pub struct RegionSecurityPolicyResult {
pub ddos_protection_config: Output<Option<RegionSecurityPolicyDdosProtectionConfig>>,
pub description: Output<Option<String>>,
pub fingerprint: Output<String>,
pub name: Output<String>,
pub policy_id: Output<String>,
pub project: Output<String>,
pub region: Output<String>,
pub rules: Output<Vec<RegionSecurityPolicyRule>>,
pub self_link: Output<String>,
pub self_link_with_policy_id: Output<String>,
pub type_: Output<Option<String>>,
pub user_defined_fields: Output<Option<Vec<RegionSecurityPolicyUserDefinedField>>>,
}Fields§
§ddos_protection_config: Output<Option<RegionSecurityPolicyDdosProtectionConfig>>Configuration for Google Cloud Armor DDOS Proctection Config. Structure is documented below.
description: Output<Option<String>>An optional description of this resource. Provide this property when you create the resource.
fingerprint: Output<String>Fingerprint of this resource. This field is used internally during updates of this resource.
name: Output<String>Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
policy_id: Output<String>The unique identifier for the resource. This identifier is defined by the server.
project: Output<String>The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
region: Output<String>The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used.
rules: Output<Vec<RegionSecurityPolicyRule>>The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match “*”). If no rules are provided when creating a security policy, a default rule with action “allow” will be added. Structure is documented below.
self_link: Output<String>Server-defined URL for the resource.
self_link_with_policy_id: Output<String>Server-defined URL for this resource with the resource id.
type_: Output<Option<String>>The type indicates the intended use of the security policy.
- CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
- CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google’s cache.
- CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application.
This field can be set only at resource creation time.
Possible values are:
CLOUD_ARMOR,CLOUD_ARMOR_EDGE,CLOUD_ARMOR_NETWORK.
user_defined_fields: Output<Option<Vec<RegionSecurityPolicyUserDefinedField>>>Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Structure is documented below.