Skip to main content

Manage Alert Profiles with Terraform

This topic provides a foundational overview for using Terraform to configure and manage Lacework alert profiles.

For organizations that have adopted Hashicorp Terraform for automation, Lacework maintains the following open source projects on the Terraform Registry for automating the Lacework platform. The Terraform provider offers a growing collection of custom resources to manage the configuration of the Lacework platform. If you are new to the Terraform provider for Lacework, read the Terraform for Lacework Overview.

About Lacework Alert Profiles

An alert profile is a set of metadata that defines how your LQL queries get consumed into alerts. See the Alert Profile Overview for more details.

Configuring Alert Profiles with Terraform

The alert profile resource accepts the following properties:

  • name - (Required) The alert profile name uniquely identifies the profile. It cannot start with 'LW_' as this is reserved for Lacework profiles.
  • extends - (Required) The name of the existing alert profile that this profile extends.
  • alert - (Required) The list of alert templates. See Alert below for details.

Alert

alert supports the following arguments:

  • name - (Required) The name that policies use to refer to this template when generating alerts.
  • event_name - (Required) The name of the resulting alert.
  • description - (Required) The summary of the resulting alert.
  • subject - (Required) A high-level observation of the resulting alert.
resource "lacework_alert_profile" "example" {
  name    = "CUSTOM_PROFILE_TERRAFORM_TEST"
  extends = "LW_CFG_GCP_DEFAULT_PROFILE"

  alert {
    name        = "Violation"
    event_name  = "LW Configuration GCP Violation Alert"
    subject     = "{{_OCCURRENCE}} violation detected in project {{PROJECT_ID}}"
    description = var.alert_description
  }
}

See additional information on the lacework_alert_profile resource at Terraform Registry.