Cloud controls are the building blocks that make up frameworks. Each cloud control is a unit encapsulating various platform-specific logic for prevention, detection, and audit.
To get more information about CloudControl, see:
Example Usage
Cloudsecuritycompliance Cloudcontrol Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const example = new gcp.cloudsecuritycompliance.CloudControl("example", {
organization: "123456789",
location: "global",
cloudControlId: "example-cloudcontrol",
displayName: "TF test CloudControl Name",
description: "A test cloud control for security compliance",
categories: ["CC_CATEGORY_INFRASTRUCTURE"],
severity: "HIGH",
findingCategory: "SECURITY_POLICY",
remediationSteps: "Review and update the security configuration according to best practices.",
supportedCloudProviders: ["GCP"],
rules: [{
description: "Ensure compute instances have secure boot enabled",
ruleActionTypes: ["RULE_ACTION_TYPE_DETECTIVE"],
celExpression: {
expression: "resource.data.shieldedInstanceConfig.enableSecureBoot == true",
resourceTypesValues: {
values: ["compute.googleapis.com/Instance"],
},
},
}],
parameterSpecs: [
{
name: "location",
displayName: "Resource Location",
description: "The location where the resource should be deployed",
valueType: "STRING",
isRequired: true,
defaultValue: {
stringValue: "us-central1",
},
validation: {
regexpPattern: {
pattern: "^[a-z]+-[a-z]+[0-9]$",
},
},
},
{
name: "enable_secure_boot",
displayName: "Enable Secure Boot",
description: "Whether to enable secure boot for instances",
valueType: "BOOLEAN",
isRequired: true,
defaultValue: {
boolValue: true,
},
substitutionRules: [{
attributeSubstitutionRule: {
attribute: "rules[0].cel_expression.expression",
},
}],
validation: {
allowedValues: {
values: [{
boolValue: true,
}],
},
},
},
{
name: "max_instances",
displayName: "Maximum Instances",
description: "Maximum number of instances allowed",
valueType: "NUMBER",
isRequired: false,
defaultValue: {
numberValue: 10,
},
substitutionRules: [{
placeholderSubstitutionRule: {
attribute: "rules[0].description",
},
}],
validation: {
intRange: {
min: "1",
max: "100",
},
},
},
{
name: "allowed_regions",
displayName: "Allowed Regions",
description: "List of regions where resources can be deployed",
valueType: "STRINGLIST",
isRequired: true,
defaultValue: {
stringListValue: {
values: [
"us-central1",
"us-east1",
"us-west1",
],
},
},
validation: {
allowedValues: {
values: [
{
stringListValue: {
values: [
"us-central1",
"us-east1",
],
},
},
{
stringListValue: {
values: [
"us-west1",
"us-west2",
],
},
},
],
},
},
},
{
name: "environment_type",
displayName: "Environment Type",
description: "The type of environment",
valueType: "STRING",
isRequired: true,
defaultValue: {
stringValue: "production",
},
validation: {
allowedValues: {
values: [
{
stringValue: "production",
},
{
stringValue: "staging",
},
{
numberValue: 1,
},
],
},
},
},
],
});
import pulumi
import pulumi_gcp as gcp
example = gcp.cloudsecuritycompliance.CloudControl("example",
organization="123456789",
location="global",
cloud_control_id="example-cloudcontrol",
display_name="TF test CloudControl Name",
description="A test cloud control for security compliance",
categories=["CC_CATEGORY_INFRASTRUCTURE"],
severity="HIGH",
finding_category="SECURITY_POLICY",
remediation_steps="Review and update the security configuration according to best practices.",
supported_cloud_providers=["GCP"],
rules=[{
"description": "Ensure compute instances have secure boot enabled",
"rule_action_types": ["RULE_ACTION_TYPE_DETECTIVE"],
"cel_expression": {
"expression": "resource.data.shieldedInstanceConfig.enableSecureBoot == true",
"resource_types_values": {
"values": ["compute.googleapis.com/Instance"],
},
},
}],
parameter_specs=[
{
"name": "location",
"display_name": "Resource Location",
"description": "The location where the resource should be deployed",
"value_type": "STRING",
"is_required": True,
"default_value": {
"string_value": "us-central1",
},
"validation": {
"regexp_pattern": {
"pattern": "^[a-z]+-[a-z]+[0-9]$",
},
},
},
{
"name": "enable_secure_boot",
"display_name": "Enable Secure Boot",
"description": "Whether to enable secure boot for instances",
"value_type": "BOOLEAN",
"is_required": True,
"default_value": {
"bool_value": True,
},
"substitution_rules": [{
"attribute_substitution_rule": {
"attribute": "rules[0].cel_expression.expression",
},
}],
"validation": {
"allowed_values": {
"values": [{
"bool_value": True,
}],
},
},
},
{
"name": "max_instances",
"display_name": "Maximum Instances",
"description": "Maximum number of instances allowed",
"value_type": "NUMBER",
"is_required": False,
"default_value": {
"number_value": 10,
},
"substitution_rules": [{
"placeholder_substitution_rule": {
"attribute": "rules[0].description",
},
}],
"validation": {
"int_range": {
"min": "1",
"max": "100",
},
},
},
{
"name": "allowed_regions",
"display_name": "Allowed Regions",
"description": "List of regions where resources can be deployed",
"value_type": "STRINGLIST",
"is_required": True,
"default_value": {
"string_list_value": {
"values": [
"us-central1",
"us-east1",
"us-west1",
],
},
},
"validation": {
"allowed_values": {
"values": [
{
"string_list_value": {
"values": [
"us-central1",
"us-east1",
],
},
},
{
"string_list_value": {
"values": [
"us-west1",
"us-west2",
],
},
},
],
},
},
},
{
"name": "environment_type",
"display_name": "Environment Type",
"description": "The type of environment",
"value_type": "STRING",
"is_required": True,
"default_value": {
"string_value": "production",
},
"validation": {
"allowed_values": {
"values": [
{
"string_value": "production",
},
{
"string_value": "staging",
},
{
"number_value": 1,
},
],
},
},
},
])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/cloudsecuritycompliance"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudsecuritycompliance.NewCloudControl(ctx, "example", &cloudsecuritycompliance.CloudControlArgs{
Organization: pulumi.String("123456789"),
Location: pulumi.String("global"),
CloudControlId: pulumi.String("example-cloudcontrol"),
DisplayName: pulumi.String("TF test CloudControl Name"),
Description: pulumi.String("A test cloud control for security compliance"),
Categories: pulumi.StringArray{
pulumi.String("CC_CATEGORY_INFRASTRUCTURE"),
},
Severity: pulumi.String("HIGH"),
FindingCategory: pulumi.String("SECURITY_POLICY"),
RemediationSteps: pulumi.String("Review and update the security configuration according to best practices."),
SupportedCloudProviders: pulumi.StringArray{
pulumi.String("GCP"),
},
Rules: cloudsecuritycompliance.CloudControlRuleArray{
&cloudsecuritycompliance.CloudControlRuleArgs{
Description: pulumi.String("Ensure compute instances have secure boot enabled"),
RuleActionTypes: pulumi.StringArray{
pulumi.String("RULE_ACTION_TYPE_DETECTIVE"),
},
CelExpression: &cloudsecuritycompliance.CloudControlRuleCelExpressionArgs{
Expression: pulumi.String("resource.data.shieldedInstanceConfig.enableSecureBoot == true"),
ResourceTypesValues: &cloudsecuritycompliance.CloudControlRuleCelExpressionResourceTypesValuesArgs{
Values: pulumi.StringArray{
pulumi.String("compute.googleapis.com/Instance"),
},
},
},
},
},
ParameterSpecs: cloudsecuritycompliance.CloudControlParameterSpecArray{
&cloudsecuritycompliance.CloudControlParameterSpecArgs{
Name: pulumi.String("location"),
DisplayName: pulumi.String("Resource Location"),
Description: pulumi.String("The location where the resource should be deployed"),
ValueType: pulumi.String("STRING"),
IsRequired: pulumi.Bool(true),
DefaultValue: &cloudsecuritycompliance.CloudControlParameterSpecDefaultValueArgs{
StringValue: pulumi.String("us-central1"),
},
Validation: &cloudsecuritycompliance.CloudControlParameterSpecValidationArgs{
RegexpPattern: &cloudsecuritycompliance.CloudControlParameterSpecValidationRegexpPatternArgs{
Pattern: pulumi.String("^[a-z]+-[a-z]+[0-9]$"),
},
},
},
&cloudsecuritycompliance.CloudControlParameterSpecArgs{
Name: pulumi.String("enable_secure_boot"),
DisplayName: pulumi.String("Enable Secure Boot"),
Description: pulumi.String("Whether to enable secure boot for instances"),
ValueType: pulumi.String("BOOLEAN"),
IsRequired: pulumi.Bool(true),
DefaultValue: &cloudsecuritycompliance.CloudControlParameterSpecDefaultValueArgs{
BoolValue: pulumi.Bool(true),
},
SubstitutionRules: cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRuleArray{
&cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRuleArgs{
AttributeSubstitutionRule: &cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRuleAttributeSubstitutionRuleArgs{
Attribute: pulumi.String("rules[0].cel_expression.expression"),
},
},
},
Validation: &cloudsecuritycompliance.CloudControlParameterSpecValidationArgs{
AllowedValues: &cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesArgs{
Values: cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArray{
&cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArgs{
BoolValue: pulumi.Bool(true),
},
},
},
},
},
&cloudsecuritycompliance.CloudControlParameterSpecArgs{
Name: pulumi.String("max_instances"),
DisplayName: pulumi.String("Maximum Instances"),
Description: pulumi.String("Maximum number of instances allowed"),
ValueType: pulumi.String("NUMBER"),
IsRequired: pulumi.Bool(false),
DefaultValue: &cloudsecuritycompliance.CloudControlParameterSpecDefaultValueArgs{
NumberValue: pulumi.Float64(10),
},
SubstitutionRules: cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRuleArray{
&cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRuleArgs{
PlaceholderSubstitutionRule: &cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRulePlaceholderSubstitutionRuleArgs{
Attribute: pulumi.String("rules[0].description"),
},
},
},
Validation: &cloudsecuritycompliance.CloudControlParameterSpecValidationArgs{
IntRange: &cloudsecuritycompliance.CloudControlParameterSpecValidationIntRangeArgs{
Min: pulumi.String("1"),
Max: pulumi.String("100"),
},
},
},
&cloudsecuritycompliance.CloudControlParameterSpecArgs{
Name: pulumi.String("allowed_regions"),
DisplayName: pulumi.String("Allowed Regions"),
Description: pulumi.String("List of regions where resources can be deployed"),
ValueType: pulumi.String("STRINGLIST"),
IsRequired: pulumi.Bool(true),
DefaultValue: &cloudsecuritycompliance.CloudControlParameterSpecDefaultValueArgs{
StringListValue: &cloudsecuritycompliance.CloudControlParameterSpecDefaultValueStringListValueArgs{
Values: pulumi.StringArray{
pulumi.String("us-central1"),
pulumi.String("us-east1"),
pulumi.String("us-west1"),
},
},
},
Validation: &cloudsecuritycompliance.CloudControlParameterSpecValidationArgs{
AllowedValues: &cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesArgs{
Values: cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArray{
&cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArgs{
StringListValue: &cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs{
Values: pulumi.StringArray{
pulumi.String("us-central1"),
pulumi.String("us-east1"),
},
},
},
&cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArgs{
StringListValue: &cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs{
Values: pulumi.StringArray{
pulumi.String("us-west1"),
pulumi.String("us-west2"),
},
},
},
},
},
},
},
&cloudsecuritycompliance.CloudControlParameterSpecArgs{
Name: pulumi.String("environment_type"),
DisplayName: pulumi.String("Environment Type"),
Description: pulumi.String("The type of environment"),
ValueType: pulumi.String("STRING"),
IsRequired: pulumi.Bool(true),
DefaultValue: &cloudsecuritycompliance.CloudControlParameterSpecDefaultValueArgs{
StringValue: pulumi.String("production"),
},
Validation: &cloudsecuritycompliance.CloudControlParameterSpecValidationArgs{
AllowedValues: &cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesArgs{
Values: cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArray{
&cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArgs{
StringValue: pulumi.String("production"),
},
&cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArgs{
StringValue: pulumi.String("staging"),
},
&cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArgs{
NumberValue: pulumi.Float64(1),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var example = new Gcp.CloudSecurityCompliance.CloudControl("example", new()
{
Organization = "123456789",
Location = "global",
CloudControlId = "example-cloudcontrol",
DisplayName = "TF test CloudControl Name",
Description = "A test cloud control for security compliance",
Categories = new[]
{
"CC_CATEGORY_INFRASTRUCTURE",
},
Severity = "HIGH",
FindingCategory = "SECURITY_POLICY",
RemediationSteps = "Review and update the security configuration according to best practices.",
SupportedCloudProviders = new[]
{
"GCP",
},
Rules = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlRuleArgs
{
Description = "Ensure compute instances have secure boot enabled",
RuleActionTypes = new[]
{
"RULE_ACTION_TYPE_DETECTIVE",
},
CelExpression = new Gcp.CloudSecurityCompliance.Inputs.CloudControlRuleCelExpressionArgs
{
Expression = "resource.data.shieldedInstanceConfig.enableSecureBoot == true",
ResourceTypesValues = new Gcp.CloudSecurityCompliance.Inputs.CloudControlRuleCelExpressionResourceTypesValuesArgs
{
Values = new[]
{
"compute.googleapis.com/Instance",
},
},
},
},
},
ParameterSpecs = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecArgs
{
Name = "location",
DisplayName = "Resource Location",
Description = "The location where the resource should be deployed",
ValueType = "STRING",
IsRequired = true,
DefaultValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecDefaultValueArgs
{
StringValue = "us-central1",
},
Validation = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationArgs
{
RegexpPattern = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationRegexpPatternArgs
{
Pattern = "^[a-z]+-[a-z]+[0-9]$",
},
},
},
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecArgs
{
Name = "enable_secure_boot",
DisplayName = "Enable Secure Boot",
Description = "Whether to enable secure boot for instances",
ValueType = "BOOLEAN",
IsRequired = true,
DefaultValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecDefaultValueArgs
{
BoolValue = true,
},
SubstitutionRules = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecSubstitutionRuleArgs
{
AttributeSubstitutionRule = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecSubstitutionRuleAttributeSubstitutionRuleArgs
{
Attribute = "rules[0].cel_expression.expression",
},
},
},
Validation = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationArgs
{
AllowedValues = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesArgs
{
Values = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueArgs
{
BoolValue = true,
},
},
},
},
},
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecArgs
{
Name = "max_instances",
DisplayName = "Maximum Instances",
Description = "Maximum number of instances allowed",
ValueType = "NUMBER",
IsRequired = false,
DefaultValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecDefaultValueArgs
{
NumberValue = 10,
},
SubstitutionRules = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecSubstitutionRuleArgs
{
PlaceholderSubstitutionRule = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecSubstitutionRulePlaceholderSubstitutionRuleArgs
{
Attribute = "rules[0].description",
},
},
},
Validation = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationArgs
{
IntRange = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationIntRangeArgs
{
Min = "1",
Max = "100",
},
},
},
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecArgs
{
Name = "allowed_regions",
DisplayName = "Allowed Regions",
Description = "List of regions where resources can be deployed",
ValueType = "STRINGLIST",
IsRequired = true,
DefaultValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecDefaultValueArgs
{
StringListValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecDefaultValueStringListValueArgs
{
Values = new[]
{
"us-central1",
"us-east1",
"us-west1",
},
},
},
Validation = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationArgs
{
AllowedValues = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesArgs
{
Values = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueArgs
{
StringListValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs
{
Values = new[]
{
"us-central1",
"us-east1",
},
},
},
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueArgs
{
StringListValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs
{
Values = new[]
{
"us-west1",
"us-west2",
},
},
},
},
},
},
},
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecArgs
{
Name = "environment_type",
DisplayName = "Environment Type",
Description = "The type of environment",
ValueType = "STRING",
IsRequired = true,
DefaultValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecDefaultValueArgs
{
StringValue = "production",
},
Validation = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationArgs
{
AllowedValues = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesArgs
{
Values = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueArgs
{
StringValue = "production",
},
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueArgs
{
StringValue = "staging",
},
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueArgs
{
NumberValue = 1,
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.cloudsecuritycompliance.CloudControl;
import com.pulumi.gcp.cloudsecuritycompliance.CloudControlArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlRuleArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlRuleCelExpressionArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlRuleCelExpressionResourceTypesValuesArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlParameterSpecArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlParameterSpecDefaultValueArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlParameterSpecValidationArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlParameterSpecValidationRegexpPatternArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlParameterSpecValidationAllowedValuesArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlParameterSpecValidationIntRangeArgs;
import com.pulumi.gcp.cloudsecuritycompliance.inputs.CloudControlParameterSpecDefaultValueStringListValueArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new CloudControl("example", CloudControlArgs.builder()
.organization("123456789")
.location("global")
.cloudControlId("example-cloudcontrol")
.displayName("TF test CloudControl Name")
.description("A test cloud control for security compliance")
.categories("CC_CATEGORY_INFRASTRUCTURE")
.severity("HIGH")
.findingCategory("SECURITY_POLICY")
.remediationSteps("Review and update the security configuration according to best practices.")
.supportedCloudProviders("GCP")
.rules(CloudControlRuleArgs.builder()
.description("Ensure compute instances have secure boot enabled")
.ruleActionTypes("RULE_ACTION_TYPE_DETECTIVE")
.celExpression(CloudControlRuleCelExpressionArgs.builder()
.expression("resource.data.shieldedInstanceConfig.enableSecureBoot == true")
.resourceTypesValues(CloudControlRuleCelExpressionResourceTypesValuesArgs.builder()
.values("compute.googleapis.com/Instance")
.build())
.build())
.build())
.parameterSpecs(
CloudControlParameterSpecArgs.builder()
.name("location")
.displayName("Resource Location")
.description("The location where the resource should be deployed")
.valueType("STRING")
.isRequired(true)
.defaultValue(CloudControlParameterSpecDefaultValueArgs.builder()
.stringValue("us-central1")
.build())
.validation(CloudControlParameterSpecValidationArgs.builder()
.regexpPattern(CloudControlParameterSpecValidationRegexpPatternArgs.builder()
.pattern("^[a-z]+-[a-z]+[0-9]$")
.build())
.build())
.build(),
CloudControlParameterSpecArgs.builder()
.name("enable_secure_boot")
.displayName("Enable Secure Boot")
.description("Whether to enable secure boot for instances")
.valueType("BOOLEAN")
.isRequired(true)
.defaultValue(CloudControlParameterSpecDefaultValueArgs.builder()
.boolValue(true)
.build())
.substitutionRules(CloudControlParameterSpecSubstitutionRuleArgs.builder()
.attributeSubstitutionRule(CloudControlParameterSpecSubstitutionRuleAttributeSubstitutionRuleArgs.builder()
.attribute("rules[0].cel_expression.expression")
.build())
.build())
.validation(CloudControlParameterSpecValidationArgs.builder()
.allowedValues(CloudControlParameterSpecValidationAllowedValuesArgs.builder()
.values(CloudControlParameterSpecValidationAllowedValuesValueArgs.builder()
.boolValue(true)
.build())
.build())
.build())
.build(),
CloudControlParameterSpecArgs.builder()
.name("max_instances")
.displayName("Maximum Instances")
.description("Maximum number of instances allowed")
.valueType("NUMBER")
.isRequired(false)
.defaultValue(CloudControlParameterSpecDefaultValueArgs.builder()
.numberValue(10.0)
.build())
.substitutionRules(CloudControlParameterSpecSubstitutionRuleArgs.builder()
.placeholderSubstitutionRule(CloudControlParameterSpecSubstitutionRulePlaceholderSubstitutionRuleArgs.builder()
.attribute("rules[0].description")
.build())
.build())
.validation(CloudControlParameterSpecValidationArgs.builder()
.intRange(CloudControlParameterSpecValidationIntRangeArgs.builder()
.min("1")
.max("100")
.build())
.build())
.build(),
CloudControlParameterSpecArgs.builder()
.name("allowed_regions")
.displayName("Allowed Regions")
.description("List of regions where resources can be deployed")
.valueType("STRINGLIST")
.isRequired(true)
.defaultValue(CloudControlParameterSpecDefaultValueArgs.builder()
.stringListValue(CloudControlParameterSpecDefaultValueStringListValueArgs.builder()
.values(
"us-central1",
"us-east1",
"us-west1")
.build())
.build())
.validation(CloudControlParameterSpecValidationArgs.builder()
.allowedValues(CloudControlParameterSpecValidationAllowedValuesArgs.builder()
.values(
CloudControlParameterSpecValidationAllowedValuesValueArgs.builder()
.stringListValue(CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs.builder()
.values(
"us-central1",
"us-east1")
.build())
.build(),
CloudControlParameterSpecValidationAllowedValuesValueArgs.builder()
.stringListValue(CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs.builder()
.values(
"us-west1",
"us-west2")
.build())
.build())
.build())
.build())
.build(),
CloudControlParameterSpecArgs.builder()
.name("environment_type")
.displayName("Environment Type")
.description("The type of environment")
.valueType("STRING")
.isRequired(true)
.defaultValue(CloudControlParameterSpecDefaultValueArgs.builder()
.stringValue("production")
.build())
.validation(CloudControlParameterSpecValidationArgs.builder()
.allowedValues(CloudControlParameterSpecValidationAllowedValuesArgs.builder()
.values(
CloudControlParameterSpecValidationAllowedValuesValueArgs.builder()
.stringValue("production")
.build(),
CloudControlParameterSpecValidationAllowedValuesValueArgs.builder()
.stringValue("staging")
.build(),
CloudControlParameterSpecValidationAllowedValuesValueArgs.builder()
.numberValue(1.0)
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: gcp:cloudsecuritycompliance:CloudControl
properties:
organization: '123456789'
location: global
cloudControlId: example-cloudcontrol
displayName: TF test CloudControl Name
description: A test cloud control for security compliance
categories:
- CC_CATEGORY_INFRASTRUCTURE
severity: HIGH
findingCategory: SECURITY_POLICY
remediationSteps: Review and update the security configuration according to best practices.
supportedCloudProviders:
- GCP
rules:
- description: Ensure compute instances have secure boot enabled
ruleActionTypes:
- RULE_ACTION_TYPE_DETECTIVE
celExpression:
expression: resource.data.shieldedInstanceConfig.enableSecureBoot == true
resourceTypesValues:
values:
- compute.googleapis.com/Instance
parameterSpecs:
- name: location
displayName: Resource Location
description: The location where the resource should be deployed
valueType: STRING
isRequired: true
defaultValue:
stringValue: us-central1
validation:
regexpPattern:
pattern: ^[a-z]+-[a-z]+[0-9]$
- name: enable_secure_boot
displayName: Enable Secure Boot
description: Whether to enable secure boot for instances
valueType: BOOLEAN
isRequired: true
defaultValue:
boolValue: true
substitutionRules:
- attributeSubstitutionRule:
attribute: rules[0].cel_expression.expression
validation:
allowedValues:
values:
- boolValue: true
- name: max_instances
displayName: Maximum Instances
description: Maximum number of instances allowed
valueType: NUMBER
isRequired: false
defaultValue:
numberValue: 10
substitutionRules:
- placeholderSubstitutionRule:
attribute: rules[0].description
validation:
intRange:
min: '1'
max: '100'
- name: allowed_regions
displayName: Allowed Regions
description: List of regions where resources can be deployed
valueType: STRINGLIST
isRequired: true
defaultValue:
stringListValue:
values:
- us-central1
- us-east1
- us-west1
validation:
allowedValues:
values:
- stringListValue:
values:
- us-central1
- us-east1
- stringListValue:
values:
- us-west1
- us-west2
- name: environment_type
displayName: Environment Type
description: The type of environment
valueType: STRING
isRequired: true
defaultValue:
stringValue: production
validation:
allowedValues:
values:
- stringValue: production
- stringValue: staging
- numberValue: 1
Create CloudControl Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CloudControl(name: string, args: CloudControlArgs, opts?: CustomResourceOptions);@overload
def CloudControl(resource_name: str,
args: CloudControlArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CloudControl(resource_name: str,
opts: Optional[ResourceOptions] = None,
cloud_control_id: Optional[str] = None,
location: Optional[str] = None,
organization: Optional[str] = None,
categories: Optional[Sequence[str]] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
finding_category: Optional[str] = None,
parameter_specs: Optional[Sequence[CloudControlParameterSpecArgs]] = None,
remediation_steps: Optional[str] = None,
rules: Optional[Sequence[CloudControlRuleArgs]] = None,
severity: Optional[str] = None,
supported_cloud_providers: Optional[Sequence[str]] = None)func NewCloudControl(ctx *Context, name string, args CloudControlArgs, opts ...ResourceOption) (*CloudControl, error)public CloudControl(string name, CloudControlArgs args, CustomResourceOptions? opts = null)
public CloudControl(String name, CloudControlArgs args)
public CloudControl(String name, CloudControlArgs args, CustomResourceOptions options)
type: gcp:cloudsecuritycompliance:CloudControl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CloudControlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CloudControlArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CloudControlArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CloudControlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CloudControlArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cloudControlResource = new Gcp.CloudSecurityCompliance.CloudControl("cloudControlResource", new()
{
CloudControlId = "string",
Location = "string",
Organization = "string",
Categories = new[]
{
"string",
},
Description = "string",
DisplayName = "string",
FindingCategory = "string",
ParameterSpecs = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecArgs
{
IsRequired = false,
Name = "string",
ValueType = "string",
DefaultValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecDefaultValueArgs
{
BoolValue = false,
NumberValue = 0,
StringListValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecDefaultValueStringListValueArgs
{
Values = new[]
{
"string",
},
},
StringValue = "string",
},
Description = "string",
DisplayName = "string",
SubstitutionRules = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecSubstitutionRuleArgs
{
AttributeSubstitutionRule = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecSubstitutionRuleAttributeSubstitutionRuleArgs
{
Attribute = "string",
},
PlaceholderSubstitutionRule = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecSubstitutionRulePlaceholderSubstitutionRuleArgs
{
Attribute = "string",
},
},
},
Validation = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationArgs
{
AllowedValues = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesArgs
{
Values = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueArgs
{
BoolValue = false,
NumberValue = 0,
StringListValue = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs
{
Values = new[]
{
"string",
},
},
StringValue = "string",
},
},
},
IntRange = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationIntRangeArgs
{
Max = "string",
Min = "string",
},
RegexpPattern = new Gcp.CloudSecurityCompliance.Inputs.CloudControlParameterSpecValidationRegexpPatternArgs
{
Pattern = "string",
},
},
},
},
RemediationSteps = "string",
Rules = new[]
{
new Gcp.CloudSecurityCompliance.Inputs.CloudControlRuleArgs
{
RuleActionTypes = new[]
{
"string",
},
CelExpression = new Gcp.CloudSecurityCompliance.Inputs.CloudControlRuleCelExpressionArgs
{
Expression = "string",
ResourceTypesValues = new Gcp.CloudSecurityCompliance.Inputs.CloudControlRuleCelExpressionResourceTypesValuesArgs
{
Values = new[]
{
"string",
},
},
},
Description = "string",
},
},
Severity = "string",
SupportedCloudProviders = new[]
{
"string",
},
});
example, err := cloudsecuritycompliance.NewCloudControl(ctx, "cloudControlResource", &cloudsecuritycompliance.CloudControlArgs{
CloudControlId: pulumi.String("string"),
Location: pulumi.String("string"),
Organization: pulumi.String("string"),
Categories: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
FindingCategory: pulumi.String("string"),
ParameterSpecs: cloudsecuritycompliance.CloudControlParameterSpecArray{
&cloudsecuritycompliance.CloudControlParameterSpecArgs{
IsRequired: pulumi.Bool(false),
Name: pulumi.String("string"),
ValueType: pulumi.String("string"),
DefaultValue: &cloudsecuritycompliance.CloudControlParameterSpecDefaultValueArgs{
BoolValue: pulumi.Bool(false),
NumberValue: pulumi.Float64(0),
StringListValue: &cloudsecuritycompliance.CloudControlParameterSpecDefaultValueStringListValueArgs{
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
StringValue: pulumi.String("string"),
},
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
SubstitutionRules: cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRuleArray{
&cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRuleArgs{
AttributeSubstitutionRule: &cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRuleAttributeSubstitutionRuleArgs{
Attribute: pulumi.String("string"),
},
PlaceholderSubstitutionRule: &cloudsecuritycompliance.CloudControlParameterSpecSubstitutionRulePlaceholderSubstitutionRuleArgs{
Attribute: pulumi.String("string"),
},
},
},
Validation: &cloudsecuritycompliance.CloudControlParameterSpecValidationArgs{
AllowedValues: &cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesArgs{
Values: cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArray{
&cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueArgs{
BoolValue: pulumi.Bool(false),
NumberValue: pulumi.Float64(0),
StringListValue: &cloudsecuritycompliance.CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs{
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
StringValue: pulumi.String("string"),
},
},
},
IntRange: &cloudsecuritycompliance.CloudControlParameterSpecValidationIntRangeArgs{
Max: pulumi.String("string"),
Min: pulumi.String("string"),
},
RegexpPattern: &cloudsecuritycompliance.CloudControlParameterSpecValidationRegexpPatternArgs{
Pattern: pulumi.String("string"),
},
},
},
},
RemediationSteps: pulumi.String("string"),
Rules: cloudsecuritycompliance.CloudControlRuleArray{
&cloudsecuritycompliance.CloudControlRuleArgs{
RuleActionTypes: pulumi.StringArray{
pulumi.String("string"),
},
CelExpression: &cloudsecuritycompliance.CloudControlRuleCelExpressionArgs{
Expression: pulumi.String("string"),
ResourceTypesValues: &cloudsecuritycompliance.CloudControlRuleCelExpressionResourceTypesValuesArgs{
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Description: pulumi.String("string"),
},
},
Severity: pulumi.String("string"),
SupportedCloudProviders: pulumi.StringArray{
pulumi.String("string"),
},
})
var cloudControlResource = new CloudControl("cloudControlResource", CloudControlArgs.builder()
.cloudControlId("string")
.location("string")
.organization("string")
.categories("string")
.description("string")
.displayName("string")
.findingCategory("string")
.parameterSpecs(CloudControlParameterSpecArgs.builder()
.isRequired(false)
.name("string")
.valueType("string")
.defaultValue(CloudControlParameterSpecDefaultValueArgs.builder()
.boolValue(false)
.numberValue(0.0)
.stringListValue(CloudControlParameterSpecDefaultValueStringListValueArgs.builder()
.values("string")
.build())
.stringValue("string")
.build())
.description("string")
.displayName("string")
.substitutionRules(CloudControlParameterSpecSubstitutionRuleArgs.builder()
.attributeSubstitutionRule(CloudControlParameterSpecSubstitutionRuleAttributeSubstitutionRuleArgs.builder()
.attribute("string")
.build())
.placeholderSubstitutionRule(CloudControlParameterSpecSubstitutionRulePlaceholderSubstitutionRuleArgs.builder()
.attribute("string")
.build())
.build())
.validation(CloudControlParameterSpecValidationArgs.builder()
.allowedValues(CloudControlParameterSpecValidationAllowedValuesArgs.builder()
.values(CloudControlParameterSpecValidationAllowedValuesValueArgs.builder()
.boolValue(false)
.numberValue(0.0)
.stringListValue(CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs.builder()
.values("string")
.build())
.stringValue("string")
.build())
.build())
.intRange(CloudControlParameterSpecValidationIntRangeArgs.builder()
.max("string")
.min("string")
.build())
.regexpPattern(CloudControlParameterSpecValidationRegexpPatternArgs.builder()
.pattern("string")
.build())
.build())
.build())
.remediationSteps("string")
.rules(CloudControlRuleArgs.builder()
.ruleActionTypes("string")
.celExpression(CloudControlRuleCelExpressionArgs.builder()
.expression("string")
.resourceTypesValues(CloudControlRuleCelExpressionResourceTypesValuesArgs.builder()
.values("string")
.build())
.build())
.description("string")
.build())
.severity("string")
.supportedCloudProviders("string")
.build());
cloud_control_resource = gcp.cloudsecuritycompliance.CloudControl("cloudControlResource",
cloud_control_id="string",
location="string",
organization="string",
categories=["string"],
description="string",
display_name="string",
finding_category="string",
parameter_specs=[{
"is_required": False,
"name": "string",
"value_type": "string",
"default_value": {
"bool_value": False,
"number_value": 0,
"string_list_value": {
"values": ["string"],
},
"string_value": "string",
},
"description": "string",
"display_name": "string",
"substitution_rules": [{
"attribute_substitution_rule": {
"attribute": "string",
},
"placeholder_substitution_rule": {
"attribute": "string",
},
}],
"validation": {
"allowed_values": {
"values": [{
"bool_value": False,
"number_value": 0,
"string_list_value": {
"values": ["string"],
},
"string_value": "string",
}],
},
"int_range": {
"max": "string",
"min": "string",
},
"regexp_pattern": {
"pattern": "string",
},
},
}],
remediation_steps="string",
rules=[{
"rule_action_types": ["string"],
"cel_expression": {
"expression": "string",
"resource_types_values": {
"values": ["string"],
},
},
"description": "string",
}],
severity="string",
supported_cloud_providers=["string"])
const cloudControlResource = new gcp.cloudsecuritycompliance.CloudControl("cloudControlResource", {
cloudControlId: "string",
location: "string",
organization: "string",
categories: ["string"],
description: "string",
displayName: "string",
findingCategory: "string",
parameterSpecs: [{
isRequired: false,
name: "string",
valueType: "string",
defaultValue: {
boolValue: false,
numberValue: 0,
stringListValue: {
values: ["string"],
},
stringValue: "string",
},
description: "string",
displayName: "string",
substitutionRules: [{
attributeSubstitutionRule: {
attribute: "string",
},
placeholderSubstitutionRule: {
attribute: "string",
},
}],
validation: {
allowedValues: {
values: [{
boolValue: false,
numberValue: 0,
stringListValue: {
values: ["string"],
},
stringValue: "string",
}],
},
intRange: {
max: "string",
min: "string",
},
regexpPattern: {
pattern: "string",
},
},
}],
remediationSteps: "string",
rules: [{
ruleActionTypes: ["string"],
celExpression: {
expression: "string",
resourceTypesValues: {
values: ["string"],
},
},
description: "string",
}],
severity: "string",
supportedCloudProviders: ["string"],
});
type: gcp:cloudsecuritycompliance:CloudControl
properties:
categories:
- string
cloudControlId: string
description: string
displayName: string
findingCategory: string
location: string
organization: string
parameterSpecs:
- defaultValue:
boolValue: false
numberValue: 0
stringListValue:
values:
- string
stringValue: string
description: string
displayName: string
isRequired: false
name: string
substitutionRules:
- attributeSubstitutionRule:
attribute: string
placeholderSubstitutionRule:
attribute: string
validation:
allowedValues:
values:
- boolValue: false
numberValue: 0
stringListValue:
values:
- string
stringValue: string
intRange:
max: string
min: string
regexpPattern:
pattern: string
valueType: string
remediationSteps: string
rules:
- celExpression:
expression: string
resourceTypesValues:
values:
- string
description: string
ruleActionTypes:
- string
severity: string
supportedCloudProviders:
- string
CloudControl Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CloudControl resource accepts the following input properties:
- Cloud
Control stringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - Location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - Organization string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Categories List<string>
- The categories of the cloud control.
- Description string
- A description of the cloud control. The maximum length is 2000 characters.
- Display
Name string - The display name of the cloud control. The maximum length is 200 characters.
- Finding
Category string - The finding_category of the cloud control. The maximum length is 255 characters.
- Parameter
Specs List<CloudControl Parameter Spec> - The parameter spec of the cloud control. Structure is documented below.
- Remediation
Steps string - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- Rules
List<Cloud
Control Rule> - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- Severity string
- Possible values: CRITICAL HIGH MEDIUM LOW
- Supported
Cloud List<string>Providers - cloud providers supported
- Cloud
Control stringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - Location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - Organization string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Categories []string
- The categories of the cloud control.
- Description string
- A description of the cloud control. The maximum length is 2000 characters.
- Display
Name string - The display name of the cloud control. The maximum length is 200 characters.
- Finding
Category string - The finding_category of the cloud control. The maximum length is 255 characters.
- Parameter
Specs []CloudControl Parameter Spec Args - The parameter spec of the cloud control. Structure is documented below.
- Remediation
Steps string - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- Rules
[]Cloud
Control Rule Args - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- Severity string
- Possible values: CRITICAL HIGH MEDIUM LOW
- Supported
Cloud []stringProviders - cloud providers supported
- cloud
Control StringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - location String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - organization String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - categories List<String>
- The categories of the cloud control.
- description String
- A description of the cloud control. The maximum length is 2000 characters.
- display
Name String - The display name of the cloud control. The maximum length is 200 characters.
- finding
Category String - The finding_category of the cloud control. The maximum length is 255 characters.
- parameter
Specs List<CloudControl Parameter Spec> - The parameter spec of the cloud control. Structure is documented below.
- remediation
Steps String - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- rules
List<Cloud
Control Rule> - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- severity String
- Possible values: CRITICAL HIGH MEDIUM LOW
- supported
Cloud List<String>Providers - cloud providers supported
- cloud
Control stringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - organization string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - categories string[]
- The categories of the cloud control.
- description string
- A description of the cloud control. The maximum length is 2000 characters.
- display
Name string - The display name of the cloud control. The maximum length is 200 characters.
- finding
Category string - The finding_category of the cloud control. The maximum length is 255 characters.
- parameter
Specs CloudControl Parameter Spec[] - The parameter spec of the cloud control. Structure is documented below.
- remediation
Steps string - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- rules
Cloud
Control Rule[] - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- severity string
- Possible values: CRITICAL HIGH MEDIUM LOW
- supported
Cloud string[]Providers - cloud providers supported
- cloud_
control_ strid - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - location str
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - organization str
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - categories Sequence[str]
- The categories of the cloud control.
- description str
- A description of the cloud control. The maximum length is 2000 characters.
- display_
name str - The display name of the cloud control. The maximum length is 200 characters.
- finding_
category str - The finding_category of the cloud control. The maximum length is 255 characters.
- parameter_
specs Sequence[CloudControl Parameter Spec Args] - The parameter spec of the cloud control. Structure is documented below.
- remediation_
steps str - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- rules
Sequence[Cloud
Control Rule Args] - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- severity str
- Possible values: CRITICAL HIGH MEDIUM LOW
- supported_
cloud_ Sequence[str]providers - cloud providers supported
- cloud
Control StringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - location String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - organization String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - categories List<String>
- The categories of the cloud control.
- description String
- A description of the cloud control. The maximum length is 2000 characters.
- display
Name String - The display name of the cloud control. The maximum length is 200 characters.
- finding
Category String - The finding_category of the cloud control. The maximum length is 255 characters.
- parameter
Specs List<Property Map> - The parameter spec of the cloud control. Structure is documented below.
- remediation
Steps String - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- rules List<Property Map>
- The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- severity String
- Possible values: CRITICAL HIGH MEDIUM LOW
- supported
Cloud List<String>Providers - cloud providers supported
Outputs
All input properties are implicitly available as output properties. Additionally, the CloudControl resource produces the following output properties:
- Create
Time string - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Major
Revision stringId - Major revision of the cloud control incremented in ascending order.
- Name string
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- List<string>
- The Frameworks that include this CloudControl
- Supported
Enforcement List<string>Modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- Supported
Target List<string>Resource Types - target resource types supported by the CloudControl.
- Create
Time string - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- Id string
- The provider-assigned unique ID for this managed resource.
- Major
Revision stringId - Major revision of the cloud control incremented in ascending order.
- Name string
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- []string
- The Frameworks that include this CloudControl
- Supported
Enforcement []stringModes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- Supported
Target []stringResource Types - target resource types supported by the CloudControl.
- create
Time String - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- id String
- The provider-assigned unique ID for this managed resource.
- major
Revision StringId - Major revision of the cloud control incremented in ascending order.
- name String
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- List<String>
- The Frameworks that include this CloudControl
- supported
Enforcement List<String>Modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- supported
Target List<String>Resource Types - target resource types supported by the CloudControl.
- create
Time string - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- id string
- The provider-assigned unique ID for this managed resource.
- major
Revision stringId - Major revision of the cloud control incremented in ascending order.
- name string
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- string[]
- The Frameworks that include this CloudControl
- supported
Enforcement string[]Modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- supported
Target string[]Resource Types - target resource types supported by the CloudControl.
- create_
time str - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- id str
- The provider-assigned unique ID for this managed resource.
- major_
revision_ strid - Major revision of the cloud control incremented in ascending order.
- name str
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- Sequence[str]
- The Frameworks that include this CloudControl
- supported_
enforcement_ Sequence[str]modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- supported_
target_ Sequence[str]resource_ types - target resource types supported by the CloudControl.
- create
Time String - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- id String
- The provider-assigned unique ID for this managed resource.
- major
Revision StringId - Major revision of the cloud control incremented in ascending order.
- name String
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- List<String>
- The Frameworks that include this CloudControl
- supported
Enforcement List<String>Modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- supported
Target List<String>Resource Types - target resource types supported by the CloudControl.
Look up Existing CloudControl Resource
Get an existing CloudControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CloudControlState, opts?: CustomResourceOptions): CloudControl@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
categories: Optional[Sequence[str]] = None,
cloud_control_id: Optional[str] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
finding_category: Optional[str] = None,
location: Optional[str] = None,
major_revision_id: Optional[str] = None,
name: Optional[str] = None,
organization: Optional[str] = None,
parameter_specs: Optional[Sequence[CloudControlParameterSpecArgs]] = None,
related_frameworks: Optional[Sequence[str]] = None,
remediation_steps: Optional[str] = None,
rules: Optional[Sequence[CloudControlRuleArgs]] = None,
severity: Optional[str] = None,
supported_cloud_providers: Optional[Sequence[str]] = None,
supported_enforcement_modes: Optional[Sequence[str]] = None,
supported_target_resource_types: Optional[Sequence[str]] = None) -> CloudControlfunc GetCloudControl(ctx *Context, name string, id IDInput, state *CloudControlState, opts ...ResourceOption) (*CloudControl, error)public static CloudControl Get(string name, Input<string> id, CloudControlState? state, CustomResourceOptions? opts = null)public static CloudControl get(String name, Output<String> id, CloudControlState state, CustomResourceOptions options)resources: _: type: gcp:cloudsecuritycompliance:CloudControl get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Categories List<string>
- The categories of the cloud control.
- Cloud
Control stringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - Create
Time string - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- Description string
- A description of the cloud control. The maximum length is 2000 characters.
- Display
Name string - The display name of the cloud control. The maximum length is 200 characters.
- Finding
Category string - The finding_category of the cloud control. The maximum length is 255 characters.
- Location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - Major
Revision stringId - Major revision of the cloud control incremented in ascending order.
- Name string
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- Organization string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Parameter
Specs List<CloudControl Parameter Spec> - The parameter spec of the cloud control. Structure is documented below.
- List<string>
- The Frameworks that include this CloudControl
- Remediation
Steps string - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- Rules
List<Cloud
Control Rule> - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- Severity string
- Possible values: CRITICAL HIGH MEDIUM LOW
- Supported
Cloud List<string>Providers - cloud providers supported
- Supported
Enforcement List<string>Modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- Supported
Target List<string>Resource Types - target resource types supported by the CloudControl.
- Categories []string
- The categories of the cloud control.
- Cloud
Control stringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - Create
Time string - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- Description string
- A description of the cloud control. The maximum length is 2000 characters.
- Display
Name string - The display name of the cloud control. The maximum length is 200 characters.
- Finding
Category string - The finding_category of the cloud control. The maximum length is 255 characters.
- Location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - Major
Revision stringId - Major revision of the cloud control incremented in ascending order.
- Name string
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- Organization string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Parameter
Specs []CloudControl Parameter Spec Args - The parameter spec of the cloud control. Structure is documented below.
- []string
- The Frameworks that include this CloudControl
- Remediation
Steps string - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- Rules
[]Cloud
Control Rule Args - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- Severity string
- Possible values: CRITICAL HIGH MEDIUM LOW
- Supported
Cloud []stringProviders - cloud providers supported
- Supported
Enforcement []stringModes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- Supported
Target []stringResource Types - target resource types supported by the CloudControl.
- categories List<String>
- The categories of the cloud control.
- cloud
Control StringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - create
Time String - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- description String
- A description of the cloud control. The maximum length is 2000 characters.
- display
Name String - The display name of the cloud control. The maximum length is 200 characters.
- finding
Category String - The finding_category of the cloud control. The maximum length is 255 characters.
- location String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - major
Revision StringId - Major revision of the cloud control incremented in ascending order.
- name String
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- organization String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - parameter
Specs List<CloudControl Parameter Spec> - The parameter spec of the cloud control. Structure is documented below.
- List<String>
- The Frameworks that include this CloudControl
- remediation
Steps String - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- rules
List<Cloud
Control Rule> - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- severity String
- Possible values: CRITICAL HIGH MEDIUM LOW
- supported
Cloud List<String>Providers - cloud providers supported
- supported
Enforcement List<String>Modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- supported
Target List<String>Resource Types - target resource types supported by the CloudControl.
- categories string[]
- The categories of the cloud control.
- cloud
Control stringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - create
Time string - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- description string
- A description of the cloud control. The maximum length is 2000 characters.
- display
Name string - The display name of the cloud control. The maximum length is 200 characters.
- finding
Category string - The finding_category of the cloud control. The maximum length is 255 characters.
- location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - major
Revision stringId - Major revision of the cloud control incremented in ascending order.
- name string
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- organization string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - parameter
Specs CloudControl Parameter Spec[] - The parameter spec of the cloud control. Structure is documented below.
- string[]
- The Frameworks that include this CloudControl
- remediation
Steps string - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- rules
Cloud
Control Rule[] - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- severity string
- Possible values: CRITICAL HIGH MEDIUM LOW
- supported
Cloud string[]Providers - cloud providers supported
- supported
Enforcement string[]Modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- supported
Target string[]Resource Types - target resource types supported by the CloudControl.
- categories Sequence[str]
- The categories of the cloud control.
- cloud_
control_ strid - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - create_
time str - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- description str
- A description of the cloud control. The maximum length is 2000 characters.
- display_
name str - The display name of the cloud control. The maximum length is 200 characters.
- finding_
category str - The finding_category of the cloud control. The maximum length is 255 characters.
- location str
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - major_
revision_ strid - Major revision of the cloud control incremented in ascending order.
- name str
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- organization str
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - parameter_
specs Sequence[CloudControl Parameter Spec Args] - The parameter spec of the cloud control. Structure is documented below.
- Sequence[str]
- The Frameworks that include this CloudControl
- remediation_
steps str - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- rules
Sequence[Cloud
Control Rule Args] - The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- severity str
- Possible values: CRITICAL HIGH MEDIUM LOW
- supported_
cloud_ Sequence[str]providers - cloud providers supported
- supported_
enforcement_ Sequence[str]modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- supported_
target_ Sequence[str]resource_ types - target resource types supported by the CloudControl.
- categories List<String>
- The categories of the cloud control.
- cloud
Control StringId - ID of the CloudControl.
This is the last segment of the CloudControl resource name.
Format:
^a-zA-Z{0,61}[a-zA-Z0-9]$. - create
Time String - The last updated time of the cloud control. The create_time is used because a new CC is created whenever we update an existing CC.
- description String
- A description of the cloud control. The maximum length is 2000 characters.
- display
Name String - The display name of the cloud control. The maximum length is 200 characters.
- finding
Category String - The finding_category of the cloud control. The maximum length is 255 characters.
- location String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Currently, only "global" is supported as a location. - major
Revision StringId - Major revision of the cloud control incremented in ascending order.
- name String
- Identifier. The resource name of the cloud control. Format: organizations/{organization}/locations/{location}/cloudControls/{cloud_control_id}
- organization String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - parameter
Specs List<Property Map> - The parameter spec of the cloud control. Structure is documented below.
- List<String>
- The Frameworks that include this CloudControl
- remediation
Steps String - The remediation steps for the findings generated by the cloud control. The maximum length is 400 characters.
- rules List<Property Map>
- The Policy to be enforced to prevent/detect resource non-compliance. Structure is documented below.
- severity String
- Possible values: CRITICAL HIGH MEDIUM LOW
- supported
Cloud List<String>Providers - cloud providers supported
- supported
Enforcement List<String>Modes - The supported enforcement mode of the cloud control. Default is DETECTIVE.
- supported
Target List<String>Resource Types - target resource types supported by the CloudControl.
Supporting Types
CloudControlParameterSpec, CloudControlParameterSpecArgs
- Is
Required bool - if the parameter is required
- Name string
- The name of the parameter.
- Value
Type string - Parameter value type. Possible values: STRING BOOLEAN STRINGLIST NUMBER ONEOF
- Default
Value CloudControl Parameter Spec Default Value - Possible parameter value types. Structure is documented below.
- Description string
- The description of the parameter. The maximum length is 2000 characters.
- Display
Name string - The display name of the parameter. The maximum length is 200 characters.
- Substitution
Rules List<CloudControl Parameter Spec Substitution Rule> - List of parameter substitutions. Structure is documented below.
- Validation
Cloud
Control Parameter Spec Validation - Validation of the parameter. Structure is documented below.
- Is
Required bool - if the parameter is required
- Name string
- The name of the parameter.
- Value
Type string - Parameter value type. Possible values: STRING BOOLEAN STRINGLIST NUMBER ONEOF
- Default
Value CloudControl Parameter Spec Default Value - Possible parameter value types. Structure is documented below.
- Description string
- The description of the parameter. The maximum length is 2000 characters.
- Display
Name string - The display name of the parameter. The maximum length is 200 characters.
- Substitution
Rules []CloudControl Parameter Spec Substitution Rule - List of parameter substitutions. Structure is documented below.
- Validation
Cloud
Control Parameter Spec Validation - Validation of the parameter. Structure is documented below.
- is
Required Boolean - if the parameter is required
- name String
- The name of the parameter.
- value
Type String - Parameter value type. Possible values: STRING BOOLEAN STRINGLIST NUMBER ONEOF
- default
Value CloudControl Parameter Spec Default Value - Possible parameter value types. Structure is documented below.
- description String
- The description of the parameter. The maximum length is 2000 characters.
- display
Name String - The display name of the parameter. The maximum length is 200 characters.
- substitution
Rules List<CloudControl Parameter Spec Substitution Rule> - List of parameter substitutions. Structure is documented below.
- validation
Cloud
Control Parameter Spec Validation - Validation of the parameter. Structure is documented below.
- is
Required boolean - if the parameter is required
- name string
- The name of the parameter.
- value
Type string - Parameter value type. Possible values: STRING BOOLEAN STRINGLIST NUMBER ONEOF
- default
Value CloudControl Parameter Spec Default Value - Possible parameter value types. Structure is documented below.
- description string
- The description of the parameter. The maximum length is 2000 characters.
- display
Name string - The display name of the parameter. The maximum length is 200 characters.
- substitution
Rules CloudControl Parameter Spec Substitution Rule[] - List of parameter substitutions. Structure is documented below.
- validation
Cloud
Control Parameter Spec Validation - Validation of the parameter. Structure is documented below.
- is_
required bool - if the parameter is required
- name str
- The name of the parameter.
- value_
type str - Parameter value type. Possible values: STRING BOOLEAN STRINGLIST NUMBER ONEOF
- default_
value CloudControl Parameter Spec Default Value - Possible parameter value types. Structure is documented below.
- description str
- The description of the parameter. The maximum length is 2000 characters.
- display_
name str - The display name of the parameter. The maximum length is 200 characters.
- substitution_
rules Sequence[CloudControl Parameter Spec Substitution Rule] - List of parameter substitutions. Structure is documented below.
- validation
Cloud
Control Parameter Spec Validation - Validation of the parameter. Structure is documented below.
- is
Required Boolean - if the parameter is required
- name String
- The name of the parameter.
- value
Type String - Parameter value type. Possible values: STRING BOOLEAN STRINGLIST NUMBER ONEOF
- default
Value Property Map - Possible parameter value types. Structure is documented below.
- description String
- The description of the parameter. The maximum length is 2000 characters.
- display
Name String - The display name of the parameter. The maximum length is 200 characters.
- substitution
Rules List<Property Map> - List of parameter substitutions. Structure is documented below.
- validation Property Map
- Validation of the parameter. Structure is documented below.
CloudControlParameterSpecDefaultValue, CloudControlParameterSpecDefaultValueArgs
- Bool
Value bool - Represents a boolean value.
- Number
Value double - Represents a double value.
- String
List CloudValue Control Parameter Spec Default Value String List Value - A list of strings. Structure is documented below.
- String
Value string - Represents a string value.
- Bool
Value bool - Represents a boolean value.
- Number
Value float64 - Represents a double value.
- String
List CloudValue Control Parameter Spec Default Value String List Value - A list of strings. Structure is documented below.
- String
Value string - Represents a string value.
- bool
Value Boolean - Represents a boolean value.
- number
Value Double - Represents a double value.
- string
List CloudValue Control Parameter Spec Default Value String List Value - A list of strings. Structure is documented below.
- string
Value String - Represents a string value.
- bool
Value boolean - Represents a boolean value.
- number
Value number - Represents a double value.
- string
List CloudValue Control Parameter Spec Default Value String List Value - A list of strings. Structure is documented below.
- string
Value string - Represents a string value.
- bool_
value bool - Represents a boolean value.
- number_
value float - Represents a double value.
- string_
list_ Cloudvalue Control Parameter Spec Default Value String List Value - A list of strings. Structure is documented below.
- string_
value str - Represents a string value.
- bool
Value Boolean - Represents a boolean value.
- number
Value Number - Represents a double value.
- string
List Property MapValue - A list of strings. Structure is documented below.
- string
Value String - Represents a string value.
CloudControlParameterSpecDefaultValueStringListValue, CloudControlParameterSpecDefaultValueStringListValueArgs
- Values List<string>
- The strings in the list.
- Values []string
- The strings in the list.
- values List<String>
- The strings in the list.
- values string[]
- The strings in the list.
- values Sequence[str]
- The strings in the list.
- values List<String>
- The strings in the list.
CloudControlParameterSpecSubstitutionRule, CloudControlParameterSpecSubstitutionRuleArgs
- Attribute
Substitution CloudRule Control Parameter Spec Substitution Rule Attribute Substitution Rule - Attribute at the given path is substituted entirely. Structure is documented below.
- Placeholder
Substitution CloudRule Control Parameter Spec Substitution Rule Placeholder Substitution Rule - Placeholder is substituted in the rendered string. Structure is documented below.
- Attribute
Substitution CloudRule Control Parameter Spec Substitution Rule Attribute Substitution Rule - Attribute at the given path is substituted entirely. Structure is documented below.
- Placeholder
Substitution CloudRule Control Parameter Spec Substitution Rule Placeholder Substitution Rule - Placeholder is substituted in the rendered string. Structure is documented below.
- attribute
Substitution CloudRule Control Parameter Spec Substitution Rule Attribute Substitution Rule - Attribute at the given path is substituted entirely. Structure is documented below.
- placeholder
Substitution CloudRule Control Parameter Spec Substitution Rule Placeholder Substitution Rule - Placeholder is substituted in the rendered string. Structure is documented below.
- attribute
Substitution CloudRule Control Parameter Spec Substitution Rule Attribute Substitution Rule - Attribute at the given path is substituted entirely. Structure is documented below.
- placeholder
Substitution CloudRule Control Parameter Spec Substitution Rule Placeholder Substitution Rule - Placeholder is substituted in the rendered string. Structure is documented below.
- attribute_
substitution_ Cloudrule Control Parameter Spec Substitution Rule Attribute Substitution Rule - Attribute at the given path is substituted entirely. Structure is documented below.
- placeholder_
substitution_ Cloudrule Control Parameter Spec Substitution Rule Placeholder Substitution Rule - Placeholder is substituted in the rendered string. Structure is documented below.
- attribute
Substitution Property MapRule - Attribute at the given path is substituted entirely. Structure is documented below.
- placeholder
Substitution Property MapRule - Placeholder is substituted in the rendered string. Structure is documented below.
CloudControlParameterSpecSubstitutionRuleAttributeSubstitutionRule, CloudControlParameterSpecSubstitutionRuleAttributeSubstitutionRuleArgs
- Attribute string
- Fully qualified proto attribute path (in dot notation). Example: rules[0].cel_expression.resource_types_values
- Attribute string
- Fully qualified proto attribute path (in dot notation). Example: rules[0].cel_expression.resource_types_values
- attribute String
- Fully qualified proto attribute path (in dot notation). Example: rules[0].cel_expression.resource_types_values
- attribute string
- Fully qualified proto attribute path (in dot notation). Example: rules[0].cel_expression.resource_types_values
- attribute str
- Fully qualified proto attribute path (in dot notation). Example: rules[0].cel_expression.resource_types_values
- attribute String
- Fully qualified proto attribute path (in dot notation). Example: rules[0].cel_expression.resource_types_values
CloudControlParameterSpecSubstitutionRulePlaceholderSubstitutionRule, CloudControlParameterSpecSubstitutionRulePlaceholderSubstitutionRuleArgs
- Attribute string
- Fully qualified proto attribute path (e.g., dot notation)
- Attribute string
- Fully qualified proto attribute path (e.g., dot notation)
- attribute String
- Fully qualified proto attribute path (e.g., dot notation)
- attribute string
- Fully qualified proto attribute path (e.g., dot notation)
- attribute str
- Fully qualified proto attribute path (e.g., dot notation)
- attribute String
- Fully qualified proto attribute path (e.g., dot notation)
CloudControlParameterSpecValidation, CloudControlParameterSpecValidationArgs
- Allowed
Values CloudControl Parameter Spec Validation Allowed Values - Allowed set of values for the parameter. Structure is documented below.
- Int
Range CloudControl Parameter Spec Validation Int Range - Number range for number parameters. Structure is documented below.
- Regexp
Pattern CloudControl Parameter Spec Validation Regexp Pattern - Regular Expression Validator for parameter values. Structure is documented below.
- Allowed
Values CloudControl Parameter Spec Validation Allowed Values - Allowed set of values for the parameter. Structure is documented below.
- Int
Range CloudControl Parameter Spec Validation Int Range - Number range for number parameters. Structure is documented below.
- Regexp
Pattern CloudControl Parameter Spec Validation Regexp Pattern - Regular Expression Validator for parameter values. Structure is documented below.
- allowed
Values CloudControl Parameter Spec Validation Allowed Values - Allowed set of values for the parameter. Structure is documented below.
- int
Range CloudControl Parameter Spec Validation Int Range - Number range for number parameters. Structure is documented below.
- regexp
Pattern CloudControl Parameter Spec Validation Regexp Pattern - Regular Expression Validator for parameter values. Structure is documented below.
- allowed
Values CloudControl Parameter Spec Validation Allowed Values - Allowed set of values for the parameter. Structure is documented below.
- int
Range CloudControl Parameter Spec Validation Int Range - Number range for number parameters. Structure is documented below.
- regexp
Pattern CloudControl Parameter Spec Validation Regexp Pattern - Regular Expression Validator for parameter values. Structure is documented below.
- allowed_
values CloudControl Parameter Spec Validation Allowed Values - Allowed set of values for the parameter. Structure is documented below.
- int_
range CloudControl Parameter Spec Validation Int Range - Number range for number parameters. Structure is documented below.
- regexp_
pattern CloudControl Parameter Spec Validation Regexp Pattern - Regular Expression Validator for parameter values. Structure is documented below.
- allowed
Values Property Map - Allowed set of values for the parameter. Structure is documented below.
- int
Range Property Map - Number range for number parameters. Structure is documented below.
- regexp
Pattern Property Map - Regular Expression Validator for parameter values. Structure is documented below.
CloudControlParameterSpecValidationAllowedValues, CloudControlParameterSpecValidationAllowedValuesArgs
- Values
List<Cloud
Control Parameter Spec Validation Allowed Values Value> - List of allowed values for the parameter. Structure is documented below.
- Values
[]Cloud
Control Parameter Spec Validation Allowed Values Value - List of allowed values for the parameter. Structure is documented below.
- values
List<Cloud
Control Parameter Spec Validation Allowed Values Value> - List of allowed values for the parameter. Structure is documented below.
- values
Cloud
Control Parameter Spec Validation Allowed Values Value[] - List of allowed values for the parameter. Structure is documented below.
- values
Sequence[Cloud
Control Parameter Spec Validation Allowed Values Value] - List of allowed values for the parameter. Structure is documented below.
- values List<Property Map>
- List of allowed values for the parameter. Structure is documented below.
CloudControlParameterSpecValidationAllowedValuesValue, CloudControlParameterSpecValidationAllowedValuesValueArgs
- Bool
Value bool - Represents a boolean value.
- Number
Value double - Represents a double value.
- String
List CloudValue Control Parameter Spec Validation Allowed Values Value String List Value - A list of strings. Structure is documented below.
- String
Value string - Represents a string value.
- Bool
Value bool - Represents a boolean value.
- Number
Value float64 - Represents a double value.
- String
List CloudValue Control Parameter Spec Validation Allowed Values Value String List Value - A list of strings. Structure is documented below.
- String
Value string - Represents a string value.
- bool
Value Boolean - Represents a boolean value.
- number
Value Double - Represents a double value.
- string
List CloudValue Control Parameter Spec Validation Allowed Values Value String List Value - A list of strings. Structure is documented below.
- string
Value String - Represents a string value.
- bool
Value boolean - Represents a boolean value.
- number
Value number - Represents a double value.
- string
List CloudValue Control Parameter Spec Validation Allowed Values Value String List Value - A list of strings. Structure is documented below.
- string
Value string - Represents a string value.
- bool_
value bool - Represents a boolean value.
- number_
value float - Represents a double value.
- string_
list_ Cloudvalue Control Parameter Spec Validation Allowed Values Value String List Value - A list of strings. Structure is documented below.
- string_
value str - Represents a string value.
- bool
Value Boolean - Represents a boolean value.
- number
Value Number - Represents a double value.
- string
List Property MapValue - A list of strings. Structure is documented below.
- string
Value String - Represents a string value.
CloudControlParameterSpecValidationAllowedValuesValueStringListValue, CloudControlParameterSpecValidationAllowedValuesValueStringListValueArgs
- Values List<string>
- The strings in the list.
- Values []string
- The strings in the list.
- values List<String>
- The strings in the list.
- values string[]
- The strings in the list.
- values Sequence[str]
- The strings in the list.
- values List<String>
- The strings in the list.
CloudControlParameterSpecValidationIntRange, CloudControlParameterSpecValidationIntRangeArgs
CloudControlParameterSpecValidationRegexpPattern, CloudControlParameterSpecValidationRegexpPatternArgs
- Pattern string
- Regex Pattern to match the value(s) of parameter.
- Pattern string
- Regex Pattern to match the value(s) of parameter.
- pattern String
- Regex Pattern to match the value(s) of parameter.
- pattern string
- Regex Pattern to match the value(s) of parameter.
- pattern str
- Regex Pattern to match the value(s) of parameter.
- pattern String
- Regex Pattern to match the value(s) of parameter.
CloudControlRule, CloudControlRuleArgs
- Rule
Action List<string>Types - The functionality enabled by the Rule.
- Cel
Expression CloudControl Rule Cel Expression - A CEL expression. Structure is documented below.
- Description string
- Description of the Rule. The maximum length is 2000 characters.
- Rule
Action []stringTypes - The functionality enabled by the Rule.
- Cel
Expression CloudControl Rule Cel Expression - A CEL expression. Structure is documented below.
- Description string
- Description of the Rule. The maximum length is 2000 characters.
- rule
Action List<String>Types - The functionality enabled by the Rule.
- cel
Expression CloudControl Rule Cel Expression - A CEL expression. Structure is documented below.
- description String
- Description of the Rule. The maximum length is 2000 characters.
- rule
Action string[]Types - The functionality enabled by the Rule.
- cel
Expression CloudControl Rule Cel Expression - A CEL expression. Structure is documented below.
- description string
- Description of the Rule. The maximum length is 2000 characters.
- rule_
action_ Sequence[str]types - The functionality enabled by the Rule.
- cel_
expression CloudControl Rule Cel Expression - A CEL expression. Structure is documented below.
- description str
- Description of the Rule. The maximum length is 2000 characters.
- rule
Action List<String>Types - The functionality enabled by the Rule.
- cel
Expression Property Map - A CEL expression. Structure is documented below.
- description String
- Description of the Rule. The maximum length is 2000 characters.
CloudControlRuleCelExpression, CloudControlRuleCelExpressionArgs
- Expression string
- Logic expression in CEL language. The max length of the condition is 1000 characters.
- Resource
Types CloudValues Control Rule Cel Expression Resource Types Values - A list of strings. Structure is documented below.
- Expression string
- Logic expression in CEL language. The max length of the condition is 1000 characters.
- Resource
Types CloudValues Control Rule Cel Expression Resource Types Values - A list of strings. Structure is documented below.
- expression String
- Logic expression in CEL language. The max length of the condition is 1000 characters.
- resource
Types CloudValues Control Rule Cel Expression Resource Types Values - A list of strings. Structure is documented below.
- expression string
- Logic expression in CEL language. The max length of the condition is 1000 characters.
- resource
Types CloudValues Control Rule Cel Expression Resource Types Values - A list of strings. Structure is documented below.
- expression str
- Logic expression in CEL language. The max length of the condition is 1000 characters.
- resource_
types_ Cloudvalues Control Rule Cel Expression Resource Types Values - A list of strings. Structure is documented below.
- expression String
- Logic expression in CEL language. The max length of the condition is 1000 characters.
- resource
Types Property MapValues - A list of strings. Structure is documented below.
CloudControlRuleCelExpressionResourceTypesValues, CloudControlRuleCelExpressionResourceTypesValuesArgs
- Values List<string>
- The strings in the list.
- Values []string
- The strings in the list.
- values List<String>
- The strings in the list.
- values string[]
- The strings in the list.
- values Sequence[str]
- The strings in the list.
- values List<String>
- The strings in the list.
Import
CloudControl can be imported using any of these accepted formats:
organizations/{{organization}}/locations/{{location}}/cloudControls/{{cloud_control_id}}{{organization}}/{{location}}/{{cloud_control_id}}
When using the pulumi import command, CloudControl can be imported using one of the formats above. For example:
$ pulumi import gcp:cloudsecuritycompliance/cloudControl:CloudControl default organizations/{{organization}}/locations/{{location}}/cloudControls/{{cloud_control_id}}
$ pulumi import gcp:cloudsecuritycompliance/cloudControl:CloudControl default {{organization}}/{{location}}/{{cloud_control_id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
