f5xc_alert_policy Resource - terraform-provider-f5xc
f5xc_alert_policy (Resource)
Section titled “f5xc_alert_policy (Resource)”Manages new Alert Policy Object. in F5 Distributed Cloud.
~> Note For more information about this resource, please refer to the F5 XC API Documentation.
Example Usage
Section titled “Example Usage”# Alert Policy Resource Example# Manages new Alert Policy Object. in F5 Distributed Cloud.
terraform { required_version = ">= 1.0"
required_providers { f5xc = { source = "f5xc-salesdemos/f5xc" version = ">= 0.1.0" } }}
# Basic Alert Policy configurationresource "f5xc_alert_policy" "example" { name = "example-alert-policy" namespace = "staging"
labels = { environment = "production" managed_by = "terraform" }
annotations = { "owner" = "platform-team" }
# Alert Policy configuration # Alert receivers receivers { name = "slack-receiver" namespace = "staging" }
# Alert routes routes { any {} send {} }
# Notification parameters notification_parameters { default {} group_wait = "30s" group_interval = "1m" }}Argument Reference
Section titled “Argument Reference”🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.
Metadata Argument Reference
Section titled “Metadata Argument Reference”• name - Required String
Name of the Alert Policy. Must be unique within the namespace
• namespace - Required String
Namespace where the Alert Policy will be created
• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
• description - Optional String
Human readable description for the object
• disable - Optional Bool
A value of true will administratively disable the object
• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering
Spec Argument Reference
Section titled “Spec Argument Reference”• notification_parameters - Optional Block Defaults to null
Set of notification parameters to decide how and when the alert notifications should be sent to the receivers
See Notification Parameters below for details.
• receivers - Optional Block
List of Alert Receivers where the alerts will be sent
See Receivers below for details.
• routes - Optional Block
Set of routes to match the incoming alert. The routes are evaluated in the specified order and terminates on the first match
See Routes below for details.
• timeouts - Optional Block
See Timeouts below for details.
Attributes Reference
Section titled “Attributes Reference”In addition to all arguments above, the following attributes are exported:
• id - Optional String
Unique identifier for the resource
Notification Parameters
Section titled “Notification Parameters”A notification_parameters block supports the following:
• custom - Optional Block
Specify list of custom labels to group/aggregate the alerts
See Custom below.
• default - Optional Block
Enable this option
• group_interval - Optional String
Group Interval is used to specify how long to wait before sending a notification about new alerts that are added to the group for which an initial notification has already been sent. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days If
not specified, group_interval
• group_wait - Optional String
Time value used to specify how long to initially wait for an inhibiting alert to arrive or collect more alerts for the same group. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days If not specified, group_wait defaults to ’30s’
• individual - Optional Block
Enable this option
• repeat_interval - Optional String
Repeat Interval is used to specify how long to wait before sending a notification again if it has already been sent successfully. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days If not specified, group_interval defaults to ‘4h’
• ves_io_group - Optional Block
Configuration parameter for ves io group
Notification Parameters Custom
Section titled “Notification Parameters Custom”A custom block (within notification_parameters) supports the following:
• labels - Optional List
Name of labels to group/aggregate the alerts
Receivers
Section titled “Receivers”A receivers block supports the following:
• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid
Routes
Section titled “Routes”A routes block supports the following:
• alertname - Optional String Defaults to SITE_CUSTOMER_TUNNEL_INTERFACE_DOWN
Possible values are SITE_CUSTOMER_TUNNEL_INTERFACE_DOWN, SITE_PHYSICAL_INTERFACE_DOWN, TUNNELS_TO_CUSTOMER_SITE_DOWN, SERVICE_SERVER_ERROR, SERVICE_CLIENT_ERROR, SERVICE_HEALTH_LOW, SERVICE_UNAVAILABLE, SERVICE_SERVER_ERROR_PER_SOURCE_SITE,
SERVICE_CLIENT_ERROR_PER_SOURCE_SITE, SERVICE_ENDPOINT_HEALTHCHECK_FAILURE, SYNTHETIC_MONITOR_HEALTH_CRITICAL, MALICIOUS_USER_DETECTED, WAF_TOO_MANY_ATTACKS, API_SECURITY_TOO_MANY_ATTACKS, SERVICE_POLICY_TOO_MANY_ATTACKS, WAF_TOO_MANY_MALICIOUS_BOTS, BOT_DEFENSE_TOO_MANY_SECURITY_EVENTS, THREAT_CAMPAIGN, VES_CLIENT_SIDE_DEFENSE_SUSPICIOUS_DOMAIN,
VES_CLIENT_SIDE_DEFENSE_SENSITIVE_FIELD_READ, TLS_AUTOMATIC_CERTIFICATE_RENEWAL_FAILURE, TLS_AUTOMATIC_CERTIFICATE_RENEWAL_STILL_FAILING, TLS_AUTOMATIC_CERTIFICATE_EXPIRED, TLS_CUSTOM_CERTIFICATE_EXPIRING, TLS_CUSTOM_CERTIFICATE_EXPIRING_SOON, TLS_CUSTOM_CERTIFICATE_EXPIRED, L7DDOS, DNS_ZONE_IGNORED_DUPLICATE_RECORD, API_SECURITY_UNUSED_API_DETECTED,
API_SECURITY_SHADOW_API_DETECTED, API_SECURITY_SENSITIVE_DATA_IN_RESPONSE_DETECTED, API_SECURITY_RISK_SCORE_HIGH_DETECTED, ROUTED_DDOS_ALERT_NOTIFICATION, ROUTED_DDOS_MITIGATION_NOTIFICATION
[Enum:
SITE_CUSTOMER_TUNNEL_INTERFACE_DOWN|SITE_PHYSICAL_INTERFACE_DOWN|TUNNELS_TO_CUSTOMER_SITE_DOWN|SERVICE_SERVER_ERROR|SERVICE_CLIENT_ERROR|SERVICE_HEALTH_LOW|SERVICE_UNAVAILABLE|SERVICE_SERVER_ERROR_PER_SOURCE_SITE|SERVICE_CLIENT_ERROR_PER_SOURCE_SITE|SERVICE_ENDPOINT_HEALTHCHECK_FAILURE|SYNTHETIC_MONITOR_HEALTH_CRITICAL|MALICIOUS_USER_DETECTED|WAF_TOO_MANY_ATTACKS|API_SECURITY_TOO_MANY_ATTACKS|SERVICE_POLICY_TOO_MANY_ATTACKS|WAF_TOO_MANY_MALICIOUS_BOTS|BOT_DEFENSE_TOO_MANY_SECURITY_EVENTS|THREAT_CAMPAIGN|VES_CLIENT_SIDE_DEFENSE_SUSPICIOUS_DOMAIN|VES_CLIENT_SIDE_DEFENSE_SENSITIVE_FIELD_READ|TLS_AUTOMATIC_CERTIFICATE_RENEWAL_FAILURE|TLS_AUTOMATIC_CERTIFICATE_RENEWAL_STILL_FAILING|TLS_AUTOMATIC_CERTIFICATE_EXPIRED|TLS_CUSTOM_CERTIFICATE_EXPIRING|TLS_CUSTOM_CERTIFICATE_EXPIRING_SOON|TLS_CUSTOM_CERTIFICATE_EXPIRED|L7DDOS|DNS_ZONE_IGNORED_DUPLICATE_RECORD|API_SECURITY_UNUSED_API_DETECTED|API_SECURITY_SHADOW_API_DETECTED|API_SECURITY_SENSITIVE_DATA_IN_RESPONSE_DETECTED|API_SECURITY_RISK_SCORE_HIGH_DETECTED|ROUTED_DDOS_ALERT_NOTIFICATION|ROUTED_DDOS_MITIGATION_NOTIFICATION]
List of Alert Names Customer tunnel interface down Physical Interface down Tunnel Interfaces to Customer Site Down Virutal Host server error Virtual Host client error Service Health Low Service Unavailable Virtual Host server error Virtual Host client error Endpoint Healthcheck failure Synthetic
• alertname_regex - Optional String
Regular Expression match for the alertname
• any - Optional Block
Enable this option
• custom - Optional Block
Set of matchers an alert has to fulfill to match the route
See Custom below.
• dont_send - Optional Block
Enable this option
• group - Optional Block
Select one or more known group names to match the incoming alert
See Group below.
• notification_parameters - Optional Block
Set of notification parameters to decide how and when the alert notifications should be sent to the receivers
See Notification Parameters below.
• send - Optional Block
Enable this option
• severity - Optional Block
Select one or more severity levels to match the incoming alert
See Severity below.
Routes Custom
Section titled “Routes Custom”A custom block (within routes) supports the following:
• alertlabel - Optional Block
AlertLabel to configure the alert policy rule
• alertname - Optional Block
Label Matcher
See Alertname below.
• group - Optional Block
Label Matcher
See Group below.
• severity - Optional Block
Label Matcher
See Severity below.
Routes Custom Alertname
Section titled “Routes Custom Alertname”An alertname block (within routes.custom) supports the following:
• exact_match - Optional String
Equality match value for the label
• regex_match - Optional String
Regular expression match value for the label
Routes Custom Group
Section titled “Routes Custom Group”A group block (within routes.custom) supports the following:
• exact_match - Optional String
Equality match value for the label
• regex_match - Optional String
Regular expression match value for the label
Routes Custom Severity
Section titled “Routes Custom Severity”A severity block (within routes.custom) supports the following:
• exact_match - Optional String
Equality match value for the label
• regex_match - Optional String
Regular expression match value for the label
Routes Group
Section titled “Routes Group”A group block (within routes) supports the following:
• groups - Optional List Defaults to INFRASTRUCTURE
Possible values are INFRASTRUCTURE, IAAS_CAAS, VIRTUAL_HOST, VOLT_SHARE, UAM, SECURITY, TIMESERIES_ANOMALY, SHAPE_SECURITY, SECURITY_CSD, CDN, SYNTHETIC_MONITORS, TLS, SECURITY_BOT_DEFENSE, CLOUD_LINK, DNS, ROUTED_DDOS
[Enum:
INFRASTRUCTURE|IAAS_CAAS|VIRTUAL_HOST|VOLT_SHARE|UAM|SECURITY|TIMESERIES_ANOMALY|SHAPE_SECURITY|SECURITY_CSD|CDN|SYNTHETIC_MONITORS|TLS|SECURITY_BOT_DEFENSE|CLOUD_LINK|DNS|ROUTED_DDOS] Groups. Name of groups to match the alert
Routes Notification Parameters
Section titled “Routes Notification Parameters”A notification_parameters block (within routes) supports the following:
• custom - Optional Block
Specify list of custom labels to group/aggregate the alerts
See Custom below.
• default - Optional Block
Enable this option
• group_interval - Optional String
Group Interval is used to specify how long to wait before sending a notification about new alerts that are added to the group for which an initial notification has already been sent. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days If not specified, group_interval
• group_wait - Optional String
Time value used to specify how long to initially wait for an inhibiting alert to arrive or collect more alerts for the same group. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days If not specified, group_wait defaults to ’30s’
• individual - Optional Block
Enable this option
• repeat_interval - Optional String
Repeat Interval is used to specify how long to wait before sending a notification again if it has already been sent successfully. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days If not specified, group_interval defaults to ‘4h’
• ves_io_group - Optional Block
Configuration parameter for ves io group
Routes Notification Parameters Custom
Section titled “Routes Notification Parameters Custom”A custom block (within routes.notification_parameters) supports the following:
• labels - Optional List
Name of labels to group/aggregate the alerts
Routes Severity
Section titled “Routes Severity”A severity block (within routes) supports the following:
• severities - Optional List Defaults to MINOR
Possible values are MINOR, MAJOR, CRITICAL
[Enum: MINOR|MAJOR|CRITICAL] Severities. List of severity levels
Timeouts
Section titled “Timeouts”A timeouts block supports the following:
• create - Optional String (Defaults to 10 minutes)
Used when creating the resource
• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource
• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource
• update - Optional String (Defaults to 10 minutes)
Used when updating the resource
Common Types
Section titled “Common Types”The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
Object Reference {#common-object-reference}
Section titled “Object Reference {#common-object-reference}”Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.
| Field | Type | Description |
|---|---|---|
name | String | Name of the referenced object |
namespace | String | Namespace containing the referenced object |
tenant | String | Tenant of the referenced object (system-managed) |
Transformers {#common-transformers}
Section titled “Transformers {#common-transformers}”Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
| Value | Description |
|---|---|
LOWER_CASE | Convert to lowercase |
UPPER_CASE | Convert to uppercase |
BASE64_DECODE | Decodebase64 content |
NORMALIZE_PATH | Normalize URL path |
REMOVE_WHITESPACE | Remove whitespace characters |
URL_DECODE | Decode URL-encoded characters |
TRIM_LEFT | Trim leading whitespace |
TRIM_RIGHT | Trim trailing whitespace |
TRIM | Trim both leading and trailing whitespace |
HTTP Methods {#common-http-methods}
Section titled “HTTP Methods {#common-http-methods}”HTTP methods used for request matching.
| Value | Description |
|---|---|
ANY | Match any HTTP method |
GET | HTTP GET request |
HEAD | HTTP HEAD request |
POST | HTTP POST request |
PUT | HTTP PUT request |
DELETE | HTTP DELETE request |
CONNECT | HTTP CONNECT request |
OPTIONS | HTTP OPTIONS request |
TRACE | HTTP TRACE request |
PATCH | HTTP PATCH request |
COPY | HTTP COPY request (WebDAV) |
TLS Fingerprints {#common-tls-fingerprints}
Section titled “TLS Fingerprints {#common-tls-fingerprints}”TLS fingerprint categories for malicious client detection.
| Value | Description |
|---|---|
TLS_FINGERPRINT_NONE | No fingerprint matching |
ANY_MALICIOUS_FINGERPRINT | Match any known malicious fingerprint |
ADWARE | Adware-associated fingerprints |
DRIDEX | Dridex malware fingerprints |
GOOTKIT | Gootkit malware fingerprints |
RANSOMWARE | Ransomware-associated fingerprints |
TRICKBOT | Trickbot malware fingerprints |
IP Threat Categories {#common-ip-threat-categories}
Section titled “IP Threat Categories {#common-ip-threat-categories}”IP address threat categories for security filtering.
| Value | Description |
|---|---|
SPAM_SOURCES | Known spam sources |
WINDOWS_EXPLOITS | Windows exploit sources |
WEB_ATTACKS | Web attack sources |
BOTNETS | Known botnet IPs |
SCANNERS | Network scanner IPs |
REPUTATION | Poor reputation IPs |
PHISHING | Phishing-related IPs |
PROXY | Anonymous proxy IPs |
MOBILE_THREATS | Mobile threat sources |
TOR_PROXY | Tor exit nodes |
DENIAL_OF_SERVICE | DoS attack sources |
NETWORK | Known bad network ranges |
Import
Section titled “Import”Import is supported using the following syntax:
# Import using namespace/name formatterraform import f5xc_alert_policy.example system/example