcp:assuredworkloads/workload:Workload When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Workload can be imported using one of the formats above. For example
    
     $ pulumi import gcp:assuredworkloads/workload:Workload default organizations/{{organization}}/locations/{{location}}/workloads/{{name}}
    
     $ pulumi import gcp:assuredworkloads/workload:Workload default {{organization}}/{{location}}/{{name}}
    

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the google-beta Terraform Provider.

    gcp logo
    Google Cloud Classic v7.2.1 published on Wednesday, Nov 22, 2023 by Pulumi