Posture
data class PostureArgs(val description: Output<String>? = null, val location: Output<String>? = null, val parent: Output<String>? = null, val policySets: Output<List<PosturePolicySetArgs>>? = null, val postureId: Output<String>? = null, val state: Output<String>? = null) : ConvertibleToJava<PostureArgs>
A Posture represents a collection of policy set including its name, state, description and policy sets. A policy set includes set of policies along with their definition. A posture can be created at the organization level. Every update to a deployed posture creates a new posture revision with an updated revision_id. To get more information about Posture, see:
How-to Guides
Example Usage
Securityposture Posture Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const posture1 = new gcp.securityposture.Posture("posture1", {
postureId: "posture_example",
parent: "organizations/123456789",
location: "global",
state: "ACTIVE",
description: "a new posture",
policySets: [
{
policySetId: "org_policy_set",
description: "set of org policies",
policies: [
{
policyId: "canned_org_policy",
constraint: {
orgPolicyConstraint: {
cannedConstraintId: "storage.uniformBucketLevelAccess",
policyRules: [{
enforce: true,
condition: {
description: "condition description",
expression: "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
title: "a CEL condition",
},
}],
},
},
},
{
policyId: "custom_org_policy",
constraint: {
orgPolicyConstraintCustom: {
customConstraint: {
name: "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
displayName: "Disable GKE auto upgrade",
description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
actionType: "ALLOW",
condition: "resource.management.autoUpgrade == false",
methodTypes: [
"CREATE",
"UPDATE",
],
resourceTypes: ["container.googleapis.com/NodePool"],
},
policyRules: [{
enforce: true,
condition: {
description: "condition description",
expression: "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
title: "a CEL condition",
},
}],
},
},
},
],
},
{
policySetId: "sha_policy_set",
description: "set of sha policies",
policies: [
{
policyId: "sha_builtin_module",
constraint: {
securityHealthAnalyticsModule: {
moduleName: "BIGQUERY_TABLE_CMEK_DISABLED",
moduleEnablementState: "ENABLED",
},
},
description: "enable BIGQUERY_TABLE_CMEK_DISABLED",
},
{
policyId: "sha_custom_module",
constraint: {
securityHealthAnalyticsCustomModule: {
displayName: "custom_SHA_policy",
config: {
predicate: {
expression: "resource.rotationPeriod duration('2592000s')",
},
customOutput: {
properties: [{
name: "duration",
valueExpression: {
expression: "resource.rotationPeriod",
},
}],
},
resourceSelector: {
resourceTypes: ["cloudkms.googleapis.com/CryptoKey"],
},
severity: "LOW",
description: "Custom Module",
recommendation: "Testing custom modules",
},
moduleEnablementState: "ENABLED",
},
},
},
],
},
],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
posture1 = gcp.securityposture.Posture("posture1",
posture_id="posture_example",
parent="organizations/123456789",
location="global",
state="ACTIVE",
description="a new posture",
policy_sets=[
{
"policy_set_id": "org_policy_set",
"description": "set of org policies",
"policies": [
{
"policy_id": "canned_org_policy",
"constraint": {
"org_policy_constraint": {
"canned_constraint_id": "storage.uniformBucketLevelAccess",
"policy_rules": [{
"enforce": True,
"condition": {
"description": "condition description",
"expression": "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
"title": "a CEL condition",
},
}],
},
},
},
{
"policy_id": "custom_org_policy",
"constraint": {
"org_policy_constraint_custom": {
"custom_constraint": {
"name": "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
"display_name": "Disable GKE auto upgrade",
"description": "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
"action_type": "ALLOW",
"condition": "resource.management.autoUpgrade == false",
"method_types": [
"CREATE",
"UPDATE",
],
"resource_types": ["container.googleapis.com/NodePool"],
},
"policy_rules": [{
"enforce": True,
"condition": {
"description": "condition description",
"expression": "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
"title": "a CEL condition",
},
}],
},
},
},
],
},
{
"policy_set_id": "sha_policy_set",
"description": "set of sha policies",
"policies": [
{
"policy_id": "sha_builtin_module",
"constraint": {
"security_health_analytics_module": {
"module_name": "BIGQUERY_TABLE_CMEK_DISABLED",
"module_enablement_state": "ENABLED",
},
},
"description": "enable BIGQUERY_TABLE_CMEK_DISABLED",
},
{
"policy_id": "sha_custom_module",
"constraint": {
"security_health_analytics_custom_module": {
"display_name": "custom_SHA_policy",
"config": {
"predicate": {
"expression": "resource.rotationPeriod duration('2592000s')",
},
"custom_output": {
"properties": [{
"name": "duration",
"value_expression": {
"expression": "resource.rotationPeriod",
},
}],
},
"resource_selector": {
"resource_types": ["cloudkms.googleapis.com/CryptoKey"],
},
"severity": "LOW",
"description": "Custom Module",
"recommendation": "Testing custom modules",
},
"module_enablement_state": "ENABLED",
},
},
},
],
},
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var posture1 = new Gcp.SecurityPosture.Posture("posture1", new()
{
PostureId = "posture_example",
Parent = "organizations/123456789",
Location = "global",
State = "ACTIVE",
Description = "a new posture",
PolicySets = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
{
PolicySetId = "org_policy_set",
Description = "set of org policies",
Policies = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "canned_org_policy",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
{
CannedConstraintId = "storage.uniformBucketLevelAccess",
PolicyRules = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
{
Enforce = true,
Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs
{
Description = "condition description",
Expression = "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
Title = "a CEL condition",
},
},
},
},
},
},
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "custom_org_policy",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
OrgPolicyConstraintCustom = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs
{
CustomConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs
{
Name = "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
DisplayName = "Disable GKE auto upgrade",
Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
ActionType = "ALLOW",
Condition = "resource.management.autoUpgrade == false",
MethodTypes = new[]
{
"CREATE",
"UPDATE",
},
ResourceTypes = new[]
{
"container.googleapis.com/NodePool",
},
},
PolicyRules = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs
{
Enforce = true,
Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs
{
Description = "condition description",
Expression = "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
Title = "a CEL condition",
},
},
},
},
},
},
},
},
new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
{
PolicySetId = "sha_policy_set",
Description = "set of sha policies",
Policies = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "sha_builtin_module",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
SecurityHealthAnalyticsModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs
{
ModuleName = "BIGQUERY_TABLE_CMEK_DISABLED",
ModuleEnablementState = "ENABLED",
},
},
Description = "enable BIGQUERY_TABLE_CMEK_DISABLED",
},
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "sha_custom_module",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
SecurityHealthAnalyticsCustomModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs
{
DisplayName = "custom_SHA_policy",
Config = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs
{
Predicate = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs
{
Expression = "resource.rotationPeriod duration('2592000s')",
},
CustomOutput = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs
{
Properties = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs
{
Name = "duration",
ValueExpression = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs
{
Expression = "resource.rotationPeriod",
},
},
},
},
ResourceSelector = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs
{
ResourceTypes = new[]
{
"cloudkms.googleapis.com/CryptoKey",
},
},
Severity = "LOW",
Description = "Custom Module",
Recommendation = "Testing custom modules",
},
ModuleEnablementState = "ENABLED",
},
},
},
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/securityposture"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityposture.NewPosture(ctx, "posture1", &securityposture.PostureArgs{
PostureId: pulumi.String("posture_example"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
State: pulumi.String("ACTIVE"),
Description: pulumi.String("a new posture"),
PolicySets: securityposture.PosturePolicySetArray{
&securityposture.PosturePolicySetArgs{
PolicySetId: pulumi.String("org_policy_set"),
Description: pulumi.String("set of org policies"),
Policies: securityposture.PosturePolicySetPolicyArray{
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("canned_org_policy"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
OrgPolicyConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{
CannedConstraintId: pulumi.String("storage.uniformBucketLevelAccess"),
PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{
&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{
Enforce: pulumi.Bool(true),
Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs{
Description: pulumi.String("condition description"),
Expression: pulumi.String("resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')"),
Title: pulumi.String("a CEL condition"),
},
},
},
},
},
},
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("custom_org_policy"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
OrgPolicyConstraintCustom: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs{
CustomConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs{
Name: pulumi.String("organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade"),
DisplayName: pulumi.String("Disable GKE auto upgrade"),
Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
ActionType: pulumi.String("ALLOW"),
Condition: pulumi.String("resource.management.autoUpgrade == false"),
MethodTypes: pulumi.StringArray{
pulumi.String("CREATE"),
pulumi.String("UPDATE"),
},
ResourceTypes: pulumi.StringArray{
pulumi.String("container.googleapis.com/NodePool"),
},
},
PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArray{
&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs{
Enforce: pulumi.Bool(true),
Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs{
Description: pulumi.String("condition description"),
Expression: pulumi.String("resource.matchTagId('tagKeys/key_id','tagValues/value_id')"),
Title: pulumi.String("a CEL condition"),
},
},
},
},
},
},
},
},
&securityposture.PosturePolicySetArgs{
PolicySetId: pulumi.String("sha_policy_set"),
Description: pulumi.String("set of sha policies"),
Policies: securityposture.PosturePolicySetPolicyArray{
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("sha_builtin_module"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
SecurityHealthAnalyticsModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs{
ModuleName: pulumi.String("BIGQUERY_TABLE_CMEK_DISABLED"),
ModuleEnablementState: pulumi.String("ENABLED"),
},
},
Description: pulumi.String("enable BIGQUERY_TABLE_CMEK_DISABLED"),
},
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("sha_custom_module"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
SecurityHealthAnalyticsCustomModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs{
DisplayName: pulumi.String("custom_SHA_policy"),
Config: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs{
Predicate: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs{
Expression: pulumi.String("resource.rotationPeriod duration('2592000s')"),
},
CustomOutput: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs{
Properties: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArray{
&securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs{
Name: pulumi.String("duration"),
ValueExpression: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs{
Expression: pulumi.String("resource.rotationPeriod"),
},
},
},
},
ResourceSelector: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs{
ResourceTypes: pulumi.StringArray{
pulumi.String("cloudkms.googleapis.com/CryptoKey"),
},
},
Severity: pulumi.String("LOW"),
Description: pulumi.String("Custom Module"),
Recommendation: pulumi.String("Testing custom modules"),
},
ModuleEnablementState: pulumi.String("ENABLED"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.securityposture.Posture;
import com.pulumi.gcp.securityposture.PostureArgs;
import com.pulumi.gcp.securityposture.inputs.PosturePolicySetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var posture1 = new Posture("posture1", PostureArgs.builder()
.postureId("posture_example")
.parent("organizations/123456789")
.location("global")
.state("ACTIVE")
.description("a new posture")
.policySets(
PosturePolicySetArgs.builder()
.policySetId("org_policy_set")
.description("set of org policies")
.policies(
PosturePolicySetPolicyArgs.builder()
.policyId("canned_org_policy")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()
.cannedConstraintId("storage.uniformBucketLevelAccess")
.policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()
.enforce(true)
.condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs.builder()
.description("condition description")
.expression("resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')")
.title("a CEL condition")
.build())
.build())
.build())
.build())
.build(),
PosturePolicySetPolicyArgs.builder()
.policyId("custom_org_policy")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.orgPolicyConstraintCustom(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs.builder()
.customConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs.builder()
.name("organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade")
.displayName("Disable GKE auto upgrade")
.description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
.actionType("ALLOW")
.condition("resource.management.autoUpgrade == false")
.methodTypes(
"CREATE",
"UPDATE")
.resourceTypes("container.googleapis.com/NodePool")
.build())
.policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs.builder()
.enforce(true)
.condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs.builder()
.description("condition description")
.expression("resource.matchTagId('tagKeys/key_id','tagValues/value_id')")
.title("a CEL condition")
.build())
.build())
.build())
.build())
.build())
.build(),
PosturePolicySetArgs.builder()
.policySetId("sha_policy_set")
.description("set of sha policies")
.policies(
PosturePolicySetPolicyArgs.builder()
.policyId("sha_builtin_module")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.securityHealthAnalyticsModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs.builder()
.moduleName("BIGQUERY_TABLE_CMEK_DISABLED")
.moduleEnablementState("ENABLED")
.build())
.build())
.description("enable BIGQUERY_TABLE_CMEK_DISABLED")
.build(),
PosturePolicySetPolicyArgs.builder()
.policyId("sha_custom_module")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.securityHealthAnalyticsCustomModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs.builder()
.displayName("custom_SHA_policy")
.config(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs.builder()
.predicate(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs.builder()
.expression("resource.rotationPeriod duration('2592000s')")
.build())
.customOutput(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs.builder()
.properties(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs.builder()
.name("duration")
.valueExpression(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs.builder()
.expression("resource.rotationPeriod")
.build())
.build())
.build())
.resourceSelector(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs.builder()
.resourceTypes("cloudkms.googleapis.com/CryptoKey")
.build())
.severity("LOW")
.description("Custom Module")
.recommendation("Testing custom modules")
.build())
.moduleEnablementState("ENABLED")
.build())
.build())
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
posture1:
type: gcp:securityposture:Posture
properties:
postureId: posture_example
parent: organizations/123456789
location: global
state: ACTIVE
description: a new posture
policySets:
- policySetId: org_policy_set
description: set of org policies
policies:
- policyId: canned_org_policy
constraint:
orgPolicyConstraint:
cannedConstraintId: storage.uniformBucketLevelAccess
policyRules:
- enforce: true
condition:
description: condition description
expression: resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')
title: a CEL condition
- policyId: custom_org_policy
constraint:
orgPolicyConstraintCustom:
customConstraint:
name: organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade
displayName: Disable GKE auto upgrade
description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
actionType: ALLOW
condition: resource.management.autoUpgrade == false
methodTypes:
- CREATE
- UPDATE
resourceTypes:
- container.googleapis.com/NodePool
policyRules:
- enforce: true
condition:
description: condition description
expression: resource.matchTagId('tagKeys/key_id','tagValues/value_id')
title: a CEL condition
- policySetId: sha_policy_set
description: set of sha policies
policies:
- policyId: sha_builtin_module
constraint:
securityHealthAnalyticsModule:
moduleName: BIGQUERY_TABLE_CMEK_DISABLED
moduleEnablementState: ENABLED
description: enable BIGQUERY_TABLE_CMEK_DISABLED
- policyId: sha_custom_module
constraint:
securityHealthAnalyticsCustomModule:
displayName: custom_SHA_policy
config:
predicate:
expression: resource.rotationPeriod duration('2592000s')
customOutput:
properties:
- name: duration
valueExpression:
expression: resource.rotationPeriod
resourceSelector:
resourceTypes:
- cloudkms.googleapis.com/CryptoKey
severity: LOW
description: Custom Module
recommendation: Testing custom modules
moduleEnablementState: ENABLEDContent copied to clipboard
Import
Posture can be imported using any of these accepted formats:
{{parent}}/locations/{{location}}/postures/{{posture_id}}When using thepulumi importcommand, Posture can be imported using one of the formats above. For example:
$ pulumi import gcp:securityposture/posture:Posture default {{parent}}/locations/{{location}}/postures/{{posture_id}}Content copied to clipboard