powerplatform_data_loss_prevention_policy (Resource)
This resource manages a Data Loss Prevention Policy. See Data Loss Prevention for more information.
Example Usage
terraform {
required_providers {
powerplatform = {
source = "microsoft/power-platform"
}
}
}
provider "powerplatform" {
use_cli = true
}
data "powerplatform_connectors" "all_connectors" {}
locals {
business_connectors = toset([
{
action_rules = [
{
action_id = "DeleteItem_V2"
behavior = "Block"
},
{
action_id = "ExecutePassThroughNativeQuery_V2"
behavior = "Block"
},
]
default_action_rule_behavior = "Allow"
endpoint_rules = [
{
behavior = "Allow"
endpoint = "contoso.com"
order = 1
},
{
behavior = "Deny"
endpoint = "*"
order = 2
},
]
id = "/providers/Microsoft.PowerApps/apis/shared_sql"
},
{
action_rules = []
default_action_rule_behavior = ""
endpoint_rules = []
id = "/providers/Microsoft.PowerApps/apis/shared_approvals"
},
{
action_rules = []
default_action_rule_behavior = ""
endpoint_rules = []
id = "/providers/Microsoft.PowerApps/apis/shared_cloudappsecurity"
}
])
non_business_connectors = toset([for conn
in data.powerplatform_connectors.all_connectors.connectors :
{
id = conn.id
name = conn.name
default_action_rule_behavior = ""
action_rules = [],
endpoint_rules = []
}
if conn.unblockable == true && !contains([for bus_conn in local.business_connectors : bus_conn.id], conn.id)
])
blocked_connectors = toset([for conn
in data.powerplatform_connectors.all_connectors.connectors :
{
id = conn.id
default_action_rule_behavior = ""
action_rules = [],
endpoint_rules = []
}
if conn.unblockable == false && !contains([for bus_conn in local.business_connectors : bus_conn.id], conn.id)])
}
resource "powerplatform_data_loss_prevention_policy" "my_policy" {
display_name = "Block All Policy"
default_connectors_classification = "Blocked"
environment_type = "AllEnvironments"
environments = []
business_connectors = local.business_connectors
non_business_connectors = local.non_business_connectors
blocked_connectors = local.blocked_connectors
custom_connectors_patterns = toset([
{
order = 1
host_url_pattern = "https://*.contoso.com"
data_group = "Blocked"
},
{
order = 2
host_url_pattern = "*"
data_group = "Ignore"
}
])
}
Schema
Required
blocked_connectors
(Attributes Set) Blocked connectors can’t be used where this policy is applied. (see below for nested schema)business_connectors
(Attributes Set) Connectors for sensitive data (see below for nested schema)custom_connectors_patterns
(Attributes Set) Custom connectors patterns (see below for nested schema)default_connectors_classification
(String) Default classification for connectors ("General", "Confidential", "Blocked")display_name
(String) Display name of the policyenvironment_type
(String) Default environment handling for the policy ("AllEnvironments", "ExceptEnvironments", "OnlyEnvironments")non_business_connectors
(Attributes Set) Connectors for non-sensitive data (see below for nested schema)
Optional
environments
(Set of String) Environment to which the policy is appliedtimeouts
(Attributes) (see below for nested schema)
Read-Only
created_by
(String) User who created the policycreated_time
(String) Time when the policy was createdid
(String) Unique name of the policylast_modified_by
(String) User who last modified the policylast_modified_time
(String) Time when the policy was last modified
Nested Schema for blocked_connectors
Optional:
action_rules
(Attributes List) Action rules for the connector (see below for nested schema)default_action_rule_behavior
(String) Default action rule behavior for the connector ("Allow", "Block")endpoint_rules
(Attributes List) Endpoint rules for the connector (see below for nested schema)id
(String) ID of the connector
Nested Schema for blocked_connectors.action_rules
Required:
action_id
(String) ID of the action rulebehavior
(String) Behavior of the action rule ("Allow", "Block")
Nested Schema for blocked_connectors.endpoint_rules
Required:
behavior
(String) Behavior of the endpoint rule ("Allow", "Deny")endpoint
(String) Endpoint of the endpoint ruleorder
(Number) Order of the endpoint rule
Nested Schema for business_connectors
Optional:
action_rules
(Attributes List) Action rules for the connector (see below for nested schema)default_action_rule_behavior
(String) Default action rule behavior for the connector ("Allow", "Block")endpoint_rules
(Attributes List) Endpoint rules for the connector (see below for nested schema)id
(String) ID of the connector
Nested Schema for business_connectors.action_rules
Required:
action_id
(String) ID of the action rulebehavior
(String) Behavior of the action rule ("Allow", "Block")
Nested Schema for business_connectors.endpoint_rules
Required:
behavior
(String) Behavior of the endpoint rule ("Allow", "Deny")endpoint
(String) Endpoint of the endpoint ruleorder
(Number) Order of the endpoint rule
Nested Schema for custom_connectors_patterns
Required:
data_group
(String) Data group of the connector ("Business", "NonBusiness", "Blocked", "Ignore")host_url_pattern
(String) Pattern of the connectororder
(Number) Order of the connector
Nested Schema for non_business_connectors
Optional:
action_rules
(Attributes List) Action rules for the connector (see below for nested schema)default_action_rule_behavior
(String) Default action rule behavior for the connector ("Allow", "Block")endpoint_rules
(Attributes List) Endpoint rules for the connector (see below for nested schema)id
(String) ID of the connector
Nested Schema for non_business_connectors.action_rules
Required:
action_id
(String) ID of the action rulebehavior
(String) Behavior of the action rule ("Allow", "Block")
Nested Schema for non_business_connectors.endpoint_rules
Required:
behavior
(String) Behavior of the endpoint rule ("Allow", "Deny")endpoint
(String) Endpoint of the endpoint ruleorder
(Number) Order of the endpoint rule
Nested Schema for timeouts
Optional:
create
(String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).delete
(String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.read
(String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.update
(String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).