powerplatform_data_loss_prevention_policy (Resource)
This resource manages a Data Loss Prevention Policy. See Data Loss Prevention for more information.
Example Usage
terraform {
required_providers {
powerplatform = {
source = "microsoft/power-platform"
}
}
}
provider "powerplatform" {
use_cli = true
}
data "powerplatform_connectors" "all_connectors" {}
locals {
business_connectors = toset([
{
action_rules = [
{
action_id = "DeleteItem_V2"
behavior = "Block"
},
{
action_id = "ExecutePassThroughNativeQuery_V2"
behavior = "Block"
},
]
default_action_rule_behavior = "Allow"
endpoint_rules = [
{
behavior = "Allow"
endpoint = "contoso.com"
order = 1
},
{
behavior = "Deny"
endpoint = "*"
order = 2
},
]
id = "/providers/Microsoft.PowerApps/apis/shared_sql"
},
{
action_rules = []
default_action_rule_behavior = ""
endpoint_rules = []
id = "/providers/Microsoft.PowerApps/apis/shared_approvals"
},
{
action_rules = []
default_action_rule_behavior = ""
endpoint_rules = []
id = "/providers/Microsoft.PowerApps/apis/shared_cloudappsecurity"
}
])
non_business_connectors = toset([for conn
in data.powerplatform_connectors.all_connectors.connectors :
{
id = conn.id
name = conn.name
default_action_rule_behavior = ""
action_rules = [],
endpoint_rules = []
}
if conn.unblockable == true && !contains([for bus_conn in local.business_connectors : bus_conn.id], conn.id)
])
blocked_connectors = toset([for conn
in data.powerplatform_connectors.all_connectors.connectors :
{
id = conn.id
default_action_rule_behavior = ""
action_rules = [],
endpoint_rules = []
}
if conn.unblockable == false && !contains([for bus_conn in local.business_connectors : bus_conn.id], conn.id)])
}
resource "powerplatform_data_loss_prevention_policy" "my_policy" {
display_name = "Block All Policy"
default_connectors_classification = "Blocked"
environment_type = "AllEnvironments"
environments = []
business_connectors = local.business_connectors
non_business_connectors = local.non_business_connectors
blocked_connectors = local.blocked_connectors
custom_connectors_patterns = toset([
{
order = 1
host_url_pattern = "https://*.contoso.com"
data_group = "Blocked"
},
{
order = 2
host_url_pattern = "*"
data_group = "Ignore"
}
])
}
Schema
Required
blocked_connectors(Attributes Set) Blocked connectors can’t be used where this policy is applied. (see below for nested schema)business_connectors(Attributes Set) Connectors for sensitive data (see below for nested schema)custom_connectors_patterns(Attributes Set) Custom connectors patterns (see below for nested schema)default_connectors_classification(String) Default classification for connectors ("General", "Confidential", "Blocked")display_name(String) Display name of the policyenvironment_type(String) Default environment handling for the policy ("AllEnvironments", "ExceptEnvironments", "OnlyEnvironments")non_business_connectors(Attributes Set) Connectors for non-sensitive data (see below for nested schema)
Optional
environments(Set of String) Environment to which the policy is applied
Read-Only
created_by(String) User who created the policycreated_time(String) Time when the policy was createdid(String) Unique name of the policylast_modified_by(String) User who last modified the policylast_modified_time(String) Time when the policy was last modified
Nested Schema for blocked_connectors
Optional:
action_rules(Attributes List) Action rules for the connector (see below for nested schema)default_action_rule_behavior(String) Default action rule behavior for the connector ("Allow", "Block")endpoint_rules(Attributes List) Endpoint rules for the connector (see below for nested schema)id(String) ID of the connector
Nested Schema for blocked_connectors.action_rules
Required:
action_id(String) ID of the action rulebehavior(String) Behavior of the action rule ("Allow", "Block")
Nested Schema for blocked_connectors.endpoint_rules
Required:
behavior(String) Behavior of the endpoint rule ("Allow", "Deny")endpoint(String) Endpoint of the endpoint ruleorder(Number) Order of the endpoint rule
Nested Schema for business_connectors
Optional:
action_rules(Attributes List) Action rules for the connector (see below for nested schema)default_action_rule_behavior(String) Default action rule behavior for the connector ("Allow", "Block")endpoint_rules(Attributes List) Endpoint rules for the connector (see below for nested schema)id(String) ID of the connector
Nested Schema for business_connectors.action_rules
Required:
action_id(String) ID of the action rulebehavior(String) Behavior of the action rule ("Allow", "Block")
Nested Schema for business_connectors.endpoint_rules
Required:
behavior(String) Behavior of the endpoint rule ("Allow", "Deny")endpoint(String) Endpoint of the endpoint ruleorder(Number) Order of the endpoint rule
Nested Schema for custom_connectors_patterns
Required:
data_group(String) Data group of the connector ("Business", "NonBusiness", "Blocked", "Ignore")host_url_pattern(String) Pattern of the connectororder(Number) Order of the connector
Nested Schema for non_business_connectors
Optional:
action_rules(Attributes List) Action rules for the connector (see below for nested schema)default_action_rule_behavior(String) Default action rule behavior for the connector ("Allow", "Block")endpoint_rules(Attributes List) Endpoint rules for the connector (see below for nested schema)id(String) ID of the connector
Nested Schema for non_business_connectors.action_rules
Required:
action_id(String) ID of the action rulebehavior(String) Behavior of the action rule ("Allow", "Block")
Nested Schema for non_business_connectors.endpoint_rules
Required:
behavior(String) Behavior of the endpoint rule ("Allow", "Deny")endpoint(String) Endpoint of the endpoint ruleorder(Number) Order of the endpoint rule