Skip to main content

security_policies_rule

Creates, updates, deletes, gets or lists a security_policies_rule resource.

Overview

Namesecurity_policies_rule
TypeResource
Idgoogle.compute.security_policies_rule

Fields

NameDatatypeDescription
descriptionstringAn optional description of this resource. Provide this property when you create the resource.
actionstringThe Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this.
headerActionobject
kindstring[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules
matchobjectRepresents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.
networkMatchobjectRepresents a match condition that incoming network traffic is evaluated against.
preconfiguredWafConfigobject
previewbooleanIf set to true, the specified action is not enforced.
priorityintegerAn integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
rateLimitOptionsobject
redirectOptionsobject

Methods

NameAccessible byRequired ParamsDescription
get_ruleSELECTproject, securityPolicyGets a rule at the specified priority.
add_ruleINSERTproject, securityPolicyInserts a rule into a security policy.
remove_ruleDELETEproject, securityPolicyDeletes a rule at the specified priority.

SELECT examples

Gets a rule at the specified priority.

SELECT
description,
action,
headerAction,
kind,
match,
networkMatch,
preconfiguredWafConfig,
preview,
priority,
rateLimitOptions,
redirectOptions
FROM google.compute.security_policies_rule
WHERE project = '{{ project }}'
AND securityPolicy = '{{ securityPolicy }}';

INSERT example

Use the following StackQL query and manifest file to create a new security_policies_rule resource.

/*+ create */
INSERT INTO google.compute.security_policies_rule (
project,
securityPolicy,
description,
priority,
match,
networkMatch,
action,
preview,
rateLimitOptions,
headerAction,
redirectOptions,
preconfiguredWafConfig
)
SELECT 
'{{ project }}',
'{{ securityPolicy }}',
'{{ description }}',
'{{ priority }}',
'{{ match }}',
'{{ networkMatch }}',
'{{ action }}',
{{ preview }},
'{{ rateLimitOptions }}',
'{{ headerAction }}',
'{{ redirectOptions }}',
'{{ preconfiguredWafConfig }}'
;

DELETE example

Deletes the specified security_policies_rule resource.

/*+ delete */
DELETE FROM google.compute.security_policies_rule
WHERE project = '{{ project }}'
AND securityPolicy = '{{ securityPolicy }}';