1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. compute
  5. RegionSecurityPolicy
Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi

gcp.compute.RegionSecurityPolicy

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi

    Example Usage

    Region Security Policy Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const region_sec_policy_basic = new gcp.compute.RegionSecurityPolicy("region-sec-policy-basic", {
        name: "my-sec-policy-basic",
        description: "basic region security policy",
        type: "CLOUD_ARMOR",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    region_sec_policy_basic = gcp.compute.RegionSecurityPolicy("region-sec-policy-basic",
        name="my-sec-policy-basic",
        description="basic region security policy",
        type="CLOUD_ARMOR")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-basic", &compute.RegionSecurityPolicyArgs{
    			Name:        pulumi.String("my-sec-policy-basic"),
    			Description: pulumi.String("basic region security policy"),
    			Type:        pulumi.String("CLOUD_ARMOR"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var region_sec_policy_basic = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-basic", new()
        {
            Name = "my-sec-policy-basic",
            Description = "basic region security policy",
            Type = "CLOUD_ARMOR",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionSecurityPolicy;
    import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var region_sec_policy_basic = new RegionSecurityPolicy("region-sec-policy-basic", RegionSecurityPolicyArgs.builder()
                .name("my-sec-policy-basic")
                .description("basic region security policy")
                .type("CLOUD_ARMOR")
                .build());
    
        }
    }
    
    resources:
      region-sec-policy-basic:
        type: gcp:compute:RegionSecurityPolicy
        properties:
          name: my-sec-policy-basic
          description: basic region security policy
          type: CLOUD_ARMOR
    

    Region Security Policy With Ddos Protection Config

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const region_sec_policy_ddos_protection = new gcp.compute.RegionSecurityPolicy("region-sec-policy-ddos-protection", {
        name: "my-sec-policy-ddos-protection",
        description: "with ddos protection config",
        type: "CLOUD_ARMOR_NETWORK",
        ddosProtectionConfig: {
            ddosProtection: "ADVANCED_PREVIEW",
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    region_sec_policy_ddos_protection = gcp.compute.RegionSecurityPolicy("region-sec-policy-ddos-protection",
        name="my-sec-policy-ddos-protection",
        description="with ddos protection config",
        type="CLOUD_ARMOR_NETWORK",
        ddos_protection_config=gcp.compute.RegionSecurityPolicyDdosProtectionConfigArgs(
            ddos_protection="ADVANCED_PREVIEW",
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-ddos-protection", &compute.RegionSecurityPolicyArgs{
    			Name:        pulumi.String("my-sec-policy-ddos-protection"),
    			Description: pulumi.String("with ddos protection config"),
    			Type:        pulumi.String("CLOUD_ARMOR_NETWORK"),
    			DdosProtectionConfig: &compute.RegionSecurityPolicyDdosProtectionConfigArgs{
    				DdosProtection: pulumi.String("ADVANCED_PREVIEW"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var region_sec_policy_ddos_protection = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-ddos-protection", new()
        {
            Name = "my-sec-policy-ddos-protection",
            Description = "with ddos protection config",
            Type = "CLOUD_ARMOR_NETWORK",
            DdosProtectionConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyDdosProtectionConfigArgs
            {
                DdosProtection = "ADVANCED_PREVIEW",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionSecurityPolicy;
    import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
    import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyDdosProtectionConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var region_sec_policy_ddos_protection = new RegionSecurityPolicy("region-sec-policy-ddos-protection", RegionSecurityPolicyArgs.builder()
                .name("my-sec-policy-ddos-protection")
                .description("with ddos protection config")
                .type("CLOUD_ARMOR_NETWORK")
                .ddosProtectionConfig(RegionSecurityPolicyDdosProtectionConfigArgs.builder()
                    .ddosProtection("ADVANCED_PREVIEW")
                    .build())
                .build());
    
        }
    }
    
    resources:
      region-sec-policy-ddos-protection:
        type: gcp:compute:RegionSecurityPolicy
        properties:
          name: my-sec-policy-ddos-protection
          description: with ddos protection config
          type: CLOUD_ARMOR_NETWORK
          ddosProtectionConfig:
            ddosProtection: ADVANCED_PREVIEW
    

    Region Security Policy With User Defined Fields

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const region_sec_policy_user_defined_fields = new gcp.compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields", {
        name: "my-sec-policy-user-defined-fields",
        description: "with user defined fields",
        type: "CLOUD_ARMOR_NETWORK",
        userDefinedFields: [
            {
                name: "SIG1_AT_0",
                base: "UDP",
                offset: 8,
                size: 2,
                mask: "0x8F00",
            },
            {
                name: "SIG2_AT_8",
                base: "UDP",
                offset: 16,
                size: 4,
                mask: "0xFFFFFFFF",
            },
        ],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    region_sec_policy_user_defined_fields = gcp.compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields",
        name="my-sec-policy-user-defined-fields",
        description="with user defined fields",
        type="CLOUD_ARMOR_NETWORK",
        user_defined_fields=[
            gcp.compute.RegionSecurityPolicyUserDefinedFieldArgs(
                name="SIG1_AT_0",
                base="UDP",
                offset=8,
                size=2,
                mask="0x8F00",
            ),
            gcp.compute.RegionSecurityPolicyUserDefinedFieldArgs(
                name="SIG2_AT_8",
                base="UDP",
                offset=16,
                size=4,
                mask="0xFFFFFFFF",
            ),
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := compute.NewRegionSecurityPolicy(ctx, "region-sec-policy-user-defined-fields", &compute.RegionSecurityPolicyArgs{
    			Name:        pulumi.String("my-sec-policy-user-defined-fields"),
    			Description: pulumi.String("with user defined fields"),
    			Type:        pulumi.String("CLOUD_ARMOR_NETWORK"),
    			UserDefinedFields: compute.RegionSecurityPolicyUserDefinedFieldArray{
    				&compute.RegionSecurityPolicyUserDefinedFieldArgs{
    					Name:   pulumi.String("SIG1_AT_0"),
    					Base:   pulumi.String("UDP"),
    					Offset: pulumi.Int(8),
    					Size:   pulumi.Int(2),
    					Mask:   pulumi.String("0x8F00"),
    				},
    				&compute.RegionSecurityPolicyUserDefinedFieldArgs{
    					Name:   pulumi.String("SIG2_AT_8"),
    					Base:   pulumi.String("UDP"),
    					Offset: pulumi.Int(16),
    					Size:   pulumi.Int(4),
    					Mask:   pulumi.String("0xFFFFFFFF"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var region_sec_policy_user_defined_fields = new Gcp.Compute.RegionSecurityPolicy("region-sec-policy-user-defined-fields", new()
        {
            Name = "my-sec-policy-user-defined-fields",
            Description = "with user defined fields",
            Type = "CLOUD_ARMOR_NETWORK",
            UserDefinedFields = new[]
            {
                new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs
                {
                    Name = "SIG1_AT_0",
                    Base = "UDP",
                    Offset = 8,
                    Size = 2,
                    Mask = "0x8F00",
                },
                new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs
                {
                    Name = "SIG2_AT_8",
                    Base = "UDP",
                    Offset = 16,
                    Size = 4,
                    Mask = "0xFFFFFFFF",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionSecurityPolicy;
    import com.pulumi.gcp.compute.RegionSecurityPolicyArgs;
    import com.pulumi.gcp.compute.inputs.RegionSecurityPolicyUserDefinedFieldArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var region_sec_policy_user_defined_fields = new RegionSecurityPolicy("region-sec-policy-user-defined-fields", RegionSecurityPolicyArgs.builder()
                .name("my-sec-policy-user-defined-fields")
                .description("with user defined fields")
                .type("CLOUD_ARMOR_NETWORK")
                .userDefinedFields(            
                    RegionSecurityPolicyUserDefinedFieldArgs.builder()
                        .name("SIG1_AT_0")
                        .base("UDP")
                        .offset(8)
                        .size(2)
                        .mask("0x8F00")
                        .build(),
                    RegionSecurityPolicyUserDefinedFieldArgs.builder()
                        .name("SIG2_AT_8")
                        .base("UDP")
                        .offset(16)
                        .size(4)
                        .mask("0xFFFFFFFF")
                        .build())
                .build());
    
        }
    }
    
    resources:
      region-sec-policy-user-defined-fields:
        type: gcp:compute:RegionSecurityPolicy
        properties:
          name: my-sec-policy-user-defined-fields
          description: with user defined fields
          type: CLOUD_ARMOR_NETWORK
          userDefinedFields:
            - name: SIG1_AT_0
              base: UDP
              offset: 8
              size: 2
              mask: 0x8F00
            - name: SIG2_AT_8
              base: UDP
              offset: 16
              size: 4
              mask: 0xFFFFFFFF
    

    Create RegionSecurityPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new RegionSecurityPolicy(name: string, args?: RegionSecurityPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def RegionSecurityPolicy(resource_name: str,
                             args: Optional[RegionSecurityPolicyArgs] = None,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def RegionSecurityPolicy(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             ddos_protection_config: Optional[RegionSecurityPolicyDdosProtectionConfigArgs] = None,
                             description: Optional[str] = None,
                             name: Optional[str] = None,
                             project: Optional[str] = None,
                             region: Optional[str] = None,
                             type: Optional[str] = None,
                             user_defined_fields: Optional[Sequence[RegionSecurityPolicyUserDefinedFieldArgs]] = None)
    func NewRegionSecurityPolicy(ctx *Context, name string, args *RegionSecurityPolicyArgs, opts ...ResourceOption) (*RegionSecurityPolicy, error)
    public RegionSecurityPolicy(string name, RegionSecurityPolicyArgs? args = null, CustomResourceOptions? opts = null)
    public RegionSecurityPolicy(String name, RegionSecurityPolicyArgs args)
    public RegionSecurityPolicy(String name, RegionSecurityPolicyArgs args, CustomResourceOptions options)
    
    type: gcp:compute:RegionSecurityPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RegionSecurityPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RegionSecurityPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RegionSecurityPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RegionSecurityPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RegionSecurityPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var regionSecurityPolicyResource = new Gcp.Compute.RegionSecurityPolicy("regionSecurityPolicyResource", new()
    {
        DdosProtectionConfig = new Gcp.Compute.Inputs.RegionSecurityPolicyDdosProtectionConfigArgs
        {
            DdosProtection = "string",
        },
        Description = "string",
        Name = "string",
        Project = "string",
        Region = "string",
        Type = "string",
        UserDefinedFields = new[]
        {
            new Gcp.Compute.Inputs.RegionSecurityPolicyUserDefinedFieldArgs
            {
                Base = "string",
                Mask = "string",
                Name = "string",
                Offset = 0,
                Size = 0,
            },
        },
    });
    
    example, err := compute.NewRegionSecurityPolicy(ctx, "regionSecurityPolicyResource", &compute.RegionSecurityPolicyArgs{
    	DdosProtectionConfig: &compute.RegionSecurityPolicyDdosProtectionConfigArgs{
    		DdosProtection: pulumi.String("string"),
    	},
    	Description: pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	Project:     pulumi.String("string"),
    	Region:      pulumi.String("string"),
    	Type:        pulumi.String("string"),
    	UserDefinedFields: compute.RegionSecurityPolicyUserDefinedFieldArray{
    		&compute.RegionSecurityPolicyUserDefinedFieldArgs{
    			Base:   pulumi.String("string"),
    			Mask:   pulumi.String("string"),
    			Name:   pulumi.String("string"),
    			Offset: pulumi.Int(0),
    			Size:   pulumi.Int(0),
    		},
    	},
    })
    
    var regionSecurityPolicyResource = new RegionSecurityPolicy("regionSecurityPolicyResource", RegionSecurityPolicyArgs.builder()
        .ddosProtectionConfig(RegionSecurityPolicyDdosProtectionConfigArgs.builder()
            .ddosProtection("string")
            .build())
        .description("string")
        .name("string")
        .project("string")
        .region("string")
        .type("string")
        .userDefinedFields(RegionSecurityPolicyUserDefinedFieldArgs.builder()
            .base("string")
            .mask("string")
            .name("string")
            .offset(0)
            .size(0)
            .build())
        .build());
    
    region_security_policy_resource = gcp.compute.RegionSecurityPolicy("regionSecurityPolicyResource",
        ddos_protection_config=gcp.compute.RegionSecurityPolicyDdosProtectionConfigArgs(
            ddos_protection="string",
        ),
        description="string",
        name="string",
        project="string",
        region="string",
        type="string",
        user_defined_fields=[gcp.compute.RegionSecurityPolicyUserDefinedFieldArgs(
            base="string",
            mask="string",
            name="string",
            offset=0,
            size=0,
        )])
    
    const regionSecurityPolicyResource = new gcp.compute.RegionSecurityPolicy("regionSecurityPolicyResource", {
        ddosProtectionConfig: {
            ddosProtection: "string",
        },
        description: "string",
        name: "string",
        project: "string",
        region: "string",
        type: "string",
        userDefinedFields: [{
            base: "string",
            mask: "string",
            name: "string",
            offset: 0,
            size: 0,
        }],
    });
    
    type: gcp:compute:RegionSecurityPolicy
    properties:
        ddosProtectionConfig:
            ddosProtection: string
        description: string
        name: string
        project: string
        region: string
        type: string
        userDefinedFields:
            - base: string
              mask: string
              name: string
              offset: 0
              size: 0
    

    RegionSecurityPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The RegionSecurityPolicy resource accepts the following input properties:

    DdosProtectionConfig RegionSecurityPolicyDdosProtectionConfig
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    Name string
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Region string
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    Type string
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    UserDefinedFields List<RegionSecurityPolicyUserDefinedField>
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    DdosProtectionConfig RegionSecurityPolicyDdosProtectionConfigArgs
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    Name string
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Region string
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    Type string
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    UserDefinedFields []RegionSecurityPolicyUserDefinedFieldArgs
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    ddosProtectionConfig RegionSecurityPolicyDdosProtectionConfig
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    name String
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    region String
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    type String
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    userDefinedFields List<RegionSecurityPolicyUserDefinedField>
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    ddosProtectionConfig RegionSecurityPolicyDdosProtectionConfig
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    description string
    An optional description of this resource. Provide this property when you create the resource.
    name string
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    region string
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    type string
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    userDefinedFields RegionSecurityPolicyUserDefinedField[]
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    ddos_protection_config RegionSecurityPolicyDdosProtectionConfigArgs
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    description str
    An optional description of this resource. Provide this property when you create the resource.
    name str
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    region str
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    type str
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    user_defined_fields Sequence[RegionSecurityPolicyUserDefinedFieldArgs]
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    ddosProtectionConfig Property Map
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    name String
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    region String
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    type String
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    userDefinedFields List<Property Map>
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RegionSecurityPolicy resource produces the following output properties:

    Fingerprint string
    Fingerprint of this resource. This field is used internally during updates of this resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    PolicyId string
    The unique identifier for the resource. This identifier is defined by the server.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithPolicyId string
    Server-defined URL for this resource with the resource id.
    Fingerprint string
    Fingerprint of this resource. This field is used internally during updates of this resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    PolicyId string
    The unique identifier for the resource. This identifier is defined by the server.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithPolicyId string
    Server-defined URL for this resource with the resource id.
    fingerprint String
    Fingerprint of this resource. This field is used internally during updates of this resource.
    id String
    The provider-assigned unique ID for this managed resource.
    policyId String
    The unique identifier for the resource. This identifier is defined by the server.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithPolicyId String
    Server-defined URL for this resource with the resource id.
    fingerprint string
    Fingerprint of this resource. This field is used internally during updates of this resource.
    id string
    The provider-assigned unique ID for this managed resource.
    policyId string
    The unique identifier for the resource. This identifier is defined by the server.
    selfLink string
    Server-defined URL for the resource.
    selfLinkWithPolicyId string
    Server-defined URL for this resource with the resource id.
    fingerprint str
    Fingerprint of this resource. This field is used internally during updates of this resource.
    id str
    The provider-assigned unique ID for this managed resource.
    policy_id str
    The unique identifier for the resource. This identifier is defined by the server.
    self_link str
    Server-defined URL for the resource.
    self_link_with_policy_id str
    Server-defined URL for this resource with the resource id.
    fingerprint String
    Fingerprint of this resource. This field is used internally during updates of this resource.
    id String
    The provider-assigned unique ID for this managed resource.
    policyId String
    The unique identifier for the resource. This identifier is defined by the server.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithPolicyId String
    Server-defined URL for this resource with the resource id.

    Look up Existing RegionSecurityPolicy Resource

    Get an existing RegionSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RegionSecurityPolicyState, opts?: CustomResourceOptions): RegionSecurityPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            ddos_protection_config: Optional[RegionSecurityPolicyDdosProtectionConfigArgs] = None,
            description: Optional[str] = None,
            fingerprint: Optional[str] = None,
            name: Optional[str] = None,
            policy_id: Optional[str] = None,
            project: Optional[str] = None,
            region: Optional[str] = None,
            self_link: Optional[str] = None,
            self_link_with_policy_id: Optional[str] = None,
            type: Optional[str] = None,
            user_defined_fields: Optional[Sequence[RegionSecurityPolicyUserDefinedFieldArgs]] = None) -> RegionSecurityPolicy
    func GetRegionSecurityPolicy(ctx *Context, name string, id IDInput, state *RegionSecurityPolicyState, opts ...ResourceOption) (*RegionSecurityPolicy, error)
    public static RegionSecurityPolicy Get(string name, Input<string> id, RegionSecurityPolicyState? state, CustomResourceOptions? opts = null)
    public static RegionSecurityPolicy get(String name, Output<String> id, RegionSecurityPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DdosProtectionConfig RegionSecurityPolicyDdosProtectionConfig
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    Fingerprint string
    Fingerprint of this resource. This field is used internally during updates of this resource.
    Name string
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    PolicyId string
    The unique identifier for the resource. This identifier is defined by the server.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Region string
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithPolicyId string
    Server-defined URL for this resource with the resource id.
    Type string
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    UserDefinedFields List<RegionSecurityPolicyUserDefinedField>
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    DdosProtectionConfig RegionSecurityPolicyDdosProtectionConfigArgs
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    Fingerprint string
    Fingerprint of this resource. This field is used internally during updates of this resource.
    Name string
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    PolicyId string
    The unique identifier for the resource. This identifier is defined by the server.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Region string
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithPolicyId string
    Server-defined URL for this resource with the resource id.
    Type string
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    UserDefinedFields []RegionSecurityPolicyUserDefinedFieldArgs
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    ddosProtectionConfig RegionSecurityPolicyDdosProtectionConfig
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    fingerprint String
    Fingerprint of this resource. This field is used internally during updates of this resource.
    name String
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    policyId String
    The unique identifier for the resource. This identifier is defined by the server.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    region String
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithPolicyId String
    Server-defined URL for this resource with the resource id.
    type String
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    userDefinedFields List<RegionSecurityPolicyUserDefinedField>
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    ddosProtectionConfig RegionSecurityPolicyDdosProtectionConfig
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    description string
    An optional description of this resource. Provide this property when you create the resource.
    fingerprint string
    Fingerprint of this resource. This field is used internally during updates of this resource.
    name string
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    policyId string
    The unique identifier for the resource. This identifier is defined by the server.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    region string
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    selfLink string
    Server-defined URL for the resource.
    selfLinkWithPolicyId string
    Server-defined URL for this resource with the resource id.
    type string
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    userDefinedFields RegionSecurityPolicyUserDefinedField[]
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    ddos_protection_config RegionSecurityPolicyDdosProtectionConfigArgs
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    description str
    An optional description of this resource. Provide this property when you create the resource.
    fingerprint str
    Fingerprint of this resource. This field is used internally during updates of this resource.
    name str
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    policy_id str
    The unique identifier for the resource. This identifier is defined by the server.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    region str
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    self_link str
    Server-defined URL for the resource.
    self_link_with_policy_id str
    Server-defined URL for this resource with the resource id.
    type str
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    user_defined_fields Sequence[RegionSecurityPolicyUserDefinedFieldArgs]
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.
    ddosProtectionConfig Property Map
    Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    fingerprint String
    Fingerprint of this resource. This field is used internally during updates of this resource.
    name String
    Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


    policyId String
    The unique identifier for the resource. This identifier is defined by the server.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    region String
    The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithPolicyId String
    Server-defined URL for this resource with the resource id.
    type String
    The type indicates the intended use of the security policy.

    • CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
    • CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
    • CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time. Possible values are: CLOUD_ARMOR, CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.
    userDefinedFields List<Property Map>
    Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.

    Supporting Types

    RegionSecurityPolicyDdosProtectionConfig, RegionSecurityPolicyDdosProtectionConfigArgs

    DdosProtection string
    Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

    • STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.
    DdosProtection string
    Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

    • STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.
    ddosProtection String
    Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

    • STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.
    ddosProtection string
    Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

    • STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.
    ddos_protection str
    Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

    • STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.
    ddosProtection String
    Google Cloud Armor offers the following options to help protect systems against DDoS attacks:

    • STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
    • ADVANCED_PREVIEW: flag to enable the security policy in preview mode. Possible values are: ADVANCED, ADVANCED_PREVIEW, STANDARD.

    RegionSecurityPolicyUserDefinedField, RegionSecurityPolicyUserDefinedFieldArgs

    Base string
    The base relative to which 'offset' is measured. Possible values are:

    • IPV4: Points to the beginning of the IPv4 header.
    • IPV6: Points to the beginning of the IPv6 header.
    • TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
    • UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.
    Mask string
    If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with "0x"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.
    Name string
    The name of this field. Must be unique within the policy.
    Offset int
    Offset of the first byte of the field (in network byte order) relative to 'base'.
    Size int
    Size of the field in bytes. Valid values: 1-4.
    Base string
    The base relative to which 'offset' is measured. Possible values are:

    • IPV4: Points to the beginning of the IPv4 header.
    • IPV6: Points to the beginning of the IPv6 header.
    • TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
    • UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.
    Mask string
    If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with "0x"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.
    Name string
    The name of this field. Must be unique within the policy.
    Offset int
    Offset of the first byte of the field (in network byte order) relative to 'base'.
    Size int
    Size of the field in bytes. Valid values: 1-4.
    base String
    The base relative to which 'offset' is measured. Possible values are:

    • IPV4: Points to the beginning of the IPv4 header.
    • IPV6: Points to the beginning of the IPv6 header.
    • TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
    • UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.
    mask String
    If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with "0x"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.
    name String
    The name of this field. Must be unique within the policy.
    offset Integer
    Offset of the first byte of the field (in network byte order) relative to 'base'.
    size Integer
    Size of the field in bytes. Valid values: 1-4.
    base string
    The base relative to which 'offset' is measured. Possible values are:

    • IPV4: Points to the beginning of the IPv4 header.
    • IPV6: Points to the beginning of the IPv6 header.
    • TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
    • UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.
    mask string
    If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with "0x"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.
    name string
    The name of this field. Must be unique within the policy.
    offset number
    Offset of the first byte of the field (in network byte order) relative to 'base'.
    size number
    Size of the field in bytes. Valid values: 1-4.
    base str
    The base relative to which 'offset' is measured. Possible values are:

    • IPV4: Points to the beginning of the IPv4 header.
    • IPV6: Points to the beginning of the IPv6 header.
    • TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
    • UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.
    mask str
    If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with "0x"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.
    name str
    The name of this field. Must be unique within the policy.
    offset int
    Offset of the first byte of the field (in network byte order) relative to 'base'.
    size int
    Size of the field in bytes. Valid values: 1-4.
    base String
    The base relative to which 'offset' is measured. Possible values are:

    • IPV4: Points to the beginning of the IPv4 header.
    • IPV6: Points to the beginning of the IPv6 header.
    • TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments.
    • UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. Possible values are: IPV4, IPV6, TCP, UDP.
    mask String
    If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with "0x"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.
    name String
    The name of this field. Must be unique within the policy.
    offset Number
    Offset of the first byte of the field (in network byte order) relative to 'base'.
    size Number
    Size of the field in bytes. Valid values: 1-4.

    Import

    RegionSecurityPolicy can be imported using any of these accepted formats:

    • projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}

    • {{project}}/{{region}}/{{name}}

    • {{region}}/{{name}}

    • {{name}}

    When using the pulumi import command, RegionSecurityPolicy can be imported using one of the formats above. For example:

    $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}
    
    $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{project}}/{{region}}/{{name}}
    
    $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{region}}/{{name}}
    
    $ pulumi import gcp:compute/regionSecurityPolicy:RegionSecurityPolicy default {{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi