GuideReference
Guide

Protected operations

akamai_apr_protected_operations

Suggest Edits

📘

Hello. Just a note to let you know the underlying API on which this resource is built is general release and has been vetted, but because this is a new feature for our Terraform provider, we've given it beta label.

This status just means we've paused for a bit to get your feedback to make sure this resource works like you need and expect.

Create, update, or delete protected API operations. To delete an operation, run terraform destroy.

resource "akamai_apr_protected_operations" "my_protected_operations" {
  config_id           = 12345
  security_policy_id  = "abcd_123456"
  operation_id        = "12a3bc4d-5678-9ef0-g12h-3i4jklm5no67"
  protected_operation = file("${path.module}/protected-operation.json")
}

my_protected_operations = {
  config_id          = 12345
  id                 = "12345:abcd_123456"
  json               = jsonencode(
    {
      metadata   = {
        configId         = 12345
        configVersion    = 1
        securityPolicyId = "abcd_123456"
      }
      operations = [
        {
          apiEndPointId          = 408126
          operationId            = "12a3bc4d-5678-9ef0-g12h-3i4jklm5no67"
          protectedOperationLink = "/appsec/v1/configs/12345/versions/1/security-policies/abcd_123456/transactional-endpoints/account-protection/123a456b-c78d-9e0f-g1h2-3456789012i3"
          telemetryTypeStates    = {
            inline    = {
              ajaxSupportEnabled = false
              disabledAction     = "monitor"
              enabled            = false
            }
            nativeSdk = {
              ajaxSupportEnabled = false
              disabledAction     = "monitor"
              enabled            = false
            }
            standard  = {
              ajaxSupportEnabled = false
              disabledAction     = "monitor"
              enabled            = true
            }
          }
          traffic                = {
              inline   = {
                aggressive         = {
                  action = "monitor"
                }
                cautious           = {
                  action = "monitor"
                }
                overrideThresholds = false
                strict             = {
                  action = "monitor"
                }
              }
              standard = {
                aggressive         = {
                  action = "deny"
                }
                cautious           = {
                  action = "monitor"
                }
                overrideThresholds = false
                strict             = {
                  action = "monitor"
                }
              }
          }
        },
      ]
    }
  )
  operation_id       = null
  security_policy_id = "abcd_123456"
}

Arguments

Pass all required arguments to get information about your protected API operations. Provide an operation's ID to limit the return.

ArgumentRequiredDescription
config_id✔️Your security configuration's ID.
security_policy_id✔️Your security policy's ID.
operation_idAn API operation's ID.
protected_operationA JSON object containing details about the operation to protect. See Protected operation JSON for the schema.
Note: Use the Bot Manager <a href="doc:bmgr-ds-transactional-endpoint>Transactional endpoint data source to get your operation's settings.

Protected operations JSON

Your protected operations's details.

Parameter Description
apiEndPointId An endpoint's ID.
operationId An API operation's ID.
telemetryTypeStates An object that contains the operation's types of telemetry, their enablement statuses, and their actions and thresholds. These telemetry types are available:
  • inline. Collects incoming inline telemetry traffic.
  • nativeSdk. Collects incoming SDK telemetry traffic.
  • standard. Collects incoming standard telemetry traffic.
For each telemetry type, you can set these attributes:
  • ajaxSupportEnabled. Whether to use AJAX for challenge actions.
  • enabled. Required. Whether to include inline telemetry.
  • disabledAction. Conditionally required. If enabled is false, provide an action to take on unexpected traffic. Possible actions are:
    • deny
    • monitor
    • tarpit
    • delay
    • slow
    • none
    • custom
traffic The types of traffic to take action upon. These types of traffic are available:
  • inline. Attaches user telemetry directly to the protected request without using a first-party cookie. If you set the threshold override to true, don't pass threshold.
  • nativeSdkAndroid. Attaches telemetry traffic directly from a native Android mobile application. If you set the threshold override to true, don't pass threshold.
  • nativeSdkIos. Attaches telemetry traffic directly from a native iOS mobile application. If you set the threshold override to true, don't pass threshold.
  • standard. Uses first-party cookies to associate and transmit user behavior data. If you set the threshold override to true, don't pass threshold.
For each traffic type, you can set these attributes:
  • aggressive. Aggressive response settings object. Contains:
    • threshold. The point at which to trigger the response action. Set to a default of90 with an available range of 2-100.
    • action. The action to take once the threshold is triggered. Possible actions are:
      • deny
      • monitor
      • tarpit
      • delay
      • slow
      • none
      • custom
    • overrideThresholds. Whether to override threshold scores. Used when you want to customize actions on an endpoint.
  • cautious. Cautious response settings object Contains:
    • threshold. The point at which to trigger the response action with an available range of 0-98.
    • action. The action to take once the threshold is triggered. Possible actions are:
      • deny
      • monitor
      • tarpit
      • delay
      • slow
      • none
      • custom
    • overrideThresholds. Whether to override threshold scores. Used when you want to customize actions on an endpoint.
  • strict. Strict response settings object. Contains:
    • threshold The point at which to trigger the response action. Set to a default of 50. Available range is 1-99.
    • action. The action to take once the threshold is triggered. Possible actions are:
      • deny
      • monitor
      • tarpit
      • delay
      • slow
      • none
      • custom
    • overrideThresholds. Whether to override threshold scores. Used when you want to customize actions on an endpoint.

Attributes

There is no standard output for this resource as changes are reflected in your state file.

The attributes for this resource mirror the arguments with one addition, a protectedOperationLink. The value of this is a GET endpoint you can use to retrieve information about your protected operations.

Updated 2 months ago