Viewing docs for Google Cloud v9.24.0
published on Friday, May 22, 2026 by Pulumi
published on Friday, May 22, 2026 by Pulumi
Viewing docs for Google Cloud v9.24.0
published on Friday, May 22, 2026 by Pulumi
published on Friday, May 22, 2026 by Pulumi
Organization security policies are used to control incoming/outgoing traffic.
To get more information about OrganizationSecurityPolicy, see:
- API documentation
- How-to Guides
Example Usage
Organization Security Policy Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
shortName: "my-short-name",
parent: "organizations/123456789",
type: "CLOUD_ARMOR",
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
short_name="my-short-name",
parent="organizations/123456789",
type="CLOUD_ARMOR")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
ShortName: pulumi.String("my-short-name"),
Parent: pulumi.String("organizations/123456789"),
Type: pulumi.String("CLOUD_ARMOR"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
ShortName = "my-short-name",
Parent = "organizations/123456789",
Type = "CLOUD_ARMOR",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.shortName("my-short-name")
.parent("organizations/123456789")
.type("CLOUD_ARMOR")
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
shortName: my-short-name
parent: organizations/123456789
type: CLOUD_ARMOR
Example coming soon!
Organization Security Policy With Advanced Options
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policy = new gcp.compute.OrganizationSecurityPolicy("policy", {
shortName: "security-policy",
parent: "organizations/123456789",
type: "CLOUD_ARMOR",
advancedOptionsConfig: {
jsonParsing: "STANDARD_WITH_GRAPHQL",
logLevel: "VERBOSE",
jsonCustomConfig: {
contentTypes: ["application/vnd.api+json"],
},
userIpRequestHeaders: ["X-Forwarded-For"],
requestBodyInspectionSize: "64KB",
},
});
import pulumi
import pulumi_gcp as gcp
policy = gcp.compute.OrganizationSecurityPolicy("policy",
short_name="security-policy",
parent="organizations/123456789",
type="CLOUD_ARMOR",
advanced_options_config={
"json_parsing": "STANDARD_WITH_GRAPHQL",
"log_level": "VERBOSE",
"json_custom_config": {
"content_types": ["application/vnd.api+json"],
},
"user_ip_request_headers": ["X-Forwarded-For"],
"request_body_inspection_size": "64KB",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewOrganizationSecurityPolicy(ctx, "policy", &compute.OrganizationSecurityPolicyArgs{
ShortName: pulumi.String("security-policy"),
Parent: pulumi.String("organizations/123456789"),
Type: pulumi.String("CLOUD_ARMOR"),
AdvancedOptionsConfig: &compute.OrganizationSecurityPolicyAdvancedOptionsConfigArgs{
JsonParsing: pulumi.String("STANDARD_WITH_GRAPHQL"),
LogLevel: pulumi.String("VERBOSE"),
JsonCustomConfig: &compute.OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs{
ContentTypes: pulumi.StringArray{
pulumi.String("application/vnd.api+json"),
},
},
UserIpRequestHeaders: pulumi.StringArray{
pulumi.String("X-Forwarded-For"),
},
RequestBodyInspectionSize: pulumi.String("64KB"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policy = new Gcp.Compute.OrganizationSecurityPolicy("policy", new()
{
ShortName = "security-policy",
Parent = "organizations/123456789",
Type = "CLOUD_ARMOR",
AdvancedOptionsConfig = new Gcp.Compute.Inputs.OrganizationSecurityPolicyAdvancedOptionsConfigArgs
{
JsonParsing = "STANDARD_WITH_GRAPHQL",
LogLevel = "VERBOSE",
JsonCustomConfig = new Gcp.Compute.Inputs.OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs
{
ContentTypes = new[]
{
"application/vnd.api+json",
},
},
UserIpRequestHeaders = new[]
{
"X-Forwarded-For",
},
RequestBodyInspectionSize = "64KB",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyAdvancedOptionsConfigArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new OrganizationSecurityPolicy("policy", OrganizationSecurityPolicyArgs.builder()
.shortName("security-policy")
.parent("organizations/123456789")
.type("CLOUD_ARMOR")
.advancedOptionsConfig(OrganizationSecurityPolicyAdvancedOptionsConfigArgs.builder()
.jsonParsing("STANDARD_WITH_GRAPHQL")
.logLevel("VERBOSE")
.jsonCustomConfig(OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs.builder()
.contentTypes("application/vnd.api+json")
.build())
.userIpRequestHeaders("X-Forwarded-For")
.requestBodyInspectionSize("64KB")
.build())
.build());
}
}
resources:
policy:
type: gcp:compute:OrganizationSecurityPolicy
properties:
shortName: security-policy
parent: organizations/123456789
type: CLOUD_ARMOR
advancedOptionsConfig:
jsonParsing: STANDARD_WITH_GRAPHQL
logLevel: VERBOSE
jsonCustomConfig:
contentTypes:
- application/vnd.api+json
userIpRequestHeaders:
- X-Forwarded-For
requestBodyInspectionSize: 64KB
Example coming soon!
Create OrganizationSecurityPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationSecurityPolicy(name: string, args: OrganizationSecurityPolicyArgs, opts?: CustomResourceOptions);@overload
def OrganizationSecurityPolicy(resource_name: str,
args: OrganizationSecurityPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationSecurityPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
parent: Optional[str] = None,
advanced_options_config: Optional[OrganizationSecurityPolicyAdvancedOptionsConfigArgs] = None,
deletion_policy: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
short_name: Optional[str] = None,
type: Optional[str] = None)func NewOrganizationSecurityPolicy(ctx *Context, name string, args OrganizationSecurityPolicyArgs, opts ...ResourceOption) (*OrganizationSecurityPolicy, error)public OrganizationSecurityPolicy(string name, OrganizationSecurityPolicyArgs args, CustomResourceOptions? opts = null)
public OrganizationSecurityPolicy(String name, OrganizationSecurityPolicyArgs args)
public OrganizationSecurityPolicy(String name, OrganizationSecurityPolicyArgs args, CustomResourceOptions options)
type: gcp:compute:OrganizationSecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "gcp_compute_organizationsecuritypolicy" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationSecurityPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationSecurityPolicyResource = new Gcp.Compute.OrganizationSecurityPolicy("organizationSecurityPolicyResource", new()
{
Parent = "string",
AdvancedOptionsConfig = new Gcp.Compute.Inputs.OrganizationSecurityPolicyAdvancedOptionsConfigArgs
{
JsonCustomConfig = new Gcp.Compute.Inputs.OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs
{
ContentTypes = new[]
{
"string",
},
},
JsonParsing = "string",
LogLevel = "string",
RequestBodyInspectionSize = "string",
UserIpRequestHeaders = new[]
{
"string",
},
},
DeletionPolicy = "string",
Description = "string",
DisplayName = "string",
ShortName = "string",
Type = "string",
});
example, err := compute.NewOrganizationSecurityPolicy(ctx, "organizationSecurityPolicyResource", &compute.OrganizationSecurityPolicyArgs{
Parent: pulumi.String("string"),
AdvancedOptionsConfig: &compute.OrganizationSecurityPolicyAdvancedOptionsConfigArgs{
JsonCustomConfig: &compute.OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs{
ContentTypes: pulumi.StringArray{
pulumi.String("string"),
},
},
JsonParsing: pulumi.String("string"),
LogLevel: pulumi.String("string"),
RequestBodyInspectionSize: pulumi.String("string"),
UserIpRequestHeaders: pulumi.StringArray{
pulumi.String("string"),
},
},
DeletionPolicy: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
ShortName: pulumi.String("string"),
Type: pulumi.String("string"),
})
resource "gcp_compute_organizationsecuritypolicy" "organizationSecurityPolicyResource" {
parent = "string"
advanced_options_config = {
json_custom_config = {
content_types = ["string"]
}
json_parsing = "string"
log_level = "string"
request_body_inspection_size = "string"
user_ip_request_headers = ["string"]
}
deletion_policy = "string"
description = "string"
display_name = "string"
short_name = "string"
type = "string"
}
var organizationSecurityPolicyResource = new OrganizationSecurityPolicy("organizationSecurityPolicyResource", OrganizationSecurityPolicyArgs.builder()
.parent("string")
.advancedOptionsConfig(OrganizationSecurityPolicyAdvancedOptionsConfigArgs.builder()
.jsonCustomConfig(OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs.builder()
.contentTypes("string")
.build())
.jsonParsing("string")
.logLevel("string")
.requestBodyInspectionSize("string")
.userIpRequestHeaders("string")
.build())
.deletionPolicy("string")
.description("string")
.displayName("string")
.shortName("string")
.type("string")
.build());
organization_security_policy_resource = gcp.compute.OrganizationSecurityPolicy("organizationSecurityPolicyResource",
parent="string",
advanced_options_config={
"json_custom_config": {
"content_types": ["string"],
},
"json_parsing": "string",
"log_level": "string",
"request_body_inspection_size": "string",
"user_ip_request_headers": ["string"],
},
deletion_policy="string",
description="string",
display_name="string",
short_name="string",
type="string")
const organizationSecurityPolicyResource = new gcp.compute.OrganizationSecurityPolicy("organizationSecurityPolicyResource", {
parent: "string",
advancedOptionsConfig: {
jsonCustomConfig: {
contentTypes: ["string"],
},
jsonParsing: "string",
logLevel: "string",
requestBodyInspectionSize: "string",
userIpRequestHeaders: ["string"],
},
deletionPolicy: "string",
description: "string",
displayName: "string",
shortName: "string",
type: "string",
});
type: gcp:compute:OrganizationSecurityPolicy
properties:
advancedOptionsConfig:
jsonCustomConfig:
contentTypes:
- string
jsonParsing: string
logLevel: string
requestBodyInspectionSize: string
userIpRequestHeaders:
- string
deletionPolicy: string
description: string
displayName: string
parent: string
shortName: string
type: string
OrganizationSecurityPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationSecurityPolicy resource accepts the following input properties:
- Parent string
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- Advanced
Options OrganizationConfig Security Policy Advanced Options Config - Additional options for this security policy. Structure is documented below.
- Deletion
Policy string - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- Description string
- A textual description for the organization security policy.
- Display
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- Short
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- Type string
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- Parent string
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- Advanced
Options OrganizationConfig Security Policy Advanced Options Config Args - Additional options for this security policy. Structure is documented below.
- Deletion
Policy string - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- Description string
- A textual description for the organization security policy.
- Display
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- Short
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- Type string
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- parent string
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- advanced_
options_ objectconfig - Additional options for this security policy. Structure is documented below.
- deletion_
policy string - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description string
- A textual description for the organization security policy.
- display_
name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- short_
name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type string
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- parent String
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- advanced
Options OrganizationConfig Security Policy Advanced Options Config - Additional options for this security policy. Structure is documented below.
- deletion
Policy String - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description String
- A textual description for the organization security policy.
- display
Name String - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- short
Name String - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type String
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- parent string
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- advanced
Options OrganizationConfig Security Policy Advanced Options Config - Additional options for this security policy. Structure is documented below.
- deletion
Policy string - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description string
- A textual description for the organization security policy.
- display
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- short
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type string
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- parent str
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- advanced_
options_ Organizationconfig Security Policy Advanced Options Config Args - Additional options for this security policy. Structure is documented below.
- deletion_
policy str - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description str
- A textual description for the organization security policy.
- display_
name str - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- short_
name str - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type str
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- parent String
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- advanced
Options Property MapConfig - Additional options for this security policy. Structure is documented below.
- deletion
Policy String - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description String
- A textual description for the organization security policy.
- display
Name String - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- short
Name String - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type String
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationSecurityPolicy resource produces the following output properties:
- Fingerprint string
- Fingerprint of this resource. This field is used internally during updates of this resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Id string - The unique identifier for the resource. This identifier is defined by the server.
- Fingerprint string
- Fingerprint of this resource. This field is used internally during updates of this resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Id string - The unique identifier for the resource. This identifier is defined by the server.
- fingerprint string
- Fingerprint of this resource. This field is used internally during updates of this resource.
- id string
- The provider-assigned unique ID for this managed resource.
- policy_
id string - The unique identifier for the resource. This identifier is defined by the server.
- fingerprint String
- Fingerprint of this resource. This field is used internally during updates of this resource.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Id String - The unique identifier for the resource. This identifier is defined by the server.
- fingerprint string
- Fingerprint of this resource. This field is used internally during updates of this resource.
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Id string - The unique identifier for the resource. This identifier is defined by the server.
- fingerprint str
- Fingerprint of this resource. This field is used internally during updates of this resource.
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
id str - The unique identifier for the resource. This identifier is defined by the server.
- fingerprint String
- Fingerprint of this resource. This field is used internally during updates of this resource.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Id String - The unique identifier for the resource. This identifier is defined by the server.
Look up Existing OrganizationSecurityPolicy Resource
Get an existing OrganizationSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationSecurityPolicyState, opts?: CustomResourceOptions): OrganizationSecurityPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
advanced_options_config: Optional[OrganizationSecurityPolicyAdvancedOptionsConfigArgs] = None,
deletion_policy: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
fingerprint: Optional[str] = None,
parent: Optional[str] = None,
policy_id: Optional[str] = None,
short_name: Optional[str] = None,
type: Optional[str] = None) -> OrganizationSecurityPolicyfunc GetOrganizationSecurityPolicy(ctx *Context, name string, id IDInput, state *OrganizationSecurityPolicyState, opts ...ResourceOption) (*OrganizationSecurityPolicy, error)public static OrganizationSecurityPolicy Get(string name, Input<string> id, OrganizationSecurityPolicyState? state, CustomResourceOptions? opts = null)public static OrganizationSecurityPolicy get(String name, Output<String> id, OrganizationSecurityPolicyState state, CustomResourceOptions options)resources: _: type: gcp:compute:OrganizationSecurityPolicy get: id: ${id}import {
to = gcp_compute_organizationsecuritypolicy.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Advanced
Options OrganizationConfig Security Policy Advanced Options Config - Additional options for this security policy. Structure is documented below.
- Deletion
Policy string - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- Description string
- A textual description for the organization security policy.
- Display
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- Fingerprint string
- Fingerprint of this resource. This field is used internally during updates of this resource.
- Parent string
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- Policy
Id string - The unique identifier for the resource. This identifier is defined by the server.
- Short
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- Type string
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- Advanced
Options OrganizationConfig Security Policy Advanced Options Config Args - Additional options for this security policy. Structure is documented below.
- Deletion
Policy string - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- Description string
- A textual description for the organization security policy.
- Display
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- Fingerprint string
- Fingerprint of this resource. This field is used internally during updates of this resource.
- Parent string
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- Policy
Id string - The unique identifier for the resource. This identifier is defined by the server.
- Short
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- Type string
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- advanced_
options_ objectconfig - Additional options for this security policy. Structure is documented below.
- deletion_
policy string - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description string
- A textual description for the organization security policy.
- display_
name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- fingerprint string
- Fingerprint of this resource. This field is used internally during updates of this resource.
- parent string
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- policy_
id string - The unique identifier for the resource. This identifier is defined by the server.
- short_
name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type string
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- advanced
Options OrganizationConfig Security Policy Advanced Options Config - Additional options for this security policy. Structure is documented below.
- deletion
Policy String - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description String
- A textual description for the organization security policy.
- display
Name String - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- fingerprint String
- Fingerprint of this resource. This field is used internally during updates of this resource.
- parent String
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- policy
Id String - The unique identifier for the resource. This identifier is defined by the server.
- short
Name String - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type String
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- advanced
Options OrganizationConfig Security Policy Advanced Options Config - Additional options for this security policy. Structure is documented below.
- deletion
Policy string - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description string
- A textual description for the organization security policy.
- display
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- fingerprint string
- Fingerprint of this resource. This field is used internally during updates of this resource.
- parent string
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- policy
Id string - The unique identifier for the resource. This identifier is defined by the server.
- short
Name string - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type string
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- advanced_
options_ Organizationconfig Security Policy Advanced Options Config Args - Additional options for this security policy. Structure is documented below.
- deletion_
policy str - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description str
- A textual description for the organization security policy.
- display_
name str - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- fingerprint str
- Fingerprint of this resource. This field is used internally during updates of this resource.
- parent str
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- policy_
id str - The unique identifier for the resource. This identifier is defined by the server.
- short_
name str - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type str
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
- advanced
Options Property MapConfig - Additional options for this security policy. Structure is documented below.
- deletion
Policy String - Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. When a 'terraform destroy' or 'pulumi up' would delete the resource, the command will fail if this field is set to "PREVENT" in Terraform state. When set to "ABANDON", the command will remove the resource from Terraform management without updating or deleting the resource in the API. When set to "DELETE", deleting the resource is allowed.
- description String
- A textual description for the organization security policy.
- display
Name String - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
- fingerprint String
- Fingerprint of this resource. This field is used internally during updates of this resource.
- parent String
- The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
- policy
Id String - The unique identifier for the resource. This identifier is defined by the server.
- short
Name String - User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
- type String
- The type indicates the intended use of the security policy. This field can be set only at resource creation time.
NOTE : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
Possible values are:
FIREWALL,CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_INTERNAL_SERVICE,CLOUD_ARMOR_NETWORK.
Supporting Types
OrganizationSecurityPolicyAdvancedOptionsConfig, OrganizationSecurityPolicyAdvancedOptionsConfigArgs
- Json
Custom OrganizationConfig Security Policy Advanced Options Config Json Custom Config - Custom JSON parsing configurations. Structure is documented below.
- Json
Parsing string - JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
Possible values are:
DISABLED,STANDARD,STANDARD_WITH_GRAPHQL. - Log
Level string - Logging level. Supported values include: "NORMAL", "VERBOSE".
Possible values are:
NORMAL,VERBOSE. - Request
Body stringInspection Size - The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB", "32KB", "48KB" and "64KB".
Values are case insensitive.
Possible values are:
8KB,16KB,32KB,48KB,64KB. - User
Ip List<string>Request Headers - An optional list of case-insensitive request header names to use for resolving the client source IP address.
- Json
Custom OrganizationConfig Security Policy Advanced Options Config Json Custom Config - Custom JSON parsing configurations. Structure is documented below.
- Json
Parsing string - JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
Possible values are:
DISABLED,STANDARD,STANDARD_WITH_GRAPHQL. - Log
Level string - Logging level. Supported values include: "NORMAL", "VERBOSE".
Possible values are:
NORMAL,VERBOSE. - Request
Body stringInspection Size - The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB", "32KB", "48KB" and "64KB".
Values are case insensitive.
Possible values are:
8KB,16KB,32KB,48KB,64KB. - User
Ip []stringRequest Headers - An optional list of case-insensitive request header names to use for resolving the client source IP address.
- json_
custom_ objectconfig - Custom JSON parsing configurations. Structure is documented below.
- json_
parsing string - JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
Possible values are:
DISABLED,STANDARD,STANDARD_WITH_GRAPHQL. - log_
level string - Logging level. Supported values include: "NORMAL", "VERBOSE".
Possible values are:
NORMAL,VERBOSE. - request_
body_ stringinspection_ size - The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB", "32KB", "48KB" and "64KB".
Values are case insensitive.
Possible values are:
8KB,16KB,32KB,48KB,64KB. - user_
ip_ list(string)request_ headers - An optional list of case-insensitive request header names to use for resolving the client source IP address.
- json
Custom OrganizationConfig Security Policy Advanced Options Config Json Custom Config - Custom JSON parsing configurations. Structure is documented below.
- json
Parsing String - JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
Possible values are:
DISABLED,STANDARD,STANDARD_WITH_GRAPHQL. - log
Level String - Logging level. Supported values include: "NORMAL", "VERBOSE".
Possible values are:
NORMAL,VERBOSE. - request
Body StringInspection Size - The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB", "32KB", "48KB" and "64KB".
Values are case insensitive.
Possible values are:
8KB,16KB,32KB,48KB,64KB. - user
Ip List<String>Request Headers - An optional list of case-insensitive request header names to use for resolving the client source IP address.
- json
Custom OrganizationConfig Security Policy Advanced Options Config Json Custom Config - Custom JSON parsing configurations. Structure is documented below.
- json
Parsing string - JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
Possible values are:
DISABLED,STANDARD,STANDARD_WITH_GRAPHQL. - log
Level string - Logging level. Supported values include: "NORMAL", "VERBOSE".
Possible values are:
NORMAL,VERBOSE. - request
Body stringInspection Size - The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB", "32KB", "48KB" and "64KB".
Values are case insensitive.
Possible values are:
8KB,16KB,32KB,48KB,64KB. - user
Ip string[]Request Headers - An optional list of case-insensitive request header names to use for resolving the client source IP address.
- json_
custom_ Organizationconfig Security Policy Advanced Options Config Json Custom Config - Custom JSON parsing configurations. Structure is documented below.
- json_
parsing str - JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
Possible values are:
DISABLED,STANDARD,STANDARD_WITH_GRAPHQL. - log_
level str - Logging level. Supported values include: "NORMAL", "VERBOSE".
Possible values are:
NORMAL,VERBOSE. - request_
body_ strinspection_ size - The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB", "32KB", "48KB" and "64KB".
Values are case insensitive.
Possible values are:
8KB,16KB,32KB,48KB,64KB. - user_
ip_ Sequence[str]request_ headers - An optional list of case-insensitive request header names to use for resolving the client source IP address.
- json
Custom Property MapConfig - Custom JSON parsing configurations. Structure is documented below.
- json
Parsing String - JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
Possible values are:
DISABLED,STANDARD,STANDARD_WITH_GRAPHQL. - log
Level String - Logging level. Supported values include: "NORMAL", "VERBOSE".
Possible values are:
NORMAL,VERBOSE. - request
Body StringInspection Size - The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB", "32KB", "48KB" and "64KB".
Values are case insensitive.
Possible values are:
8KB,16KB,32KB,48KB,64KB. - user
Ip List<String>Request Headers - An optional list of case-insensitive request header names to use for resolving the client source IP address.
OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfig, OrganizationSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs
- Content
Types List<string> - A list of content types to be parsed as JSON.
- Content
Types []string - A list of content types to be parsed as JSON.
- content_
types list(string) - A list of content types to be parsed as JSON.
- content
Types List<String> - A list of content types to be parsed as JSON.
- content
Types string[] - A list of content types to be parsed as JSON.
- content_
types Sequence[str] - A list of content types to be parsed as JSON.
- content
Types List<String> - A list of content types to be parsed as JSON.
Import
OrganizationSecurityPolicy can be imported using any of these accepted formats:
locations/global/securityPolicies/{{policy_id}}{{policy_id}}
When using the pulumi import command, OrganizationSecurityPolicy can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/organizationSecurityPolicy:OrganizationSecurityPolicy default locations/global/securityPolicies/{{policy_id}}
$ pulumi import gcp:compute/organizationSecurityPolicy:OrganizationSecurityPolicy default {{policy_id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
Viewing docs for Google Cloud v9.24.0
published on Friday, May 22, 2026 by Pulumi
published on Friday, May 22, 2026 by Pulumi