Google Cloud Classic v7.2.2, Jan 1 01

Google Cloud Classic v7.2.2 published on Monday, Jan 1, 0001 by Pulumi

gcp.compute.RegionSecurityPolicy

Explore with Pulumi AI

Google Cloud Classic v7.2.2 published on Monday, Jan 1, 0001 by Pulumi

Import

RegionSecurityPolicy can be imported using any of these accepted formats* projects/{{project}}/regions/{{region}}/securityPolicies/{{name}} * {{project}}/{{region}}/{{name}} * {{region}}/{{name}} * {{name}} In Terraform v1.5.0 and later, use an import block to import RegionSecurityPolicy using one of the formats above. For exampletf import {

id = “projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}”

to = google_compute_region_security_policy.default }

 $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), RegionSecurityPolicy can be imported using one of the formats above. For example

 $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}

 $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{project}}/{{region}}/{{name}}

 $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{region}}/{{name}}

 $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{name}}

Example Usage

Region Security Policy Basic

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var region_sec_policy_basic = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-basic", new()
    {
        Description = "basic region security policy",
        Type = "CLOUD_ARMOR",
    }, new CustomResourceOptions
    {
        Provider = google_beta,
    });

});

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-basic", &compute.RegionSecurityPolicyArgs{
			Description: pulumi.String("basic region security policy"),
			Type:        pulumi.String("CLOUD_ARMOR"),
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionSecurityPolicy;
import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var region_sec_policy_basic = new RegionSecurityPolicy("region-sec-policy-basic", RegionSecurityPolicyArgs.builder()        
            .description("basic region security policy")
            .type("CLOUD_ARMOR")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}

import pulumi
import pulumi_gcp as gcp

region_sec_policy_basic = gcp.compute.RegionSecurityPolicy("region-sec-policy-basic",
    description="basic region security policy",
    type="CLOUD_ARMOR",
    opts=pulumi.ResourceOptions(provider=google_beta))

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const region_sec_policy_basic = new gcp.compute.RegionSecurityPolicy("region-sec-policy-basic", {
    description: "basic region security policy",
    type: "CLOUD_ARMOR",
}, {
    provider: google_beta,
});

resources:
  region-sec-policy-basic:
    type: gcp:compute:RegionSecurityPolicy
    properties:
      description: basic region security policy
      type: CLOUD_ARMOR
    options:
      provider: ${["google-beta"]}

Region Security Policy With Ddos Protection Config

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var region_sec_policy_ddos_protection = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-ddos-protection", new()
    {
        Description = "with ddos protection config",
        Type = "CLOUD_ARMOR_NETWORK",
        DdosProtectionConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyDdosProtectionConfigArgs
        {
            DdosProtection = "ADVANCED_PREVIEW",
        },
    }, new CustomResourceOptions
    {
        Provider = google_beta,
    });

});

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-ddos-protection", &compute.RegionSecurityPolicyArgs{
			Description: pulumi.String("with ddos protection config"),
			Type:        pulumi.String("CLOUD_ARMOR_NETWORK"),
			DdosProtectionConfig: &compute.RegionSecurityPolicyDdosProtectionConfigArgs{
				DdosProtection: pulumi.String("ADVANCED_PREVIEW"),
			},
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionSecurityPolicy;
import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyDdosProtectionConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var region_sec_policy_ddos_protection = new RegionSecurityPolicy("region-sec-policy-ddos-protection", RegionSecurityPolicyArgs.builder()        
            .description("with ddos protection config")
            .type("CLOUD_ARMOR_NETWORK")
            .ddosProtectionConfig(RegionSecurityPolicyDdosProtectionConfigArgs.builder()
                .ddosProtection("ADVANCED_PREVIEW")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}

import pulumi
import pulumi_gcp as gcp

region_sec_policy_ddos_protection = gcp.compute.RegionSecurityPolicy("region-sec-policy-ddos-protection",
    description="with ddos protection config",
    type="CLOUD_ARMOR_NETWORK",
    ddos_protection_config=gcp.compute.RegionSecurityPolicyDdosProtectionConfigArgs(
        ddos_protection="ADVANCED_PREVIEW",
    ),
    opts=pulumi.ResourceOptions(provider=google_beta))

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const region_sec_policy_ddos_protection = new gcp.compute.RegionSecurityPolicy("region-sec-policy-ddos-protection", {
    description: "with ddos protection config",
    type: "CLOUD_ARMOR_NETWORK",
    ddosProtectionConfig: {
        ddosProtection: "ADVANCED_PREVIEW",
    },
}, {
    provider: google_beta,
});

resources:
  region-sec-policy-ddos-protection:
    type: gcp:compute:RegionSecurityPolicy
    properties:
      description: with ddos protection config
      type: CLOUD_ARMOR_NETWORK
      ddosProtectionConfig:
        ddosProtection: ADVANCED_PREVIEW
    options:
      provider: ${["google-beta"]}

Region Security Policy With User Defined Fields

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var region_sec_policy_user_defined_fields = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields", new()
    {
        Description = "with user defined fields",
        Type = "CLOUD_ARMOR_NETWORK",
        UserDefinedFields = new[]
        {
            new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs
            {
                Name = "SIG1_AT_0",
                Base = "UDP",
                Offset = 8,
                Size = 2,
                Mask = "0x8F00",
            },
            new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs
            {
                Name = "SIG2_AT_8",
                Base = "UDP",
                Offset = 16,
                Size = 4,
                Mask = "0xFFFFFFFF",
            },
        },
    }, new CustomResourceOptions
    {
        Provider = google_beta,
    });

});

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-user-defined-fields", &compute.RegionSecurityPolicyArgs{
			Description: pulumi.String("with user defined fields"),
			Type:        pulumi.String("CLOUD_ARMOR_NETWORK"),
			UserDefinedFields: compute.RegionSecurityPolicyUserDefinedFieldArray{
				&compute.RegionSecurityPolicyUserDefinedFieldArgs{
					Name:   pulumi.String("SIG1_AT_0"),
					Base:   pulumi.String("UDP"),
					Offset: pulumi.Int(8),
					Size:   pulumi.Int(2),
					Mask:   pulumi.String("0x8F00"),
				},
				&compute.RegionSecurityPolicyUserDefinedFieldArgs{
					Name:   pulumi.String("SIG2_AT_8"),
					Base:   pulumi.String("UDP"),
					Offset: pulumi.Int(16),
					Size:   pulumi.Int(4),
					Mask:   pulumi.String("0xFFFFFFFF"),
				},
			},
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionSecurityPolicy;
import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyUserDefinedFieldArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var region_sec_policy_user_defined_fields = new RegionSecurityPolicy("region-sec-policy-user-defined-fields", RegionSecurityPolicyArgs.builder()        
            .description("with user defined fields")
            .type("CLOUD_ARMOR_NETWORK")
            .userDefinedFields(            
                RegionSecurityPolicyUserDefinedFieldArgs.builder()
                    .name("SIG1_AT_0")
                    .base("UDP")
                    .offset(8)
                    .size(2)
                    .mask("0x8F00")
                    .build(),
                RegionSecurityPolicyUserDefinedFieldArgs.builder()
                    .name("SIG2_AT_8")
                    .base("UDP")
                    .offset(16)
                    .size(4)
                    .mask("0xFFFFFFFF")
                    .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}

import pulumi
import pulumi_gcp as gcp

region_sec_policy_user_defined_fields = gcp.compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields",
    description="with user defined fields",
    type="CLOUD_ARMOR_NETWORK",
    user_defined_fields=[
        gcp.compute.RegionSecurityPolicyUserDefinedFieldArgs(
            name="SIG1_AT_0",
            base="UDP",
            offset=8,
            size=2,
            mask="0x8F00",
        ),
        gcp.compute.RegionSecurityPolicyUserDefinedFieldArgs(
            name="SIG2_AT_8",
            base="UDP",
            offset=16,
            size=4,
            mask="0xFFFFFFFF",
        ),
    ],
    opts=pulumi.ResourceOptions(provider=google_beta))

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const region_sec_policy_user_defined_fields = new gcp.compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields", {
    description: "with user defined fields",
    type: "CLOUD_ARMOR_NETWORK",
    userDefinedFields: [
        {
            name: "SIG1_AT_0",
            base: "UDP",
            offset: 8,
            size: 2,
            mask: "0x8F00",
        },
        {
            name: "SIG2_AT_8",
            base: "UDP",
            offset: 16,
            size: 4,
            mask: "0xFFFFFFFF",
        },
    ],
}, {
    provider: google_beta,
});

resources:
  region-sec-policy-user-defined-fields:
    type: gcp:compute:RegionSecurityPolicy
    properties:
      description: with user defined fields
      type: CLOUD_ARMOR_NETWORK
      userDefinedFields:
        - name: SIG1_AT_0
          base: UDP
          offset: 8
          size: 2
          mask: 0x8F00
        - name: SIG2_AT_8
          base: UDP
          offset: 16
          size: 4
          mask: 0xFFFFFFFF
    options:
      provider: ${["google-beta"]}

Create RegionSecurityPolicy Resource

new RegionSecurityPolicy(name: string, args?: RegionSecurityPolicyArgs, opts?: CustomResourceOptions);

@overload
def RegionSecurityPolicy(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         ddos_protection_config: Optional[RegionSecurityPolicyDdosProtectionConfigArgs] = None,
                         description: Optional[str] = None,
                         name: Optional[str] = None,
                         project: Optional[str] = None,
                         region: Optional[str] = None,
                         type: Optional[str] = None,
                         user_defined_fields: Optional[Sequence[RegionSecurityPolicyUserDefinedFieldArgs]] = None)
@overload
def RegionSecurityPolicy(resource_name: str,
                         args: Optional[RegionSecurityPolicyArgs] = None,
                         opts: Optional[ResourceOptions] = None)

func NewRegionSecurityPolicy(ctx *Context, name string, args *RegionSecurityPolicyArgs, opts ...ResourceOption) (*RegionSecurityPolicy, error)

public RegionSecurityPolicy(string name, RegionSecurityPolicyArgs? args = null, CustomResourceOptions? opts = null)

public RegionSecurityPolicy(String name, RegionSecurityPolicyArgs args)
public RegionSecurityPolicy(String name, RegionSecurityPolicyArgs args, CustomResourceOptions options)

type: gcp:compute:RegionSecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RegionSecurityPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RegionSecurityPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RegionSecurityPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RegionSecurityPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RegionSecurityPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

RegionSecurityPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The RegionSecurityPolicy resource accepts the following input properties:

DdosProtectionConfig RegionSecurityPolicyDdosProtectionConfig

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

Description string

An optional description of this resource. Provide this property when you create the resource.

Name string

Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Region string

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

Type string

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

UserDefinedFields List<RegionSecurityPolicyUserDefinedField>

Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.

DdosProtectionConfig RegionSecurityPolicyDdosProtectionConfigArgs

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

Description string

An optional description of this resource. Provide this property when you create the resource.

Name string

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Region string

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

Type string

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

UserDefinedFields []RegionSecurityPolicyUserDefinedFieldArgs

ddosProtectionConfig RegionSecurityPolicyDdosProtectionConfig

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

description String

An optional description of this resource. Provide this property when you create the resource.

name String

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region String

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

type String

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

userDefinedFields List<RegionSecurityPolicyUserDefinedField>

ddosProtectionConfig RegionSecurityPolicyDdosProtectionConfig

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

description string

An optional description of this resource. Provide this property when you create the resource.

name string

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region string

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

type string

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

userDefinedFields RegionSecurityPolicyUserDefinedField[]

ddos_protection_config RegionSecurityPolicyDdosProtectionConfigArgs

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

description str

An optional description of this resource. Provide this property when you create the resource.

name str

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region str

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

type str

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

user_defined_fields Sequence[RegionSecurityPolicyUserDefinedFieldArgs]

ddosProtectionConfig Property Map

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

description String

An optional description of this resource. Provide this property when you create the resource.

name String

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region String

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

type String

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

userDefinedFields List<Property Map>

Outputs

All input properties are implicitly available as output properties. Additionally, the RegionSecurityPolicy resource produces the following output properties:

Fingerprint string: Fingerprint of this resource. This field is used internally during updates of this resource.
Id string: The provider-assigned unique ID for this managed resource.
PolicyId string: The unique identifier for the resource. This identifier is defined by the server.
SelfLink string: Server-defined URL for the resource.
SelfLinkWithPolicyId string: Server-defined URL for this resource with the resource id.

Fingerprint string: Fingerprint of this resource. This field is used internally during updates of this resource.
Id string: The provider-assigned unique ID for this managed resource.
PolicyId string: The unique identifier for the resource. This identifier is defined by the server.
SelfLink string: Server-defined URL for the resource.
SelfLinkWithPolicyId string: Server-defined URL for this resource with the resource id.

fingerprint String: Fingerprint of this resource. This field is used internally during updates of this resource.
id String: The provider-assigned unique ID for this managed resource.
policyId String: The unique identifier for the resource. This identifier is defined by the server.
selfLink String: Server-defined URL for the resource.
selfLinkWithPolicyId String: Server-defined URL for this resource with the resource id.

fingerprint string: Fingerprint of this resource. This field is used internally during updates of this resource.
id string: The provider-assigned unique ID for this managed resource.
policyId string: The unique identifier for the resource. This identifier is defined by the server.
selfLink string: Server-defined URL for the resource.
selfLinkWithPolicyId string: Server-defined URL for this resource with the resource id.

fingerprint str: Fingerprint of this resource. This field is used internally during updates of this resource.
id str: The provider-assigned unique ID for this managed resource.
policy_id str: The unique identifier for the resource. This identifier is defined by the server.
self_link str: Server-defined URL for the resource.
self_link_with_policy_id str: Server-defined URL for this resource with the resource id.

fingerprint String: Fingerprint of this resource. This field is used internally during updates of this resource.
id String: The provider-assigned unique ID for this managed resource.
policyId String: The unique identifier for the resource. This identifier is defined by the server.
selfLink String: Server-defined URL for the resource.
selfLinkWithPolicyId String: Server-defined URL for this resource with the resource id.

Look up Existing RegionSecurityPolicy Resource

Get an existing RegionSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RegionSecurityPolicyState, opts?: CustomResourceOptions): RegionSecurityPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ddos_protection_config: Optional[RegionSecurityPolicyDdosProtectionConfigArgs] = None,
        description: Optional[str] = None,
        fingerprint: Optional[str] = None,
        name: Optional[str] = None,
        policy_id: Optional[str] = None,
        project: Optional[str] = None,
        region: Optional[str] = None,
        self_link: Optional[str] = None,
        self_link_with_policy_id: Optional[str] = None,
        type: Optional[str] = None,
        user_defined_fields: Optional[Sequence[RegionSecurityPolicyUserDefinedFieldArgs]] = None) -> RegionSecurityPolicy

func GetRegionSecurityPolicy(ctx *Context, name string, id IDInput, state *RegionSecurityPolicyState, opts ...ResourceOption) (*RegionSecurityPolicy, error)

public static RegionSecurityPolicy Get(string name, Input<string> id, RegionSecurityPolicyState? state, CustomResourceOptions? opts = null)

public static RegionSecurityPolicy get(String name, Output<String> id, RegionSecurityPolicyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DdosProtectionConfig RegionSecurityPolicyDdosProtectionConfig

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

Description string

An optional description of this resource. Provide this property when you create the resource.

Fingerprint string

Fingerprint of this resource. This field is used internally during updates of this resource.

Name string

PolicyId string

The unique identifier for the resource. This identifier is defined by the server.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Region string

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

SelfLink string

Server-defined URL for the resource.

SelfLinkWithPolicyId string

Server-defined URL for this resource with the resource id.

Type string

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

UserDefinedFields List<RegionSecurityPolicyUserDefinedField>

DdosProtectionConfig RegionSecurityPolicyDdosProtectionConfigArgs

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

Description string

An optional description of this resource. Provide this property when you create the resource.

Fingerprint string

Fingerprint of this resource. This field is used internally during updates of this resource.

Name string

PolicyId string

The unique identifier for the resource. This identifier is defined by the server.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Region string

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

SelfLink string

Server-defined URL for the resource.

SelfLinkWithPolicyId string

Server-defined URL for this resource with the resource id.

Type string

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

UserDefinedFields []RegionSecurityPolicyUserDefinedFieldArgs

ddosProtectionConfig RegionSecurityPolicyDdosProtectionConfig

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

description String

An optional description of this resource. Provide this property when you create the resource.

fingerprint String

Fingerprint of this resource. This field is used internally during updates of this resource.

name String

policyId String

The unique identifier for the resource. This identifier is defined by the server.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region String

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

selfLink String

Server-defined URL for the resource.

selfLinkWithPolicyId String

Server-defined URL for this resource with the resource id.

type String

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

userDefinedFields List<RegionSecurityPolicyUserDefinedField>

ddosProtectionConfig RegionSecurityPolicyDdosProtectionConfig

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

description string

An optional description of this resource. Provide this property when you create the resource.

fingerprint string

Fingerprint of this resource. This field is used internally during updates of this resource.

name string

policyId string

The unique identifier for the resource. This identifier is defined by the server.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region string

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

selfLink string

Server-defined URL for the resource.

selfLinkWithPolicyId string

Server-defined URL for this resource with the resource id.

type string

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

userDefinedFields RegionSecurityPolicyUserDefinedField[]

ddos_protection_config RegionSecurityPolicyDdosProtectionConfigArgs

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

description str

An optional description of this resource. Provide this property when you create the resource.

fingerprint str

Fingerprint of this resource. This field is used internally during updates of this resource.

name str

policy_id str

The unique identifier for the resource. This identifier is defined by the server.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region str

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

self_link str

Server-defined URL for the resource.

self_link_with_policy_id str

Server-defined URL for this resource with the resource id.

type str

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

user_defined_fields Sequence[RegionSecurityPolicyUserDefinedFieldArgs]

ddosProtectionConfig Property Map

Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.

description String

An optional description of this resource. Provide this property when you create the resource.

fingerprint String

Fingerprint of this resource. This field is used internally during updates of this resource.

name String

policyId String

The unique identifier for the resource. This identifier is defined by the server.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region String

The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.

selfLink String

Server-defined URL for the resource.

selfLinkWithPolicyId String

Server-defined URL for this resource with the resource id.

type String

The type indicates the intended use of the security policy.

CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.

userDefinedFields List<Property Map>

Supporting Types

RegionSecurityPolicyDdosProtectionConfig, RegionSecurityPolicyDdosProtectionConfigArgs

DdosProtection string

Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.

DdosProtection string

Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.

ddosProtection String

Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.

ddosProtection string

Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.

ddos_protection str

Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.

ddosProtection String

Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.

RegionSecurityPolicyUserDefinedField, RegionSecurityPolicyUserDefinedFieldArgs

Base string

The base relative to which 'offset' is measured. Possible values are:

IPV4: Points to the beginning of the IPv4 header.
IPV6: Points to the beginning of the IPv6 header.
TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.

Mask string

If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with "0x"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.

Name string

The name of this field. Must be unique within the policy.

Offset int

Offset of the first byte of the field (in network byte order) relative to 'base'.

Size int

Size of the field in bytes. Valid values: 1-4.

Base string

The base relative to which 'offset' is measured. Possible values are:

IPV4: Points to the beginning of the IPv4 header.
IPV6: Points to the beginning of the IPv6 header.
TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.

Mask string

Name string

The name of this field. Must be unique within the policy.

Offset int

Offset of the first byte of the field (in network byte order) relative to 'base'.

Size int

Size of the field in bytes. Valid values: 1-4.

base String

The base relative to which 'offset' is measured. Possible values are:

IPV4: Points to the beginning of the IPv4 header.
IPV6: Points to the beginning of the IPv6 header.
TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.

mask String

name String

The name of this field. Must be unique within the policy.

offset Integer

Offset of the first byte of the field (in network byte order) relative to 'base'.

size Integer

Size of the field in bytes. Valid values: 1-4.

base string

The base relative to which 'offset' is measured. Possible values are:

IPV4: Points to the beginning of the IPv4 header.
IPV6: Points to the beginning of the IPv6 header.
TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.

mask string

name string

The name of this field. Must be unique within the policy.

offset number

Offset of the first byte of the field (in network byte order) relative to 'base'.

size number

Size of the field in bytes. Valid values: 1-4.

base str

The base relative to which 'offset' is measured. Possible values are:

IPV4: Points to the beginning of the IPv4 header.
IPV6: Points to the beginning of the IPv6 header.
TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.

mask str

name str

The name of this field. Must be unique within the policy.

offset int

Offset of the first byte of the field (in network byte order) relative to 'base'.

size int

Size of the field in bytes. Valid values: 1-4.

base String

The base relative to which 'offset' is measured. Possible values are:

IPV4: Points to the beginning of the IPv4 header.
IPV6: Points to the beginning of the IPv6 header.
TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.

mask String

name String

The name of this field. Must be unique within the policy.

offset Number

Offset of the first byte of the field (in network byte order) relative to 'base'.

size Number

Size of the field in bytes. Valid values: 1-4.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud Classic v7.2.2 published on Monday, Jan 1, 0001 by Pulumi

pulumi/pulumi-gcp

gcp.compute.RegionSecurityPolicy

On this page

On this page

Import

Example Usage

Region Security Policy Basic

Region Security Policy With Ddos Protection Config

Region Security Policy With User Defined Fields

Create RegionSecurityPolicy Resource

RegionSecurityPolicy Resource Properties

Inputs

Outputs

Look up Existing RegionSecurityPolicy Resource

Supporting Types

RegionSecurityPolicyDdosProtectionConfig, RegionSecurityPolicyDdosProtectionConfigArgs

RegionSecurityPolicyUserDefinedField, RegionSecurityPolicyUserDefinedFieldArgs

Package Details

On this page

On this page