yandex_sws_security_profile (Data Source)

Get information about SecurityProfile. For more information, see the official documentation.

This data source is used to define SecurityProfile that can be used by other resources.

~> One of security_profile_id or name should be specified.

Example usageExample usage

//
// Get information about existing SWS Security Profile.
//
data "yandex_sws_security_profile" "by-id" {
  security_profile_id = yandex_sws_security_profile.my-profile.id
}

data "yandex_sws_security_profile" "by-name" {
  name = yandex_sws_security_profile.my-profile.name
}

SchemaSchema

OptionalOptional

• cloud_id (String) The Cloud ID which resource belongs to. If it is not provided, the default provider cloud-id is used.
• folder_id (String) The folder identifier that resource belongs to. If it is not provided, the default provider folder-id is used.
• name (String) The resource name.
• security_profile_id (String) ID of the security profile.

Read-OnlyRead-Only

• advanced_rate_limiter_profile_id (String) Advanced rate limiter profile ID to use with this security profile. Set empty to use default.
• captcha_id (String) Captcha ID to use with this security profile. Set empty to use default.
• created_at (String) The creation timestamp of the resource.
• default_action (String) Action to perform if none of rules matched. Possible values: ALLOW or DENY.
• description (String) The resource description.
• id (String) The ID of this resource.
• labels (Map of String) A set of key/value label pairs which assigned to resource.
• security_rule (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule

Read-Only:

• description (String) Optional description of the rule. 0-512 characters long.

• dry_run (Boolean) This mode allows you to test your security profile or a single rule.

• name (String) Name of the rule. The name is unique within the security profile. 1-50 characters long.

• priority (Number) Determines the priority for checking the incoming traffic.

• rule_condition (Block List, Max: 1) Rule actions, see Rule actions. (see below for nested schema)

• smart_protection (Block List, Max: 1) Smart Protection rule, see Smart Protection rules. (see below for nested schema)

• waf (Block List, Max: 1) Web Application Firewall (WAF) rule, see WAF rules. (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition

Read-Only:

• action (String) Action to perform if this rule matched. Possible values: ALLOW or DENY.

• condition (Block List, Max: 1) The condition for matching the rule. You can find all possibilities of condition in gRPC specs. (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition.condition

Read-Only:

• authority (List of Object) (see below for nested schema)
• headers (List of Object) (see below for nested schema)
• http_method (List of Object) (see below for nested schema)
• request_uri (List of Object) (see below for nested schema)
• source_ip (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.authority

Read-Only:

• authorities (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.authorities

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.headers

Read-Only:

• name (String)
• value (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.value

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.http_method

Read-Only:

• http_methods (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.http_methods

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.request_uri

Read-Only:

• path (List of Object) (see below for nested schema)
• queries (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.path

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.queries

Read-Only:

• key (String)
• value (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.queries.value

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip

Read-Only:

• geo_ip_match (List of Object) (see below for nested schema)
• geo_ip_not_match (List of Object) (see below for nested schema)
• ip_ranges_match (List of Object) (see below for nested schema)
• ip_ranges_not_match (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.geo_ip_match

Read-Only:

• locations (List of String)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.geo_ip_not_match

Read-Only:

• locations (List of String)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.ip_ranges_match

Read-Only:

• ip_ranges (List of String)

Nested Schema for Nested Schema for security_rule.rule_condition.condition.source_ip.ip_ranges_not_match

Read-Only:

• ip_ranges (List of String)

Nested Schema for Nested Schema for security_rule.smart_protection

Read-Only:

• condition (Block List, Max: 1) The condition for matching the rule. You can find all possibilities of condition in gRPC specs. (see below for nested schema)

• mode (String) Mode of protection. Possible values: FULL (full protection means that the traffic will be checked based on ML models and behavioral analysis, with suspicious requests being sent to SmartCaptcha) or API (API protection means checking the traffic based on ML models and behavioral analysis without sending suspicious requests to SmartCaptcha. The suspicious requests will be blocked).

Nested Schema for Nested Schema for security_rule.smart_protection.condition

Read-Only:

• authority (List of Object) (see below for nested schema)
• headers (List of Object) (see below for nested schema)
• http_method (List of Object) (see below for nested schema)
• request_uri (List of Object) (see below for nested schema)
• source_ip (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.authority

Read-Only:

• authorities (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.authorities

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.headers

Read-Only:

• name (String)
• value (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.value

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.http_method

Read-Only:

• http_methods (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.http_methods

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.request_uri

Read-Only:

• path (List of Object) (see below for nested schema)
• queries (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.path

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.queries

Read-Only:

• key (String)
• value (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.queries.value

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip

Read-Only:

• geo_ip_match (List of Object) (see below for nested schema)
• geo_ip_not_match (List of Object) (see below for nested schema)
• ip_ranges_match (List of Object) (see below for nested schema)
• ip_ranges_not_match (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.geo_ip_match

Read-Only:

• locations (List of String)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.geo_ip_not_match

Read-Only:

• locations (List of String)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.ip_ranges_match

Read-Only:

• ip_ranges (List of String)

Nested Schema for Nested Schema for security_rule.smart_protection.condition.source_ip.ip_ranges_not_match

Read-Only:

• ip_ranges (List of String)

Nested Schema for Nested Schema for security_rule.waf

Read-Only:

• condition (Block List, Max: 1) The condition for matching the rule. You can find all possibilities of condition in gRPC specs. (see below for nested schema)

• mode (String) Mode of protection. Possible values: FULL (full protection means that the traffic will be checked based on ML models and behavioral analysis, with suspicious requests being sent to SmartCaptcha) or API (API protection means checking the traffic based on ML models and behavioral analysis without sending suspicious requests to SmartCaptcha. The suspicious requests will be blocked).

• waf_profile_id (String) ID of WAF profile to use in this rule.

Nested Schema for Nested Schema for security_rule.waf.condition

Read-Only:

• authority (List of Object) (see below for nested schema)
• headers (List of Object) (see below for nested schema)
• http_method (List of Object) (see below for nested schema)
• request_uri (List of Object) (see below for nested schema)
• source_ip (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.waf.condition.authority

Read-Only:

• authorities (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.authorities

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.waf.condition.headers

Read-Only:

• name (String)
• value (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.value

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.waf.condition.http_method

Read-Only:

• http_methods (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.http_methods

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.waf.condition.request_uri

Read-Only:

• path (List of Object) (see below for nested schema)
• queries (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.path

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.queries

Read-Only:

• key (String)
• value (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.queries.value

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip

Read-Only:

• geo_ip_match (List of Object) (see below for nested schema)
• geo_ip_not_match (List of Object) (see below for nested schema)
• ip_ranges_match (List of Object) (see below for nested schema)
• ip_ranges_not_match (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.geo_ip_match

Read-Only:

• locations (List of String)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.geo_ip_not_match

Read-Only:

• locations (List of String)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.ip_ranges_match

Read-Only:

• ip_ranges (List of String)

Nested Schema for Nested Schema for security_rule.waf.condition.source_ip.ip_ranges_not_match

Read-Only:

• ip_ranges (List of String)