1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. securityposture
  5. Posture
Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

gcp.securityposture.Posture

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

    A Posture represents a collection of policy set including its name, state, description and policy sets. A policy set includes set of policies along with their definition. A posture can be created at the organization level. Every update to a deployed posture creates a new posture revision with an updated revision_id.

    To get more information about Posture, see:

    Example Usage

    Securityposture Posture Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const posture1 = new gcp.securityposture.Posture("posture1", {
        postureId: "posture_example",
        parent: "organizations/123456789",
        location: "global",
        state: "ACTIVE",
        description: "a new posture",
        policySets: [
            {
                policySetId: "org_policy_set",
                description: "set of org policies",
                policies: [
                    {
                        policyId: "canned_org_policy",
                        constraint: {
                            orgPolicyConstraint: {
                                cannedConstraintId: "storage.uniformBucketLevelAccess",
                                policyRules: [{
                                    enforce: true,
                                    condition: {
                                        description: "condition description",
                                        expression: "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
                                        title: "a CEL condition",
                                    },
                                }],
                            },
                        },
                    },
                    {
                        policyId: "custom_org_policy",
                        constraint: {
                            orgPolicyConstraintCustom: {
                                customConstraint: {
                                    name: "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
                                    displayName: "Disable GKE auto upgrade",
                                    description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
                                    actionType: "ALLOW",
                                    condition: "resource.management.autoUpgrade == false",
                                    methodTypes: [
                                        "CREATE",
                                        "UPDATE",
                                    ],
                                    resourceTypes: ["container.googleapis.com/NodePool"],
                                },
                                policyRules: [{
                                    enforce: true,
                                    condition: {
                                        description: "condition description",
                                        expression: "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
                                        title: "a CEL condition",
                                    },
                                }],
                            },
                        },
                    },
                ],
            },
            {
                policySetId: "sha_policy_set",
                description: "set of sha policies",
                policies: [
                    {
                        policyId: "sha_builtin_module",
                        constraint: {
                            securityHealthAnalyticsModule: {
                                moduleName: "BIGQUERY_TABLE_CMEK_DISABLED",
                                moduleEnablementState: "ENABLED",
                            },
                        },
                        description: "enable BIGQUERY_TABLE_CMEK_DISABLED",
                    },
                    {
                        policyId: "sha_custom_module",
                        constraint: {
                            securityHealthAnalyticsCustomModule: {
                                displayName: "custom_SHA_policy",
                                config: {
                                    predicate: {
                                        expression: "resource.rotationPeriod > duration('2592000s')",
                                    },
                                    customOutput: {
                                        properties: [{
                                            name: "duration",
                                            valueExpression: {
                                                expression: "resource.rotationPeriod",
                                            },
                                        }],
                                    },
                                    resourceSelector: {
                                        resourceTypes: ["cloudkms.googleapis.com/CryptoKey"],
                                    },
                                    severity: "LOW",
                                    description: "Custom Module",
                                    recommendation: "Testing custom modules",
                                },
                                moduleEnablementState: "ENABLED",
                            },
                        },
                    },
                ],
            },
        ],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    posture1 = gcp.securityposture.Posture("posture1",
        posture_id="posture_example",
        parent="organizations/123456789",
        location="global",
        state="ACTIVE",
        description="a new posture",
        policy_sets=[
            gcp.securityposture.PosturePolicySetArgs(
                policy_set_id="org_policy_set",
                description="set of org policies",
                policies=[
                    gcp.securityposture.PosturePolicySetPolicyArgs(
                        policy_id="canned_org_policy",
                        constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                            org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
                                canned_constraint_id="storage.uniformBucketLevelAccess",
                                policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
                                    enforce=True,
                                    condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs(
                                        description="condition description",
                                        expression="resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
                                        title="a CEL condition",
                                    ),
                                )],
                            ),
                        ),
                    ),
                    gcp.securityposture.PosturePolicySetPolicyArgs(
                        policy_id="custom_org_policy",
                        constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                            org_policy_constraint_custom=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs(
                                custom_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs(
                                    name="organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
                                    display_name="Disable GKE auto upgrade",
                                    description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
                                    action_type="ALLOW",
                                    condition="resource.management.autoUpgrade == false",
                                    method_types=[
                                        "CREATE",
                                        "UPDATE",
                                    ],
                                    resource_types=["container.googleapis.com/NodePool"],
                                ),
                                policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs(
                                    enforce=True,
                                    condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs(
                                        description="condition description",
                                        expression="resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
                                        title="a CEL condition",
                                    ),
                                )],
                            ),
                        ),
                    ),
                ],
            ),
            gcp.securityposture.PosturePolicySetArgs(
                policy_set_id="sha_policy_set",
                description="set of sha policies",
                policies=[
                    gcp.securityposture.PosturePolicySetPolicyArgs(
                        policy_id="sha_builtin_module",
                        constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                            security_health_analytics_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs(
                                module_name="BIGQUERY_TABLE_CMEK_DISABLED",
                                module_enablement_state="ENABLED",
                            ),
                        ),
                        description="enable BIGQUERY_TABLE_CMEK_DISABLED",
                    ),
                    gcp.securityposture.PosturePolicySetPolicyArgs(
                        policy_id="sha_custom_module",
                        constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                            security_health_analytics_custom_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs(
                                display_name="custom_SHA_policy",
                                config=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs(
                                    predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
                                        expression="resource.rotationPeriod > duration('2592000s')",
                                    ),
                                    custom_output=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs(
                                        properties=[gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs(
                                            name="duration",
                                            value_expression=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs(
                                                expression="resource.rotationPeriod",
                                            ),
                                        )],
                                    ),
                                    resource_selector=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs(
                                        resource_types=["cloudkms.googleapis.com/CryptoKey"],
                                    ),
                                    severity="LOW",
                                    description="Custom Module",
                                    recommendation="Testing custom modules",
                                ),
                                module_enablement_state="ENABLED",
                            ),
                        ),
                    ),
                ],
            ),
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securityposture"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityposture.NewPosture(ctx, "posture1", &securityposture.PostureArgs{
    			PostureId:   pulumi.String("posture_example"),
    			Parent:      pulumi.String("organizations/123456789"),
    			Location:    pulumi.String("global"),
    			State:       pulumi.String("ACTIVE"),
    			Description: pulumi.String("a new posture"),
    			PolicySets: securityposture.PosturePolicySetArray{
    				&securityposture.PosturePolicySetArgs{
    					PolicySetId: pulumi.String("org_policy_set"),
    					Description: pulumi.String("set of org policies"),
    					Policies: securityposture.PosturePolicySetPolicyArray{
    						&securityposture.PosturePolicySetPolicyArgs{
    							PolicyId: pulumi.String("canned_org_policy"),
    							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
    								OrgPolicyConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{
    									CannedConstraintId: pulumi.String("storage.uniformBucketLevelAccess"),
    									PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{
    										&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{
    											Enforce: pulumi.Bool(true),
    											Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs{
    												Description: pulumi.String("condition description"),
    												Expression:  pulumi.String("resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')"),
    												Title:       pulumi.String("a CEL condition"),
    											},
    										},
    									},
    								},
    							},
    						},
    						&securityposture.PosturePolicySetPolicyArgs{
    							PolicyId: pulumi.String("custom_org_policy"),
    							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
    								OrgPolicyConstraintCustom: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs{
    									CustomConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs{
    										Name:        pulumi.String("organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade"),
    										DisplayName: pulumi.String("Disable GKE auto upgrade"),
    										Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
    										ActionType:  pulumi.String("ALLOW"),
    										Condition:   pulumi.String("resource.management.autoUpgrade == false"),
    										MethodTypes: pulumi.StringArray{
    											pulumi.String("CREATE"),
    											pulumi.String("UPDATE"),
    										},
    										ResourceTypes: pulumi.StringArray{
    											pulumi.String("container.googleapis.com/NodePool"),
    										},
    									},
    									PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArray{
    										&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs{
    											Enforce: pulumi.Bool(true),
    											Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs{
    												Description: pulumi.String("condition description"),
    												Expression:  pulumi.String("resource.matchTagId('tagKeys/key_id','tagValues/value_id')"),
    												Title:       pulumi.String("a CEL condition"),
    											},
    										},
    									},
    								},
    							},
    						},
    					},
    				},
    				&securityposture.PosturePolicySetArgs{
    					PolicySetId: pulumi.String("sha_policy_set"),
    					Description: pulumi.String("set of sha policies"),
    					Policies: securityposture.PosturePolicySetPolicyArray{
    						&securityposture.PosturePolicySetPolicyArgs{
    							PolicyId: pulumi.String("sha_builtin_module"),
    							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
    								SecurityHealthAnalyticsModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs{
    									ModuleName:            pulumi.String("BIGQUERY_TABLE_CMEK_DISABLED"),
    									ModuleEnablementState: pulumi.String("ENABLED"),
    								},
    							},
    							Description: pulumi.String("enable BIGQUERY_TABLE_CMEK_DISABLED"),
    						},
    						&securityposture.PosturePolicySetPolicyArgs{
    							PolicyId: pulumi.String("sha_custom_module"),
    							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
    								SecurityHealthAnalyticsCustomModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs{
    									DisplayName: pulumi.String("custom_SHA_policy"),
    									Config: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs{
    										Predicate: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs{
    											Expression: pulumi.String("resource.rotationPeriod > duration('2592000s')"),
    										},
    										CustomOutput: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs{
    											Properties: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArray{
    												&securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs{
    													Name: pulumi.String("duration"),
    													ValueExpression: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs{
    														Expression: pulumi.String("resource.rotationPeriod"),
    													},
    												},
    											},
    										},
    										ResourceSelector: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs{
    											ResourceTypes: pulumi.StringArray{
    												pulumi.String("cloudkms.googleapis.com/CryptoKey"),
    											},
    										},
    										Severity:       pulumi.String("LOW"),
    										Description:    pulumi.String("Custom Module"),
    										Recommendation: pulumi.String("Testing custom modules"),
    									},
    									ModuleEnablementState: pulumi.String("ENABLED"),
    								},
    							},
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var posture1 = new Gcp.SecurityPosture.Posture("posture1", new()
        {
            PostureId = "posture_example",
            Parent = "organizations/123456789",
            Location = "global",
            State = "ACTIVE",
            Description = "a new posture",
            PolicySets = new[]
            {
                new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
                {
                    PolicySetId = "org_policy_set",
                    Description = "set of org policies",
                    Policies = new[]
                    {
                        new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
                        {
                            PolicyId = "canned_org_policy",
                            Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
                            {
                                OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
                                {
                                    CannedConstraintId = "storage.uniformBucketLevelAccess",
                                    PolicyRules = new[]
                                    {
                                        new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
                                        {
                                            Enforce = true,
                                            Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs
                                            {
                                                Description = "condition description",
                                                Expression = "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
                                                Title = "a CEL condition",
                                            },
                                        },
                                    },
                                },
                            },
                        },
                        new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
                        {
                            PolicyId = "custom_org_policy",
                            Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
                            {
                                OrgPolicyConstraintCustom = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs
                                {
                                    CustomConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs
                                    {
                                        Name = "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
                                        DisplayName = "Disable GKE auto upgrade",
                                        Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
                                        ActionType = "ALLOW",
                                        Condition = "resource.management.autoUpgrade == false",
                                        MethodTypes = new[]
                                        {
                                            "CREATE",
                                            "UPDATE",
                                        },
                                        ResourceTypes = new[]
                                        {
                                            "container.googleapis.com/NodePool",
                                        },
                                    },
                                    PolicyRules = new[]
                                    {
                                        new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs
                                        {
                                            Enforce = true,
                                            Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs
                                            {
                                                Description = "condition description",
                                                Expression = "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
                                                Title = "a CEL condition",
                                            },
                                        },
                                    },
                                },
                            },
                        },
                    },
                },
                new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
                {
                    PolicySetId = "sha_policy_set",
                    Description = "set of sha policies",
                    Policies = new[]
                    {
                        new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
                        {
                            PolicyId = "sha_builtin_module",
                            Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
                            {
                                SecurityHealthAnalyticsModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs
                                {
                                    ModuleName = "BIGQUERY_TABLE_CMEK_DISABLED",
                                    ModuleEnablementState = "ENABLED",
                                },
                            },
                            Description = "enable BIGQUERY_TABLE_CMEK_DISABLED",
                        },
                        new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
                        {
                            PolicyId = "sha_custom_module",
                            Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
                            {
                                SecurityHealthAnalyticsCustomModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs
                                {
                                    DisplayName = "custom_SHA_policy",
                                    Config = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs
                                    {
                                        Predicate = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs
                                        {
                                            Expression = "resource.rotationPeriod > duration('2592000s')",
                                        },
                                        CustomOutput = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs
                                        {
                                            Properties = new[]
                                            {
                                                new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs
                                                {
                                                    Name = "duration",
                                                    ValueExpression = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs
                                                    {
                                                        Expression = "resource.rotationPeriod",
                                                    },
                                                },
                                            },
                                        },
                                        ResourceSelector = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs
                                        {
                                            ResourceTypes = new[]
                                            {
                                                "cloudkms.googleapis.com/CryptoKey",
                                            },
                                        },
                                        Severity = "LOW",
                                        Description = "Custom Module",
                                        Recommendation = "Testing custom modules",
                                    },
                                    ModuleEnablementState = "ENABLED",
                                },
                            },
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.securityposture.Posture;
    import com.pulumi.gcp.securityposture.PostureArgs;
    import com.pulumi.gcp.securityposture.inputs.PosturePolicySetArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var posture1 = new Posture("posture1", PostureArgs.builder()
                .postureId("posture_example")
                .parent("organizations/123456789")
                .location("global")
                .state("ACTIVE")
                .description("a new posture")
                .policySets(            
                    PosturePolicySetArgs.builder()
                        .policySetId("org_policy_set")
                        .description("set of org policies")
                        .policies(                    
                            PosturePolicySetPolicyArgs.builder()
                                .policyId("canned_org_policy")
                                .constraint(PosturePolicySetPolicyConstraintArgs.builder()
                                    .orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()
                                        .cannedConstraintId("storage.uniformBucketLevelAccess")
                                        .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()
                                            .enforce(true)
                                            .condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs.builder()
                                                .description("condition description")
                                                .expression("resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')")
                                                .title("a CEL condition")
                                                .build())
                                            .build())
                                        .build())
                                    .build())
                                .build(),
                            PosturePolicySetPolicyArgs.builder()
                                .policyId("custom_org_policy")
                                .constraint(PosturePolicySetPolicyConstraintArgs.builder()
                                    .orgPolicyConstraintCustom(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs.builder()
                                        .customConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs.builder()
                                            .name("organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade")
                                            .displayName("Disable GKE auto upgrade")
                                            .description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
                                            .actionType("ALLOW")
                                            .condition("resource.management.autoUpgrade == false")
                                            .methodTypes(                                        
                                                "CREATE",
                                                "UPDATE")
                                            .resourceTypes("container.googleapis.com/NodePool")
                                            .build())
                                        .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs.builder()
                                            .enforce(true)
                                            .condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs.builder()
                                                .description("condition description")
                                                .expression("resource.matchTagId('tagKeys/key_id','tagValues/value_id')")
                                                .title("a CEL condition")
                                                .build())
                                            .build())
                                        .build())
                                    .build())
                                .build())
                        .build(),
                    PosturePolicySetArgs.builder()
                        .policySetId("sha_policy_set")
                        .description("set of sha policies")
                        .policies(                    
                            PosturePolicySetPolicyArgs.builder()
                                .policyId("sha_builtin_module")
                                .constraint(PosturePolicySetPolicyConstraintArgs.builder()
                                    .securityHealthAnalyticsModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs.builder()
                                        .moduleName("BIGQUERY_TABLE_CMEK_DISABLED")
                                        .moduleEnablementState("ENABLED")
                                        .build())
                                    .build())
                                .description("enable BIGQUERY_TABLE_CMEK_DISABLED")
                                .build(),
                            PosturePolicySetPolicyArgs.builder()
                                .policyId("sha_custom_module")
                                .constraint(PosturePolicySetPolicyConstraintArgs.builder()
                                    .securityHealthAnalyticsCustomModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs.builder()
                                        .displayName("custom_SHA_policy")
                                        .config(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs.builder()
                                            .predicate(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs.builder()
                                                .expression("resource.rotationPeriod > duration('2592000s')")
                                                .build())
                                            .customOutput(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs.builder()
                                                .properties(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs.builder()
                                                    .name("duration")
                                                    .valueExpression(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs.builder()
                                                        .expression("resource.rotationPeriod")
                                                        .build())
                                                    .build())
                                                .build())
                                            .resourceSelector(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs.builder()
                                                .resourceTypes("cloudkms.googleapis.com/CryptoKey")
                                                .build())
                                            .severity("LOW")
                                            .description("Custom Module")
                                            .recommendation("Testing custom modules")
                                            .build())
                                        .moduleEnablementState("ENABLED")
                                        .build())
                                    .build())
                                .build())
                        .build())
                .build());
    
        }
    }
    
    resources:
      posture1:
        type: gcp:securityposture:Posture
        properties:
          postureId: posture_example
          parent: organizations/123456789
          location: global
          state: ACTIVE
          description: a new posture
          policySets:
            - policySetId: org_policy_set
              description: set of org policies
              policies:
                - policyId: canned_org_policy
                  constraint:
                    orgPolicyConstraint:
                      cannedConstraintId: storage.uniformBucketLevelAccess
                      policyRules:
                        - enforce: true
                          condition:
                            description: condition description
                            expression: resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')
                            title: a CEL condition
                - policyId: custom_org_policy
                  constraint:
                    orgPolicyConstraintCustom:
                      customConstraint:
                        name: organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade
                        displayName: Disable GKE auto upgrade
                        description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
                        actionType: ALLOW
                        condition: resource.management.autoUpgrade == false
                        methodTypes:
                          - CREATE
                          - UPDATE
                        resourceTypes:
                          - container.googleapis.com/NodePool
                      policyRules:
                        - enforce: true
                          condition:
                            description: condition description
                            expression: resource.matchTagId('tagKeys/key_id','tagValues/value_id')
                            title: a CEL condition
            - policySetId: sha_policy_set
              description: set of sha policies
              policies:
                - policyId: sha_builtin_module
                  constraint:
                    securityHealthAnalyticsModule:
                      moduleName: BIGQUERY_TABLE_CMEK_DISABLED
                      moduleEnablementState: ENABLED
                  description: enable BIGQUERY_TABLE_CMEK_DISABLED
                - policyId: sha_custom_module
                  constraint:
                    securityHealthAnalyticsCustomModule:
                      displayName: custom_SHA_policy
                      config:
                        predicate:
                          expression: resource.rotationPeriod > duration('2592000s')
                        customOutput:
                          properties:
                            - name: duration
                              valueExpression:
                                expression: resource.rotationPeriod
                        resourceSelector:
                          resourceTypes:
                            - cloudkms.googleapis.com/CryptoKey
                        severity: LOW
                        description: Custom Module
                        recommendation: Testing custom modules
                      moduleEnablementState: ENABLED
    

    Create Posture Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Posture(name: string, args: PostureArgs, opts?: CustomResourceOptions);
    @overload
    def Posture(resource_name: str,
                args: PostureArgs,
                opts: Optional[ResourceOptions] = None)
    
    @overload
    def Posture(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                location: Optional[str] = None,
                parent: Optional[str] = None,
                policy_sets: Optional[Sequence[PosturePolicySetArgs]] = None,
                posture_id: Optional[str] = None,
                state: Optional[str] = None,
                description: Optional[str] = None)
    func NewPosture(ctx *Context, name string, args PostureArgs, opts ...ResourceOption) (*Posture, error)
    public Posture(string name, PostureArgs args, CustomResourceOptions? opts = null)
    public Posture(String name, PostureArgs args)
    public Posture(String name, PostureArgs args, CustomResourceOptions options)
    
    type: gcp:securityposture:Posture
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PostureArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PostureArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PostureArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PostureArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PostureArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var postureResource = new Gcp.SecurityPosture.Posture("postureResource", new()
    {
        Location = "string",
        Parent = "string",
        PolicySets = new[]
        {
            new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
            {
                Policies = new[]
                {
                    new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
                    {
                        Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
                        {
                            OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
                            {
                                CannedConstraintId = "string",
                                PolicyRules = new[]
                                {
                                    new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
                                    {
                                        AllowAll = false,
                                        Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs
                                        {
                                            Expression = "string",
                                            Description = "string",
                                            Location = "string",
                                            Title = "string",
                                        },
                                        DenyAll = false,
                                        Enforce = false,
                                        Values = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs
                                        {
                                            AllowedValues = new[]
                                            {
                                                "string",
                                            },
                                            DeniedValues = new[]
                                            {
                                                "string",
                                            },
                                        },
                                    },
                                },
                            },
                            OrgPolicyConstraintCustom = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs
                            {
                                PolicyRules = new[]
                                {
                                    new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs
                                    {
                                        AllowAll = false,
                                        Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs
                                        {
                                            Expression = "string",
                                            Description = "string",
                                            Location = "string",
                                            Title = "string",
                                        },
                                        DenyAll = false,
                                        Enforce = false,
                                        Values = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs
                                        {
                                            AllowedValues = new[]
                                            {
                                                "string",
                                            },
                                            DeniedValues = new[]
                                            {
                                                "string",
                                            },
                                        },
                                    },
                                },
                                CustomConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs
                                {
                                    ActionType = "string",
                                    Condition = "string",
                                    MethodTypes = new[]
                                    {
                                        "string",
                                    },
                                    Name = "string",
                                    ResourceTypes = new[]
                                    {
                                        "string",
                                    },
                                    Description = "string",
                                    DisplayName = "string",
                                },
                            },
                            SecurityHealthAnalyticsCustomModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs
                            {
                                Config = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs
                                {
                                    Predicate = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs
                                    {
                                        Expression = "string",
                                        Description = "string",
                                        Location = "string",
                                        Title = "string",
                                    },
                                    ResourceSelector = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs
                                    {
                                        ResourceTypes = new[]
                                        {
                                            "string",
                                        },
                                    },
                                    Severity = "string",
                                    CustomOutput = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs
                                    {
                                        Properties = new[]
                                        {
                                            new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs
                                            {
                                                Name = "string",
                                                ValueExpression = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs
                                                {
                                                    Expression = "string",
                                                    Description = "string",
                                                    Location = "string",
                                                    Title = "string",
                                                },
                                            },
                                        },
                                    },
                                    Description = "string",
                                    Recommendation = "string",
                                },
                                DisplayName = "string",
                                Id = "string",
                                ModuleEnablementState = "string",
                            },
                            SecurityHealthAnalyticsModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs
                            {
                                ModuleName = "string",
                                ModuleEnablementState = "string",
                            },
                        },
                        PolicyId = "string",
                        ComplianceStandards = new[]
                        {
                            new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyComplianceStandardArgs
                            {
                                Control = "string",
                                Standard = "string",
                            },
                        },
                        Description = "string",
                    },
                },
                PolicySetId = "string",
                Description = "string",
            },
        },
        PostureId = "string",
        State = "string",
        Description = "string",
    });
    
    example, err := securityposture.NewPosture(ctx, "postureResource", &securityposture.PostureArgs{
    	Location: pulumi.String("string"),
    	Parent:   pulumi.String("string"),
    	PolicySets: securityposture.PosturePolicySetArray{
    		&securityposture.PosturePolicySetArgs{
    			Policies: securityposture.PosturePolicySetPolicyArray{
    				&securityposture.PosturePolicySetPolicyArgs{
    					Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
    						OrgPolicyConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{
    							CannedConstraintId: pulumi.String("string"),
    							PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{
    								&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{
    									AllowAll: pulumi.Bool(false),
    									Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs{
    										Expression:  pulumi.String("string"),
    										Description: pulumi.String("string"),
    										Location:    pulumi.String("string"),
    										Title:       pulumi.String("string"),
    									},
    									DenyAll: pulumi.Bool(false),
    									Enforce: pulumi.Bool(false),
    									Values: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs{
    										AllowedValues: pulumi.StringArray{
    											pulumi.String("string"),
    										},
    										DeniedValues: pulumi.StringArray{
    											pulumi.String("string"),
    										},
    									},
    								},
    							},
    						},
    						OrgPolicyConstraintCustom: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs{
    							PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArray{
    								&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs{
    									AllowAll: pulumi.Bool(false),
    									Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs{
    										Expression:  pulumi.String("string"),
    										Description: pulumi.String("string"),
    										Location:    pulumi.String("string"),
    										Title:       pulumi.String("string"),
    									},
    									DenyAll: pulumi.Bool(false),
    									Enforce: pulumi.Bool(false),
    									Values: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs{
    										AllowedValues: pulumi.StringArray{
    											pulumi.String("string"),
    										},
    										DeniedValues: pulumi.StringArray{
    											pulumi.String("string"),
    										},
    									},
    								},
    							},
    							CustomConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs{
    								ActionType: pulumi.String("string"),
    								Condition:  pulumi.String("string"),
    								MethodTypes: pulumi.StringArray{
    									pulumi.String("string"),
    								},
    								Name: pulumi.String("string"),
    								ResourceTypes: pulumi.StringArray{
    									pulumi.String("string"),
    								},
    								Description: pulumi.String("string"),
    								DisplayName: pulumi.String("string"),
    							},
    						},
    						SecurityHealthAnalyticsCustomModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs{
    							Config: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs{
    								Predicate: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs{
    									Expression:  pulumi.String("string"),
    									Description: pulumi.String("string"),
    									Location:    pulumi.String("string"),
    									Title:       pulumi.String("string"),
    								},
    								ResourceSelector: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs{
    									ResourceTypes: pulumi.StringArray{
    										pulumi.String("string"),
    									},
    								},
    								Severity: pulumi.String("string"),
    								CustomOutput: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs{
    									Properties: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArray{
    										&securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs{
    											Name: pulumi.String("string"),
    											ValueExpression: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs{
    												Expression:  pulumi.String("string"),
    												Description: pulumi.String("string"),
    												Location:    pulumi.String("string"),
    												Title:       pulumi.String("string"),
    											},
    										},
    									},
    								},
    								Description:    pulumi.String("string"),
    								Recommendation: pulumi.String("string"),
    							},
    							DisplayName:           pulumi.String("string"),
    							Id:                    pulumi.String("string"),
    							ModuleEnablementState: pulumi.String("string"),
    						},
    						SecurityHealthAnalyticsModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs{
    							ModuleName:            pulumi.String("string"),
    							ModuleEnablementState: pulumi.String("string"),
    						},
    					},
    					PolicyId: pulumi.String("string"),
    					ComplianceStandards: securityposture.PosturePolicySetPolicyComplianceStandardArray{
    						&securityposture.PosturePolicySetPolicyComplianceStandardArgs{
    							Control:  pulumi.String("string"),
    							Standard: pulumi.String("string"),
    						},
    					},
    					Description: pulumi.String("string"),
    				},
    			},
    			PolicySetId: pulumi.String("string"),
    			Description: pulumi.String("string"),
    		},
    	},
    	PostureId:   pulumi.String("string"),
    	State:       pulumi.String("string"),
    	Description: pulumi.String("string"),
    })
    
    var postureResource = new Posture("postureResource", PostureArgs.builder()
        .location("string")
        .parent("string")
        .policySets(PosturePolicySetArgs.builder()
            .policies(PosturePolicySetPolicyArgs.builder()
                .constraint(PosturePolicySetPolicyConstraintArgs.builder()
                    .orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()
                        .cannedConstraintId("string")
                        .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()
                            .allowAll(false)
                            .condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs.builder()
                                .expression("string")
                                .description("string")
                                .location("string")
                                .title("string")
                                .build())
                            .denyAll(false)
                            .enforce(false)
                            .values(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs.builder()
                                .allowedValues("string")
                                .deniedValues("string")
                                .build())
                            .build())
                        .build())
                    .orgPolicyConstraintCustom(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs.builder()
                        .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs.builder()
                            .allowAll(false)
                            .condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs.builder()
                                .expression("string")
                                .description("string")
                                .location("string")
                                .title("string")
                                .build())
                            .denyAll(false)
                            .enforce(false)
                            .values(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs.builder()
                                .allowedValues("string")
                                .deniedValues("string")
                                .build())
                            .build())
                        .customConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs.builder()
                            .actionType("string")
                            .condition("string")
                            .methodTypes("string")
                            .name("string")
                            .resourceTypes("string")
                            .description("string")
                            .displayName("string")
                            .build())
                        .build())
                    .securityHealthAnalyticsCustomModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs.builder()
                        .config(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs.builder()
                            .predicate(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs.builder()
                                .expression("string")
                                .description("string")
                                .location("string")
                                .title("string")
                                .build())
                            .resourceSelector(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs.builder()
                                .resourceTypes("string")
                                .build())
                            .severity("string")
                            .customOutput(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs.builder()
                                .properties(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs.builder()
                                    .name("string")
                                    .valueExpression(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs.builder()
                                        .expression("string")
                                        .description("string")
                                        .location("string")
                                        .title("string")
                                        .build())
                                    .build())
                                .build())
                            .description("string")
                            .recommendation("string")
                            .build())
                        .displayName("string")
                        .id("string")
                        .moduleEnablementState("string")
                        .build())
                    .securityHealthAnalyticsModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs.builder()
                        .moduleName("string")
                        .moduleEnablementState("string")
                        .build())
                    .build())
                .policyId("string")
                .complianceStandards(PosturePolicySetPolicyComplianceStandardArgs.builder()
                    .control("string")
                    .standard("string")
                    .build())
                .description("string")
                .build())
            .policySetId("string")
            .description("string")
            .build())
        .postureId("string")
        .state("string")
        .description("string")
        .build());
    
    posture_resource = gcp.securityposture.Posture("postureResource",
        location="string",
        parent="string",
        policy_sets=[gcp.securityposture.PosturePolicySetArgs(
            policies=[gcp.securityposture.PosturePolicySetPolicyArgs(
                constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                    org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
                        canned_constraint_id="string",
                        policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
                            allow_all=False,
                            condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs(
                                expression="string",
                                description="string",
                                location="string",
                                title="string",
                            ),
                            deny_all=False,
                            enforce=False,
                            values=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs(
                                allowed_values=["string"],
                                denied_values=["string"],
                            ),
                        )],
                    ),
                    org_policy_constraint_custom=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs(
                        policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs(
                            allow_all=False,
                            condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs(
                                expression="string",
                                description="string",
                                location="string",
                                title="string",
                            ),
                            deny_all=False,
                            enforce=False,
                            values=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs(
                                allowed_values=["string"],
                                denied_values=["string"],
                            ),
                        )],
                        custom_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs(
                            action_type="string",
                            condition="string",
                            method_types=["string"],
                            name="string",
                            resource_types=["string"],
                            description="string",
                            display_name="string",
                        ),
                    ),
                    security_health_analytics_custom_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs(
                        config=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs(
                            predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
                                expression="string",
                                description="string",
                                location="string",
                                title="string",
                            ),
                            resource_selector=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs(
                                resource_types=["string"],
                            ),
                            severity="string",
                            custom_output=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs(
                                properties=[gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs(
                                    name="string",
                                    value_expression=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs(
                                        expression="string",
                                        description="string",
                                        location="string",
                                        title="string",
                                    ),
                                )],
                            ),
                            description="string",
                            recommendation="string",
                        ),
                        display_name="string",
                        id="string",
                        module_enablement_state="string",
                    ),
                    security_health_analytics_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs(
                        module_name="string",
                        module_enablement_state="string",
                    ),
                ),
                policy_id="string",
                compliance_standards=[gcp.securityposture.PosturePolicySetPolicyComplianceStandardArgs(
                    control="string",
                    standard="string",
                )],
                description="string",
            )],
            policy_set_id="string",
            description="string",
        )],
        posture_id="string",
        state="string",
        description="string")
    
    const postureResource = new gcp.securityposture.Posture("postureResource", {
        location: "string",
        parent: "string",
        policySets: [{
            policies: [{
                constraint: {
                    orgPolicyConstraint: {
                        cannedConstraintId: "string",
                        policyRules: [{
                            allowAll: false,
                            condition: {
                                expression: "string",
                                description: "string",
                                location: "string",
                                title: "string",
                            },
                            denyAll: false,
                            enforce: false,
                            values: {
                                allowedValues: ["string"],
                                deniedValues: ["string"],
                            },
                        }],
                    },
                    orgPolicyConstraintCustom: {
                        policyRules: [{
                            allowAll: false,
                            condition: {
                                expression: "string",
                                description: "string",
                                location: "string",
                                title: "string",
                            },
                            denyAll: false,
                            enforce: false,
                            values: {
                                allowedValues: ["string"],
                                deniedValues: ["string"],
                            },
                        }],
                        customConstraint: {
                            actionType: "string",
                            condition: "string",
                            methodTypes: ["string"],
                            name: "string",
                            resourceTypes: ["string"],
                            description: "string",
                            displayName: "string",
                        },
                    },
                    securityHealthAnalyticsCustomModule: {
                        config: {
                            predicate: {
                                expression: "string",
                                description: "string",
                                location: "string",
                                title: "string",
                            },
                            resourceSelector: {
                                resourceTypes: ["string"],
                            },
                            severity: "string",
                            customOutput: {
                                properties: [{
                                    name: "string",
                                    valueExpression: {
                                        expression: "string",
                                        description: "string",
                                        location: "string",
                                        title: "string",
                                    },
                                }],
                            },
                            description: "string",
                            recommendation: "string",
                        },
                        displayName: "string",
                        id: "string",
                        moduleEnablementState: "string",
                    },
                    securityHealthAnalyticsModule: {
                        moduleName: "string",
                        moduleEnablementState: "string",
                    },
                },
                policyId: "string",
                complianceStandards: [{
                    control: "string",
                    standard: "string",
                }],
                description: "string",
            }],
            policySetId: "string",
            description: "string",
        }],
        postureId: "string",
        state: "string",
        description: "string",
    });
    
    type: gcp:securityposture:Posture
    properties:
        description: string
        location: string
        parent: string
        policySets:
            - description: string
              policies:
                - complianceStandards:
                    - control: string
                      standard: string
                  constraint:
                    orgPolicyConstraint:
                        cannedConstraintId: string
                        policyRules:
                            - allowAll: false
                              condition:
                                description: string
                                expression: string
                                location: string
                                title: string
                              denyAll: false
                              enforce: false
                              values:
                                allowedValues:
                                    - string
                                deniedValues:
                                    - string
                    orgPolicyConstraintCustom:
                        customConstraint:
                            actionType: string
                            condition: string
                            description: string
                            displayName: string
                            methodTypes:
                                - string
                            name: string
                            resourceTypes:
                                - string
                        policyRules:
                            - allowAll: false
                              condition:
                                description: string
                                expression: string
                                location: string
                                title: string
                              denyAll: false
                              enforce: false
                              values:
                                allowedValues:
                                    - string
                                deniedValues:
                                    - string
                    securityHealthAnalyticsCustomModule:
                        config:
                            customOutput:
                                properties:
                                    - name: string
                                      valueExpression:
                                        description: string
                                        expression: string
                                        location: string
                                        title: string
                            description: string
                            predicate:
                                description: string
                                expression: string
                                location: string
                                title: string
                            recommendation: string
                            resourceSelector:
                                resourceTypes:
                                    - string
                            severity: string
                        displayName: string
                        id: string
                        moduleEnablementState: string
                    securityHealthAnalyticsModule:
                        moduleEnablementState: string
                        moduleName: string
                  description: string
                  policyId: string
              policySetId: string
        postureId: string
        state: string
    

    Posture Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Posture resource accepts the following input properties:

    Location string
    Location of the resource, eg: global.
    Parent string
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    PolicySets List<PosturePolicySet>
    List of policy sets for the posture. Structure is documented below.
    PostureId string
    Id of the posture. It is an immutable field.
    State string
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    Description string
    Description of the posture.
    Location string
    Location of the resource, eg: global.
    Parent string
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    PolicySets []PosturePolicySetArgs
    List of policy sets for the posture. Structure is documented below.
    PostureId string
    Id of the posture. It is an immutable field.
    State string
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    Description string
    Description of the posture.
    location String
    Location of the resource, eg: global.
    parent String
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    policySets List<PosturePolicySet>
    List of policy sets for the posture. Structure is documented below.
    postureId String
    Id of the posture. It is an immutable field.
    state String
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    description String
    Description of the posture.
    location string
    Location of the resource, eg: global.
    parent string
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    policySets PosturePolicySet[]
    List of policy sets for the posture. Structure is documented below.
    postureId string
    Id of the posture. It is an immutable field.
    state string
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    description string
    Description of the posture.
    location str
    Location of the resource, eg: global.
    parent str
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    policy_sets Sequence[PosturePolicySetArgs]
    List of policy sets for the posture. Structure is documented below.
    posture_id str
    Id of the posture. It is an immutable field.
    state str
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    description str
    Description of the posture.
    location String
    Location of the resource, eg: global.
    parent String
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    policySets List<Property Map>
    List of policy sets for the posture. Structure is documented below.
    postureId String
    Id of the posture. It is an immutable field.
    state String
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    description String
    Description of the posture.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Posture resource produces the following output properties:

    CreateTime string
    Time the Posture was created in UTC.
    Etag string
    For Resource freshness validation (https://google.aip.dev/154)
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Name of the posture.
    Reconciling bool
    If set, there are currently changes in flight to the posture.
    RevisionId string
    Revision_id of the posture.
    UpdateTime string
    Time the Posture was updated in UTC.
    CreateTime string
    Time the Posture was created in UTC.
    Etag string
    For Resource freshness validation (https://google.aip.dev/154)
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Name of the posture.
    Reconciling bool
    If set, there are currently changes in flight to the posture.
    RevisionId string
    Revision_id of the posture.
    UpdateTime string
    Time the Posture was updated in UTC.
    createTime String
    Time the Posture was created in UTC.
    etag String
    For Resource freshness validation (https://google.aip.dev/154)
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Name of the posture.
    reconciling Boolean
    If set, there are currently changes in flight to the posture.
    revisionId String
    Revision_id of the posture.
    updateTime String
    Time the Posture was updated in UTC.
    createTime string
    Time the Posture was created in UTC.
    etag string
    For Resource freshness validation (https://google.aip.dev/154)
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Name of the posture.
    reconciling boolean
    If set, there are currently changes in flight to the posture.
    revisionId string
    Revision_id of the posture.
    updateTime string
    Time the Posture was updated in UTC.
    create_time str
    Time the Posture was created in UTC.
    etag str
    For Resource freshness validation (https://google.aip.dev/154)
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Name of the posture.
    reconciling bool
    If set, there are currently changes in flight to the posture.
    revision_id str
    Revision_id of the posture.
    update_time str
    Time the Posture was updated in UTC.
    createTime String
    Time the Posture was created in UTC.
    etag String
    For Resource freshness validation (https://google.aip.dev/154)
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Name of the posture.
    reconciling Boolean
    If set, there are currently changes in flight to the posture.
    revisionId String
    Revision_id of the posture.
    updateTime String
    Time the Posture was updated in UTC.

    Look up Existing Posture Resource

    Get an existing Posture resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PostureState, opts?: CustomResourceOptions): Posture
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            create_time: Optional[str] = None,
            description: Optional[str] = None,
            etag: Optional[str] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            parent: Optional[str] = None,
            policy_sets: Optional[Sequence[PosturePolicySetArgs]] = None,
            posture_id: Optional[str] = None,
            reconciling: Optional[bool] = None,
            revision_id: Optional[str] = None,
            state: Optional[str] = None,
            update_time: Optional[str] = None) -> Posture
    func GetPosture(ctx *Context, name string, id IDInput, state *PostureState, opts ...ResourceOption) (*Posture, error)
    public static Posture Get(string name, Input<string> id, PostureState? state, CustomResourceOptions? opts = null)
    public static Posture get(String name, Output<String> id, PostureState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CreateTime string
    Time the Posture was created in UTC.
    Description string
    Description of the posture.
    Etag string
    For Resource freshness validation (https://google.aip.dev/154)
    Location string
    Location of the resource, eg: global.
    Name string
    Name of the posture.
    Parent string
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    PolicySets List<PosturePolicySet>
    List of policy sets for the posture. Structure is documented below.
    PostureId string
    Id of the posture. It is an immutable field.
    Reconciling bool
    If set, there are currently changes in flight to the posture.
    RevisionId string
    Revision_id of the posture.
    State string
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    UpdateTime string
    Time the Posture was updated in UTC.
    CreateTime string
    Time the Posture was created in UTC.
    Description string
    Description of the posture.
    Etag string
    For Resource freshness validation (https://google.aip.dev/154)
    Location string
    Location of the resource, eg: global.
    Name string
    Name of the posture.
    Parent string
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    PolicySets []PosturePolicySetArgs
    List of policy sets for the posture. Structure is documented below.
    PostureId string
    Id of the posture. It is an immutable field.
    Reconciling bool
    If set, there are currently changes in flight to the posture.
    RevisionId string
    Revision_id of the posture.
    State string
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    UpdateTime string
    Time the Posture was updated in UTC.
    createTime String
    Time the Posture was created in UTC.
    description String
    Description of the posture.
    etag String
    For Resource freshness validation (https://google.aip.dev/154)
    location String
    Location of the resource, eg: global.
    name String
    Name of the posture.
    parent String
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    policySets List<PosturePolicySet>
    List of policy sets for the posture. Structure is documented below.
    postureId String
    Id of the posture. It is an immutable field.
    reconciling Boolean
    If set, there are currently changes in flight to the posture.
    revisionId String
    Revision_id of the posture.
    state String
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    updateTime String
    Time the Posture was updated in UTC.
    createTime string
    Time the Posture was created in UTC.
    description string
    Description of the posture.
    etag string
    For Resource freshness validation (https://google.aip.dev/154)
    location string
    Location of the resource, eg: global.
    name string
    Name of the posture.
    parent string
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    policySets PosturePolicySet[]
    List of policy sets for the posture. Structure is documented below.
    postureId string
    Id of the posture. It is an immutable field.
    reconciling boolean
    If set, there are currently changes in flight to the posture.
    revisionId string
    Revision_id of the posture.
    state string
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    updateTime string
    Time the Posture was updated in UTC.
    create_time str
    Time the Posture was created in UTC.
    description str
    Description of the posture.
    etag str
    For Resource freshness validation (https://google.aip.dev/154)
    location str
    Location of the resource, eg: global.
    name str
    Name of the posture.
    parent str
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    policy_sets Sequence[PosturePolicySetArgs]
    List of policy sets for the posture. Structure is documented below.
    posture_id str
    Id of the posture. It is an immutable field.
    reconciling bool
    If set, there are currently changes in flight to the posture.
    revision_id str
    Revision_id of the posture.
    state str
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    update_time str
    Time the Posture was updated in UTC.
    createTime String
    Time the Posture was created in UTC.
    description String
    Description of the posture.
    etag String
    For Resource freshness validation (https://google.aip.dev/154)
    location String
    Location of the resource, eg: global.
    name String
    Name of the posture.
    parent String
    The parent of the resource, an organization. Format should be organizations/{organization_id}.
    policySets List<Property Map>
    List of policy sets for the posture. Structure is documented below.
    postureId String
    Id of the posture. It is an immutable field.
    reconciling Boolean
    If set, there are currently changes in flight to the posture.
    revisionId String
    Revision_id of the posture.
    state String
    State of the posture. Update to state field should not be triggered along with with other field updates. Possible values are: DEPRECATED, DRAFT, ACTIVE.
    updateTime String
    Time the Posture was updated in UTC.

    Supporting Types

    PosturePolicySet, PosturePolicySetArgs

    Policies List<PosturePolicySetPolicy>
    List of security policy Structure is documented below.
    PolicySetId string
    ID of the policy set.
    Description string
    Description of the policy set.
    Policies []PosturePolicySetPolicy
    List of security policy Structure is documented below.
    PolicySetId string
    ID of the policy set.
    Description string
    Description of the policy set.
    policies List<PosturePolicySetPolicy>
    List of security policy Structure is documented below.
    policySetId String
    ID of the policy set.
    description String
    Description of the policy set.
    policies PosturePolicySetPolicy[]
    List of security policy Structure is documented below.
    policySetId string
    ID of the policy set.
    description string
    Description of the policy set.
    policies Sequence[PosturePolicySetPolicy]
    List of security policy Structure is documented below.
    policy_set_id str
    ID of the policy set.
    description str
    Description of the policy set.
    policies List<Property Map>
    List of security policy Structure is documented below.
    policySetId String
    ID of the policy set.
    description String
    Description of the policy set.

    PosturePolicySetPolicy, PosturePolicySetPolicyArgs

    Constraint PosturePolicySetPolicyConstraint
    Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
    PolicyId string
    ID of the policy.
    ComplianceStandards List<PosturePolicySetPolicyComplianceStandard>
    Mapping for policy to security standards and controls. Structure is documented below.
    Description string
    Description of the policy.
    Constraint PosturePolicySetPolicyConstraint
    Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
    PolicyId string
    ID of the policy.
    ComplianceStandards []PosturePolicySetPolicyComplianceStandard
    Mapping for policy to security standards and controls. Structure is documented below.
    Description string
    Description of the policy.
    constraint PosturePolicySetPolicyConstraint
    Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
    policyId String
    ID of the policy.
    complianceStandards List<PosturePolicySetPolicyComplianceStandard>
    Mapping for policy to security standards and controls. Structure is documented below.
    description String
    Description of the policy.
    constraint PosturePolicySetPolicyConstraint
    Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
    policyId string
    ID of the policy.
    complianceStandards PosturePolicySetPolicyComplianceStandard[]
    Mapping for policy to security standards and controls. Structure is documented below.
    description string
    Description of the policy.
    constraint PosturePolicySetPolicyConstraint
    Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
    policy_id str
    ID of the policy.
    compliance_standards Sequence[PosturePolicySetPolicyComplianceStandard]
    Mapping for policy to security standards and controls. Structure is documented below.
    description str
    Description of the policy.
    constraint Property Map
    Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
    policyId String
    ID of the policy.
    complianceStandards List<Property Map>
    Mapping for policy to security standards and controls. Structure is documented below.
    description String
    Description of the policy.

    PosturePolicySetPolicyComplianceStandard, PosturePolicySetPolicyComplianceStandardArgs

    Control string
    Mapping of security controls for the policy.
    Standard string
    Mapping of compliance standards for the policy.
    Control string
    Mapping of security controls for the policy.
    Standard string
    Mapping of compliance standards for the policy.
    control String
    Mapping of security controls for the policy.
    standard String
    Mapping of compliance standards for the policy.
    control string
    Mapping of security controls for the policy.
    standard string
    Mapping of compliance standards for the policy.
    control str
    Mapping of security controls for the policy.
    standard str
    Mapping of compliance standards for the policy.
    control String
    Mapping of security controls for the policy.
    standard String
    Mapping of compliance standards for the policy.

    PosturePolicySetPolicyConstraint, PosturePolicySetPolicyConstraintArgs

    OrgPolicyConstraint PosturePolicySetPolicyConstraintOrgPolicyConstraint
    Organization policy canned constraint definition. Structure is documented below.
    OrgPolicyConstraintCustom PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom
    Organization policy custom constraint policy definition. Structure is documented below.
    SecurityHealthAnalyticsCustomModule PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule
    Definition of Security Health Analytics Custom Module. Structure is documented below.
    SecurityHealthAnalyticsModule PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule
    Security Health Analytics built-in detector definition. Structure is documented below.
    OrgPolicyConstraint PosturePolicySetPolicyConstraintOrgPolicyConstraint
    Organization policy canned constraint definition. Structure is documented below.
    OrgPolicyConstraintCustom PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom
    Organization policy custom constraint policy definition. Structure is documented below.
    SecurityHealthAnalyticsCustomModule PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule
    Definition of Security Health Analytics Custom Module. Structure is documented below.
    SecurityHealthAnalyticsModule PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule
    Security Health Analytics built-in detector definition. Structure is documented below.
    orgPolicyConstraint PosturePolicySetPolicyConstraintOrgPolicyConstraint
    Organization policy canned constraint definition. Structure is documented below.
    orgPolicyConstraintCustom PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom
    Organization policy custom constraint policy definition. Structure is documented below.
    securityHealthAnalyticsCustomModule PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule
    Definition of Security Health Analytics Custom Module. Structure is documented below.
    securityHealthAnalyticsModule PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule
    Security Health Analytics built-in detector definition. Structure is documented below.
    orgPolicyConstraint PosturePolicySetPolicyConstraintOrgPolicyConstraint
    Organization policy canned constraint definition. Structure is documented below.
    orgPolicyConstraintCustom PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom
    Organization policy custom constraint policy definition. Structure is documented below.
    securityHealthAnalyticsCustomModule PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule
    Definition of Security Health Analytics Custom Module. Structure is documented below.
    securityHealthAnalyticsModule PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule
    Security Health Analytics built-in detector definition. Structure is documented below.
    org_policy_constraint PosturePolicySetPolicyConstraintOrgPolicyConstraint
    Organization policy canned constraint definition. Structure is documented below.
    org_policy_constraint_custom PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom
    Organization policy custom constraint policy definition. Structure is documented below.
    security_health_analytics_custom_module PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule
    Definition of Security Health Analytics Custom Module. Structure is documented below.
    security_health_analytics_module PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule
    Security Health Analytics built-in detector definition. Structure is documented below.
    orgPolicyConstraint Property Map
    Organization policy canned constraint definition. Structure is documented below.
    orgPolicyConstraintCustom Property Map
    Organization policy custom constraint policy definition. Structure is documented below.
    securityHealthAnalyticsCustomModule Property Map
    Definition of Security Health Analytics Custom Module. Structure is documented below.
    securityHealthAnalyticsModule Property Map
    Security Health Analytics built-in detector definition. Structure is documented below.

    PosturePolicySetPolicyConstraintOrgPolicyConstraint, PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs

    CannedConstraintId string
    Organization policy canned constraint Id
    PolicyRules List<PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule>
    Definition of policy rules Structure is documented below.
    CannedConstraintId string
    Organization policy canned constraint Id
    PolicyRules []PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule
    Definition of policy rules Structure is documented below.
    cannedConstraintId String
    Organization policy canned constraint Id
    policyRules List<PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule>
    Definition of policy rules Structure is documented below.
    cannedConstraintId string
    Organization policy canned constraint Id
    policyRules PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule[]
    Definition of policy rules Structure is documented below.
    canned_constraint_id str
    Organization policy canned constraint Id
    policy_rules Sequence[PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule]
    Definition of policy rules Structure is documented below.
    cannedConstraintId String
    Organization policy canned constraint Id
    policyRules List<Property Map>
    Definition of policy rules Structure is documented below.

    PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs

    PolicyRules List<PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule>
    Definition of policy rules Structure is documented below.
    CustomConstraint PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint
    Organization policy custom constraint definition. Structure is documented below.
    PolicyRules []PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule
    Definition of policy rules Structure is documented below.
    CustomConstraint PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint
    Organization policy custom constraint definition. Structure is documented below.
    policyRules List<PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule>
    Definition of policy rules Structure is documented below.
    customConstraint PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint
    Organization policy custom constraint definition. Structure is documented below.
    policyRules PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule[]
    Definition of policy rules Structure is documented below.
    customConstraint PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint
    Organization policy custom constraint definition. Structure is documented below.
    policy_rules Sequence[PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule]
    Definition of policy rules Structure is documented below.
    custom_constraint PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint
    Organization policy custom constraint definition. Structure is documented below.
    policyRules List<Property Map>
    Definition of policy rules Structure is documented below.
    customConstraint Property Map
    Organization policy custom constraint definition. Structure is documented below.

    PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs

    ActionType string
    The action to take if the condition is met. Possible values are: ALLOW, DENY.
    Condition string
    A CEL condition that refers to a supported service resource, for example resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language.
    MethodTypes List<string>
    A list of RESTful methods for which to enforce the constraint. Can be CREATE, UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services.
    Name string
    Immutable. The name of the custom constraint. This is unique within the organization.
    ResourceTypes List<string>
    Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, container.googleapis.com/NodePool.
    Description string
    A human-friendly description of the constraint to display as an error message when the policy is violated.
    DisplayName string
    A human-friendly name for the constraint.
    ActionType string
    The action to take if the condition is met. Possible values are: ALLOW, DENY.
    Condition string
    A CEL condition that refers to a supported service resource, for example resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language.
    MethodTypes []string
    A list of RESTful methods for which to enforce the constraint. Can be CREATE, UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services.
    Name string
    Immutable. The name of the custom constraint. This is unique within the organization.
    ResourceTypes []string
    Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, container.googleapis.com/NodePool.
    Description string
    A human-friendly description of the constraint to display as an error message when the policy is violated.
    DisplayName string
    A human-friendly name for the constraint.
    actionType String
    The action to take if the condition is met. Possible values are: ALLOW, DENY.
    condition String
    A CEL condition that refers to a supported service resource, for example resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language.
    methodTypes List<String>
    A list of RESTful methods for which to enforce the constraint. Can be CREATE, UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services.
    name String
    Immutable. The name of the custom constraint. This is unique within the organization.
    resourceTypes List<String>
    Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, container.googleapis.com/NodePool.
    description String
    A human-friendly description of the constraint to display as an error message when the policy is violated.
    displayName String
    A human-friendly name for the constraint.
    actionType string
    The action to take if the condition is met. Possible values are: ALLOW, DENY.
    condition string
    A CEL condition that refers to a supported service resource, for example resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language.
    methodTypes string[]
    A list of RESTful methods for which to enforce the constraint. Can be CREATE, UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services.
    name string
    Immutable. The name of the custom constraint. This is unique within the organization.
    resourceTypes string[]
    Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, container.googleapis.com/NodePool.
    description string
    A human-friendly description of the constraint to display as an error message when the policy is violated.
    displayName string
    A human-friendly name for the constraint.
    action_type str
    The action to take if the condition is met. Possible values are: ALLOW, DENY.
    condition str
    A CEL condition that refers to a supported service resource, for example resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language.
    method_types Sequence[str]
    A list of RESTful methods for which to enforce the constraint. Can be CREATE, UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services.
    name str
    Immutable. The name of the custom constraint. This is unique within the organization.
    resource_types Sequence[str]
    Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, container.googleapis.com/NodePool.
    description str
    A human-friendly description of the constraint to display as an error message when the policy is violated.
    display_name str
    A human-friendly name for the constraint.
    actionType String
    The action to take if the condition is met. Possible values are: ALLOW, DENY.
    condition String
    A CEL condition that refers to a supported service resource, for example resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language.
    methodTypes List<String>
    A list of RESTful methods for which to enforce the constraint. Can be CREATE, UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services.
    name String
    Immutable. The name of the custom constraint. This is unique within the organization.
    resourceTypes List<String>
    Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, container.googleapis.com/NodePool.
    description String
    A human-friendly description of the constraint to display as an error message when the policy is violated.
    displayName String
    A human-friendly name for the constraint.

    PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs

    AllowAll bool
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    Condition PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    DenyAll bool
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    Enforce bool
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    Values PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    AllowAll bool
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    Condition PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    DenyAll bool
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    Enforce bool
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    Values PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    allowAll Boolean
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    condition PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    denyAll Boolean
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    enforce Boolean
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    values PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    allowAll boolean
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    condition PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    denyAll boolean
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    enforce boolean
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    values PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    allow_all bool
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    condition PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    deny_all bool
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    enforce bool
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    values PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    allowAll Boolean
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    condition Property Map
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    denyAll Boolean
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    enforce Boolean
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    values Property Map
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.

    PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleCondition, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs

    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    Title string
    Title for the expression, i.e. a short string describing its purpose.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    Title string
    Title for the expression, i.e. a short string describing its purpose.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title String
    Title for the expression, i.e. a short string describing its purpose.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    description string
    Description of the expression
    location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title string
    Title for the expression, i.e. a short string describing its purpose.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    description str
    Description of the expression
    location str
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title str
    Title for the expression, i.e. a short string describing its purpose.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title String
    Title for the expression, i.e. a short string describing its purpose.

    PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs

    AllowedValues List<string>
    List of values allowed at this resource.
    DeniedValues List<string>
    List of values denied at this resource.
    AllowedValues []string
    List of values allowed at this resource.
    DeniedValues []string
    List of values denied at this resource.
    allowedValues List<String>
    List of values allowed at this resource.
    deniedValues List<String>
    List of values denied at this resource.
    allowedValues string[]
    List of values allowed at this resource.
    deniedValues string[]
    List of values denied at this resource.
    allowed_values Sequence[str]
    List of values allowed at this resource.
    denied_values Sequence[str]
    List of values denied at this resource.
    allowedValues List<String>
    List of values allowed at this resource.
    deniedValues List<String>
    List of values denied at this resource.

    PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule, PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs

    AllowAll bool
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    Condition PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    DenyAll bool
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    Enforce bool
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    Values PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    AllowAll bool
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    Condition PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    DenyAll bool
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    Enforce bool
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    Values PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    allowAll Boolean
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    condition PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    denyAll Boolean
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    enforce Boolean
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    values PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    allowAll boolean
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    condition PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    denyAll boolean
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    enforce boolean
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    values PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    allow_all bool
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    condition PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleCondition
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    deny_all bool
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    enforce bool
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    values PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
    allowAll Boolean
    Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
    condition Property Map
    Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
    denyAll Boolean
    Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
    enforce Boolean
    If true, then the policy is enforced. If false, then any configuration is acceptable. This field can be set only in policies for boolean constraints.
    values Property Map
    List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.

    PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleCondition, PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs

    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    Title string
    Title for the expression, i.e. a short string describing its purpose.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    Title string
    Title for the expression, i.e. a short string describing its purpose.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title String
    Title for the expression, i.e. a short string describing its purpose.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    description string
    Description of the expression
    location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title string
    Title for the expression, i.e. a short string describing its purpose.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    description str
    Description of the expression
    location str
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title str
    Title for the expression, i.e. a short string describing its purpose.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title String
    Title for the expression, i.e. a short string describing its purpose.

    PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues, PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs

    AllowedValues List<string>
    List of values allowed at this resource.
    DeniedValues List<string>
    List of values denied at this resource.
    AllowedValues []string
    List of values allowed at this resource.
    DeniedValues []string
    List of values denied at this resource.
    allowedValues List<String>
    List of values allowed at this resource.
    deniedValues List<String>
    List of values denied at this resource.
    allowedValues string[]
    List of values allowed at this resource.
    deniedValues string[]
    List of values denied at this resource.
    allowed_values Sequence[str]
    List of values allowed at this resource.
    denied_values Sequence[str]
    List of values denied at this resource.
    allowedValues List<String>
    List of values allowed at this resource.
    deniedValues List<String>
    List of values denied at this resource.

    PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs

    Config PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig
    Custom module details. Structure is documented below.
    DisplayName string
    The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
    Id string
    (Output) A server generated id of custom module.
    ModuleEnablementState string
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    Config PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig
    Custom module details. Structure is documented below.
    DisplayName string
    The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
    Id string
    (Output) A server generated id of custom module.
    ModuleEnablementState string
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    config PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig
    Custom module details. Structure is documented below.
    displayName String
    The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
    id String
    (Output) A server generated id of custom module.
    moduleEnablementState String
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    config PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig
    Custom module details. Structure is documented below.
    displayName string
    The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
    id string
    (Output) A server generated id of custom module.
    moduleEnablementState string
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    config PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig
    Custom module details. Structure is documented below.
    display_name str
    The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
    id str
    (Output) A server generated id of custom module.
    module_enablement_state str
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    config Property Map
    Custom module details. Structure is documented below.
    displayName String
    The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
    id String
    (Output) A server generated id of custom module.
    moduleEnablementState String
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.

    PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs

    Predicate PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate
    The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
    ResourceSelector PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector
    The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
    Severity string
    The severity to assign to findings generated by the module. Possible values are: SEVERITY_UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW.
    CustomOutput PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput
    Custom output properties. A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties. Structure is documented below.
    Description string
    Text that describes the vulnerability or misconfiguration that the custom module detects.
    Recommendation string
    An explanation of the recommended steps that security teams can take to resolve the detected issue
    Predicate PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate
    The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
    ResourceSelector PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector
    The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
    Severity string
    The severity to assign to findings generated by the module. Possible values are: SEVERITY_UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW.
    CustomOutput PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput
    Custom output properties. A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties. Structure is documented below.
    Description string
    Text that describes the vulnerability or misconfiguration that the custom module detects.
    Recommendation string
    An explanation of the recommended steps that security teams can take to resolve the detected issue
    predicate PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate
    The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
    resourceSelector PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector
    The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
    severity String
    The severity to assign to findings generated by the module. Possible values are: SEVERITY_UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW.
    customOutput PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput
    Custom output properties. A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties. Structure is documented below.
    description String
    Text that describes the vulnerability or misconfiguration that the custom module detects.
    recommendation String
    An explanation of the recommended steps that security teams can take to resolve the detected issue
    predicate PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate
    The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
    resourceSelector PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector
    The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
    severity string
    The severity to assign to findings generated by the module. Possible values are: SEVERITY_UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW.
    customOutput PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput
    Custom output properties. A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties. Structure is documented below.
    description string
    Text that describes the vulnerability or misconfiguration that the custom module detects.
    recommendation string
    An explanation of the recommended steps that security teams can take to resolve the detected issue
    predicate PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate
    The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
    resource_selector PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector
    The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
    severity str
    The severity to assign to findings generated by the module. Possible values are: SEVERITY_UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW.
    custom_output PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput
    Custom output properties. A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties. Structure is documented below.
    description str
    Text that describes the vulnerability or misconfiguration that the custom module detects.
    recommendation str
    An explanation of the recommended steps that security teams can take to resolve the detected issue
    predicate Property Map
    The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
    resourceSelector Property Map
    The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
    severity String
    The severity to assign to findings generated by the module. Possible values are: SEVERITY_UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW.
    customOutput Property Map
    Custom output properties. A set of optional name-value pairs that define custom source properties to return with each finding that is generated by the custom module. The custom source properties that are defined here are included in the finding JSON under sourceProperties. Structure is documented below.
    description String
    Text that describes the vulnerability or misconfiguration that the custom module detects.
    recommendation String
    An explanation of the recommended steps that security teams can take to resolve the detected issue

    PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs

    Properties List<PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty>
    A list of custom output properties to add to the finding. Structure is documented below.
    Properties []PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty
    A list of custom output properties to add to the finding. Structure is documented below.
    properties List<PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty>
    A list of custom output properties to add to the finding. Structure is documented below.
    properties PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty[]
    A list of custom output properties to add to the finding. Structure is documented below.
    properties Sequence[PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty]
    A list of custom output properties to add to the finding. Structure is documented below.
    properties List<Property Map>
    A list of custom output properties to add to the finding. Structure is documented below.

    PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs

    Name string
    Name of the property for the custom output.
    ValueExpression PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression
    The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
    Name string
    Name of the property for the custom output.
    ValueExpression PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression
    The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
    name String
    Name of the property for the custom output.
    valueExpression PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression
    The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
    name string
    Name of the property for the custom output.
    valueExpression PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression
    The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
    name str
    Name of the property for the custom output.
    value_expression PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression
    The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
    name String
    Name of the property for the custom output.
    valueExpression Property Map
    The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.

    PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs

    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    Title string
    Title for the expression, i.e. a short string describing its purpose.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    Title string
    Title for the expression, i.e. a short string describing its purpose.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title String
    Title for the expression, i.e. a short string describing its purpose.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    description string
    Description of the expression
    location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title string
    Title for the expression, i.e. a short string describing its purpose.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    description str
    Description of the expression
    location str
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title str
    Title for the expression, i.e. a short string describing its purpose.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title String
    Title for the expression, i.e. a short string describing its purpose.

    PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs

    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    Title string
    Title for the expression, i.e. a short string describing its purpose.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    Title string
    Title for the expression, i.e. a short string describing its purpose.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title String
    Title for the expression, i.e. a short string describing its purpose.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    description string
    Description of the expression
    location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title string
    Title for the expression, i.e. a short string describing its purpose.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    description str
    Description of the expression
    location str
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title str
    Title for the expression, i.e. a short string describing its purpose.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
    title String
    Title for the expression, i.e. a short string describing its purpose.

    PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs

    ResourceTypes List<string>
    The resource types to run the detector on.


    ResourceTypes []string
    The resource types to run the detector on.


    resourceTypes List<String>
    The resource types to run the detector on.


    resourceTypes string[]
    The resource types to run the detector on.


    resource_types Sequence[str]
    The resource types to run the detector on.


    resourceTypes List<String>
    The resource types to run the detector on.


    PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs

    ModuleName string
    The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
    ModuleEnablementState string
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    ModuleName string
    The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
    ModuleEnablementState string
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    moduleName String
    The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
    moduleEnablementState String
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    moduleName string
    The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
    moduleEnablementState string
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    module_name str
    The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
    module_enablement_state str
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.
    moduleName String
    The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
    moduleEnablementState String
    The state of enablement for the module at its level of the resource hierarchy. Possible values are: ENABLEMENT_STATE_UNSPECIFIED, ENABLED, DISABLED.

    Import

    Posture can be imported using any of these accepted formats:

    • {{parent}}/locations/{{location}}/postures/{{posture_id}}

    When using the pulumi import command, Posture can be imported using one of the formats above. For example:

    $ pulumi import gcp:securityposture/posture:Posture default {{parent}}/locations/{{location}}/postures/{{posture_id}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi