Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

yandex_sws_security_profile (Data Source)

Written by
Updated at September 11, 2025

Get information about SecurityProfile. For more information, see the official documentation.

This data source is used to define SecurityProfile that can be used by other resources.

Warning

One of security_profile_id or name should be specified.

Example usage

//
// Get information about existing SWS Security Profile.
//
data "yandex_sws_security_profile" "by-id" {
  security_profile_id = yandex_sws_security_profile.my-profile.id
}

data "yandex_sws_security_profile" "by-name" {
  name = yandex_sws_security_profile.my-profile.name
}

Schema

Optional

  • cloud_id (String) The Cloud ID which resource belongs to. If it is not provided, the default provider cloud-id is used.
  • folder_id (String) The folder identifier that resource belongs to. If it is not provided, the default provider folder-id is used.
  • name (String) The resource name.
  • security_profile_id (String) ID of the security profile.

Read-Only

  • advanced_rate_limiter_profile_id (String) Advanced rate limiter profile ID to use with this security profile. Set empty to use default.
  • analyze_request_body (List of Object) (see below for nested schema)
  • captcha_id (String) Captcha ID to use with this security profile. Set empty to use default.
  • created_at (String) The creation timestamp of the resource.
  • default_action (String) Action to perform if none of rules matched. Possible values: ALLOW or DENY.
  • description (String) The resource description.
  • id (String) The ID of this resource.
  • labels (Map of String) A set of key/value label pairs which assigned to resource.
  • security_rule (List of Object) List of security rules. (see below for nested schema)

Nested Schema for analyze_request_body

Read-Only:

  • size_limit (Number)
  • size_limit_action (String)

Nested Schema for security_rule

Read-Only:

  • description (String) Optional description of the rule. 0-512 characters long.

  • dry_run (Boolean) This mode allows you to test your security profile or a single rule.

  • name (String) Name of the rule. The name is unique within the security profile. 1-50 characters long.

  • priority (Number) Determines the priority for checking the incoming traffic.

  • rule_condition (Block List, Max: 1) Rule actions, see Rule actions. (see below for nested schema)

  • smart_protection (Block List, Max: 1) Smart Protection rule, see Smart Protection rules. (see below for nested schema)

  • waf (Block List, Max: 1) Web Application Firewall (WAF) rule, see WAF rules. (see below for nested schema)

Nested Schema for security_rule.rule_condition

Read-Only:

  • action (String) Action to perform if this rule matched. Possible values: ALLOW or DENY.

  • condition (Block List, Max: 1) The condition for matching the rule. You can find all possibilities of condition in gRPC specs. (see below for nested schema)

Nested Schema for security_rule.rule_condition.condition

Read-Only:

Nested Schema for security_rule.rule_condition.condition.authority

Read-Only:

Nested Schema for security_rule.rule_condition.condition.source_ip.authorities

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.rule_condition.condition.headers

Read-Only:

Nested Schema for security_rule.rule_condition.condition.source_ip.value

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.rule_condition.condition.http_method

Read-Only:

Nested Schema for security_rule.rule_condition.condition.source_ip.http_methods

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.rule_condition.condition.request_uri

Read-Only:

Nested Schema for security_rule.rule_condition.condition.source_ip.path

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.rule_condition.condition.source_ip.queries

Read-Only:

Nested Schema for security_rule.rule_condition.condition.source_ip.queries.value

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.rule_condition.condition.source_ip

Read-Only:

Nested Schema for security_rule.rule_condition.condition.source_ip.geo_ip_match

Read-Only:

  • locations (List of String)

Nested Schema for security_rule.rule_condition.condition.source_ip.geo_ip_not_match

Read-Only:

  • locations (List of String)

Nested Schema for security_rule.rule_condition.condition.source_ip.ip_ranges_match

Read-Only:

  • ip_ranges (List of String)

Nested Schema for security_rule.rule_condition.condition.source_ip.ip_ranges_not_match

Read-Only:

  • ip_ranges (List of String)

Nested Schema for security_rule.smart_protection

Read-Only:

  • condition (Block List, Max: 1) The condition for matching the rule. You can find all possibilities of condition in gRPC specs. (see below for nested schema)

  • mode (String) Mode of protection. Possible values: FULL (full protection means that the traffic will be checked based on ML models and behavioral analysis, with suspicious requests being sent to SmartCaptcha) or API (API protection means checking the traffic based on ML models and behavioral analysis without sending suspicious requests to SmartCaptcha. The suspicious requests will be blocked).

Nested Schema for security_rule.smart_protection.condition

Read-Only:

Nested Schema for security_rule.smart_protection.condition.authority

Read-Only:

Nested Schema for security_rule.smart_protection.condition.source_ip.authorities

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.smart_protection.condition.headers

Read-Only:

Nested Schema for security_rule.smart_protection.condition.source_ip.value

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.smart_protection.condition.http_method

Read-Only:

Nested Schema for security_rule.smart_protection.condition.source_ip.http_methods

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.smart_protection.condition.request_uri

Read-Only:

Nested Schema for security_rule.smart_protection.condition.source_ip.path

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.smart_protection.condition.source_ip.queries

Read-Only:

Nested Schema for security_rule.smart_protection.condition.source_ip.queries.value

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.smart_protection.condition.source_ip

Read-Only:

Nested Schema for security_rule.smart_protection.condition.source_ip.geo_ip_match

Read-Only:

  • locations (List of String)

Nested Schema for security_rule.smart_protection.condition.source_ip.geo_ip_not_match

Read-Only:

  • locations (List of String)

Nested Schema for security_rule.smart_protection.condition.source_ip.ip_ranges_match

Read-Only:

  • ip_ranges (List of String)

Nested Schema for security_rule.smart_protection.condition.source_ip.ip_ranges_not_match

Read-Only:

  • ip_ranges (List of String)

Nested Schema for security_rule.waf

Read-Only:

  • condition (Block List, Max: 1) The condition for matching the rule. You can find all possibilities of condition in gRPC specs. (see below for nested schema)

  • mode (String) Mode of protection. Possible values: FULL (full protection means that the traffic will be checked based on ML models and behavioral analysis, with suspicious requests being sent to SmartCaptcha) or API (API protection means checking the traffic based on ML models and behavioral analysis without sending suspicious requests to SmartCaptcha. The suspicious requests will be blocked).

  • waf_profile_id (String) ID of WAF profile to use in this rule.

Nested Schema for security_rule.waf.condition

Read-Only:

Nested Schema for security_rule.waf.condition.authority

Read-Only:

Nested Schema for security_rule.waf.condition.source_ip.authorities

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.waf.condition.headers

Read-Only:

Nested Schema for security_rule.waf.condition.source_ip.value

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.waf.condition.http_method

Read-Only:

Nested Schema for security_rule.waf.condition.source_ip.http_methods

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.waf.condition.request_uri

Read-Only:

Nested Schema for security_rule.waf.condition.source_ip.path

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.waf.condition.source_ip.queries

Read-Only:

Nested Schema for security_rule.waf.condition.source_ip.queries.value

Read-Only:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for security_rule.waf.condition.source_ip

Read-Only:

Nested Schema for security_rule.waf.condition.source_ip.geo_ip_match

Read-Only:

  • locations (List of String)

Nested Schema for security_rule.waf.condition.source_ip.geo_ip_not_match

Read-Only:

  • locations (List of String)

Nested Schema for security_rule.waf.condition.source_ip.ip_ranges_match

Read-Only:

  • ip_ranges (List of String)

Nested Schema for security_rule.waf.condition.source_ip.ip_ranges_not_match

Read-Only:

  • ip_ranges (List of String)
Previous
sws_advanced_rate_limiter_profile
Next
sws_waf_profile