Posture
data class PostureDeploymentArgs(val description: Output<String>? = null, val location: Output<String>? = null, val parent: Output<String>? = null, val postureDeploymentId: Output<String>? = null, val postureId: Output<String>? = null, val postureRevisionId: Output<String>? = null, val targetResource: Output<String>? = null) : ConvertibleToJava<PostureDeploymentArgs>
Represents a deployment of a security posture on a resource. A posture contains user curated policy sets. A posture can be deployed on a project or on a folder or on an organization. To deploy a posture we need to populate the posture's name and its revision_id in the posture deployment configuration. Every update to a deployed posture generates a new revision_id. Thus, the updated revision_id should be used in the respective posture deployment's configuration to deploy that posture on a resource. To get more information about PostureDeployment, see:
How-to Guides
Example Usage
Securityposture Posture Deployment Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const posture1 = new gcp.securityposture.Posture("posture_1", {
postureId: "posture_1",
parent: "organizations/123456789",
location: "global",
state: "ACTIVE",
description: "a new posture",
policySets: [{
policySetId: "org_policy_set",
description: "set of org policies",
policies: [{
policyId: "policy_1",
constraint: {
orgPolicyConstraint: {
cannedConstraintId: "storage.uniformBucketLevelAccess",
policyRules: [{
enforce: true,
}],
},
},
}],
}],
});
const postureDeployment = new gcp.securityposture.PostureDeployment("postureDeployment", {
postureDeploymentId: "posture_deployment_1",
parent: "organizations/123456789",
location: "global",
description: "a new posture deployment",
targetResource: "projects/1111111111111",
postureId: posture1.name,
postureRevisionId: posture1.revisionId,
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
posture1 = gcp.securityposture.Posture("posture_1",
posture_id="posture_1",
parent="organizations/123456789",
location="global",
state="ACTIVE",
description="a new posture",
policy_sets=[gcp.securityposture.PosturePolicySetArgs(
policy_set_id="org_policy_set",
description="set of org policies",
policies=[gcp.securityposture.PosturePolicySetPolicyArgs(
policy_id="policy_1",
constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
canned_constraint_id="storage.uniformBucketLevelAccess",
policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
enforce=True,
)],
),
),
)],
)])
posture_deployment = gcp.securityposture.PostureDeployment("postureDeployment",
posture_deployment_id="posture_deployment_1",
parent="organizations/123456789",
location="global",
description="a new posture deployment",
target_resource="projects/1111111111111",
posture_id=posture1.name,
posture_revision_id=posture1.revision_id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var posture1 = new Gcp.SecurityPosture.Posture("posture_1", new()
{
PostureId = "posture_1",
Parent = "organizations/123456789",
Location = "global",
State = "ACTIVE",
Description = "a new posture",
PolicySets = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
{
PolicySetId = "org_policy_set",
Description = "set of org policies",
Policies = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "policy_1",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
{
CannedConstraintId = "storage.uniformBucketLevelAccess",
PolicyRules = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
{
Enforce = true,
},
},
},
},
},
},
},
},
});
var postureDeployment = new Gcp.SecurityPosture.PostureDeployment("postureDeployment", new()
{
PostureDeploymentId = "posture_deployment_1",
Parent = "organizations/123456789",
Location = "global",
Description = "a new posture deployment",
TargetResource = "projects/1111111111111",
PostureId = posture1.Name,
PostureRevisionId = posture1.RevisionId,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securityposture"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
posture1, err := securityposture.NewPosture(ctx, "posture_1", &securityposture.PostureArgs{
PostureId: pulumi.String("posture_1"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
State: pulumi.String("ACTIVE"),
Description: pulumi.String("a new posture"),
PolicySets: securityposture.PosturePolicySetArray{
&securityposture.PosturePolicySetArgs{
PolicySetId: pulumi.String("org_policy_set"),
Description: pulumi.String("set of org policies"),
Policies: securityposture.PosturePolicySetPolicyArray{
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("policy_1"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
OrgPolicyConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{
CannedConstraintId: pulumi.String("storage.uniformBucketLevelAccess"),
PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{
&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{
Enforce: pulumi.Bool(true),
},
},
},
},
},
},
},
},
})
if err != nil {
return err
}
_, err = securityposture.NewPostureDeployment(ctx, "postureDeployment", &securityposture.PostureDeploymentArgs{
PostureDeploymentId: pulumi.String("posture_deployment_1"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
Description: pulumi.String("a new posture deployment"),
TargetResource: pulumi.String("projects/1111111111111"),
PostureId: posture1.Name,
PostureRevisionId: posture1.RevisionId,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.securityposture.Posture;
import com.pulumi.gcp.securityposture.PostureArgs;
import com.pulumi.gcp.securityposture.inputs.PosturePolicySetArgs;
import com.pulumi.gcp.securityposture.PostureDeployment;
import com.pulumi.gcp.securityposture.PostureDeploymentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var posture1 = new Posture("posture1", PostureArgs.builder()
.postureId("posture_1")
.parent("organizations/123456789")
.location("global")
.state("ACTIVE")
.description("a new posture")
.policySets(PosturePolicySetArgs.builder()
.policySetId("org_policy_set")
.description("set of org policies")
.policies(PosturePolicySetPolicyArgs.builder()
.policyId("policy_1")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()
.cannedConstraintId("storage.uniformBucketLevelAccess")
.policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()
.enforce(true)
.build())
.build())
.build())
.build())
.build())
.build());
var postureDeployment = new PostureDeployment("postureDeployment", PostureDeploymentArgs.builder()
.postureDeploymentId("posture_deployment_1")
.parent("organizations/123456789")
.location("global")
.description("a new posture deployment")
.targetResource("projects/1111111111111")
.postureId(posture1.name())
.postureRevisionId(posture1.revisionId())
.build());
}
}Content copied to clipboard
resources:
posture1:
type: gcp:securityposture:Posture
name: posture_1
properties:
postureId: posture_1
parent: organizations/123456789
location: global
state: ACTIVE
description: a new posture
policySets:
- policySetId: org_policy_set
description: set of org policies
policies:
- policyId: policy_1
constraint:
orgPolicyConstraint:
cannedConstraintId: storage.uniformBucketLevelAccess
policyRules:
- enforce: true
postureDeployment:
type: gcp:securityposture:PostureDeployment
properties:
postureDeploymentId: posture_deployment_1
parent: organizations/123456789
location: global
description: a new posture deployment
targetResource: projects/1111111111111
postureId: ${posture1.name}
postureRevisionId: ${posture1.revisionId}Content copied to clipboard
Import
PostureDeployment can be imported using any of these accepted formats:
{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}When using thepulumi importcommand, PostureDeployment can be imported using one of the formats above. For example:
$ pulumi import gcp:securityposture/postureDeployment:PostureDeployment default {{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}Content copied to clipboard
Properties
Link copied to clipboard
Description of the posture deployment.
Link copied to clipboard
ID of the posture deployment.
Link copied to clipboard
Revision_id the posture which needs to be deployed.
Link copied to clipboard
The resource on which the posture should be deployed. This can be in one of the following formats: projects/{project_number}, folders/{folder_number}, organizations/{organization_id}