1. Packages
  2. Auth0 Provider
  3. API Docs
  4. AttackProtection
Auth0 v3.8.3 published on Wednesday, Nov 6, 2024 by Pulumi

auth0.AttackProtection

Explore with Pulumi AI

auth0 logo
Auth0 v3.8.3 published on Wednesday, Nov 6, 2024 by Pulumi

    Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHAs.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const myProtection = new auth0.AttackProtection("my_protection", {
        suspiciousIpThrottling: {
            enabled: true,
            shields: [
                "admin_notification",
                "block",
            ],
            allowlists: ["192.168.1.1"],
            preLogin: {
                maxAttempts: 100,
                rate: 864000,
            },
            preUserRegistration: {
                maxAttempts: 50,
                rate: 1200,
            },
        },
        bruteForceProtection: {
            allowlists: ["127.0.0.1"],
            enabled: true,
            maxAttempts: 5,
            mode: "count_per_identifier_and_ip",
            shields: [
                "block",
                "user_notification",
            ],
        },
        breachedPasswordDetection: {
            adminNotificationFrequencies: ["daily"],
            enabled: true,
            method: "standard",
            shields: [
                "admin_notification",
                "block",
            ],
            preUserRegistration: {
                shields: ["block"],
            },
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    my_protection = auth0.AttackProtection("my_protection",
        suspicious_ip_throttling={
            "enabled": True,
            "shields": [
                "admin_notification",
                "block",
            ],
            "allowlists": ["192.168.1.1"],
            "pre_login": {
                "max_attempts": 100,
                "rate": 864000,
            },
            "pre_user_registration": {
                "max_attempts": 50,
                "rate": 1200,
            },
        },
        brute_force_protection={
            "allowlists": ["127.0.0.1"],
            "enabled": True,
            "max_attempts": 5,
            "mode": "count_per_identifier_and_ip",
            "shields": [
                "block",
                "user_notification",
            ],
        },
        breached_password_detection={
            "admin_notification_frequencies": ["daily"],
            "enabled": True,
            "method": "standard",
            "shields": [
                "admin_notification",
                "block",
            ],
            "pre_user_registration": {
                "shields": ["block"],
            },
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewAttackProtection(ctx, "my_protection", &auth0.AttackProtectionArgs{
    			SuspiciousIpThrottling: &auth0.AttackProtectionSuspiciousIpThrottlingArgs{
    				Enabled: pulumi.Bool(true),
    				Shields: pulumi.StringArray{
    					pulumi.String("admin_notification"),
    					pulumi.String("block"),
    				},
    				Allowlists: pulumi.StringArray{
    					pulumi.String("192.168.1.1"),
    				},
    				PreLogin: &auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs{
    					MaxAttempts: pulumi.Int(100),
    					Rate:        pulumi.Int(864000),
    				},
    				PreUserRegistration: &auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{
    					MaxAttempts: pulumi.Int(50),
    					Rate:        pulumi.Int(1200),
    				},
    			},
    			BruteForceProtection: &auth0.AttackProtectionBruteForceProtectionArgs{
    				Allowlists: pulumi.StringArray{
    					pulumi.String("127.0.0.1"),
    				},
    				Enabled:     pulumi.Bool(true),
    				MaxAttempts: pulumi.Int(5),
    				Mode:        pulumi.String("count_per_identifier_and_ip"),
    				Shields: pulumi.StringArray{
    					pulumi.String("block"),
    					pulumi.String("user_notification"),
    				},
    			},
    			BreachedPasswordDetection: &auth0.AttackProtectionBreachedPasswordDetectionArgs{
    				AdminNotificationFrequencies: pulumi.StringArray{
    					pulumi.String("daily"),
    				},
    				Enabled: pulumi.Bool(true),
    				Method:  pulumi.String("standard"),
    				Shields: pulumi.StringArray{
    					pulumi.String("admin_notification"),
    					pulumi.String("block"),
    				},
    				PreUserRegistration: &auth0.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs{
    					Shields: pulumi.StringArray{
    						pulumi.String("block"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var myProtection = new Auth0.AttackProtection("my_protection", new()
        {
            SuspiciousIpThrottling = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingArgs
            {
                Enabled = true,
                Shields = new[]
                {
                    "admin_notification",
                    "block",
                },
                Allowlists = new[]
                {
                    "192.168.1.1",
                },
                PreLogin = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs
                {
                    MaxAttempts = 100,
                    Rate = 864000,
                },
                PreUserRegistration = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs
                {
                    MaxAttempts = 50,
                    Rate = 1200,
                },
            },
            BruteForceProtection = new Auth0.Inputs.AttackProtectionBruteForceProtectionArgs
            {
                Allowlists = new[]
                {
                    "127.0.0.1",
                },
                Enabled = true,
                MaxAttempts = 5,
                Mode = "count_per_identifier_and_ip",
                Shields = new[]
                {
                    "block",
                    "user_notification",
                },
            },
            BreachedPasswordDetection = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionArgs
            {
                AdminNotificationFrequencies = new[]
                {
                    "daily",
                },
                Enabled = true,
                Method = "standard",
                Shields = new[]
                {
                    "admin_notification",
                    "block",
                },
                PreUserRegistration = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs
                {
                    Shields = new[]
                    {
                        "block",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.AttackProtection;
    import com.pulumi.auth0.AttackProtectionArgs;
    import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingArgs;
    import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs;
    import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs;
    import com.pulumi.auth0.inputs.AttackProtectionBruteForceProtectionArgs;
    import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionArgs;
    import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var myProtection = new AttackProtection("myProtection", AttackProtectionArgs.builder()
                .suspiciousIpThrottling(AttackProtectionSuspiciousIpThrottlingArgs.builder()
                    .enabled(true)
                    .shields(                
                        "admin_notification",
                        "block")
                    .allowlists("192.168.1.1")
                    .preLogin(AttackProtectionSuspiciousIpThrottlingPreLoginArgs.builder()
                        .maxAttempts(100)
                        .rate(864000)
                        .build())
                    .preUserRegistration(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.builder()
                        .maxAttempts(50)
                        .rate(1200)
                        .build())
                    .build())
                .bruteForceProtection(AttackProtectionBruteForceProtectionArgs.builder()
                    .allowlists("127.0.0.1")
                    .enabled(true)
                    .maxAttempts(5)
                    .mode("count_per_identifier_and_ip")
                    .shields(                
                        "block",
                        "user_notification")
                    .build())
                .breachedPasswordDetection(AttackProtectionBreachedPasswordDetectionArgs.builder()
                    .adminNotificationFrequencies("daily")
                    .enabled(true)
                    .method("standard")
                    .shields(                
                        "admin_notification",
                        "block")
                    .preUserRegistration(AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs.builder()
                        .shields("block")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      myProtection:
        type: auth0:AttackProtection
        name: my_protection
        properties:
          suspiciousIpThrottling:
            enabled: true
            shields:
              - admin_notification
              - block
            allowlists:
              - 192.168.1.1
            preLogin:
              maxAttempts: 100
              rate: 864000
            preUserRegistration:
              maxAttempts: 50
              rate: 1200
          bruteForceProtection:
            allowlists:
              - 127.0.0.1
            enabled: true
            maxAttempts: 5
            mode: count_per_identifier_and_ip
            shields:
              - block
              - user_notification
          breachedPasswordDetection:
            adminNotificationFrequencies:
              - daily
            enabled: true
            method: standard
            shields:
              - admin_notification
              - block
            preUserRegistration:
              shields:
                - block
    

    Create AttackProtection Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AttackProtection(name: string, args?: AttackProtectionArgs, opts?: CustomResourceOptions);
    @overload
    def AttackProtection(resource_name: str,
                         args: Optional[AttackProtectionArgs] = None,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def AttackProtection(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         breached_password_detection: Optional[AttackProtectionBreachedPasswordDetectionArgs] = None,
                         brute_force_protection: Optional[AttackProtectionBruteForceProtectionArgs] = None,
                         suspicious_ip_throttling: Optional[AttackProtectionSuspiciousIpThrottlingArgs] = None)
    func NewAttackProtection(ctx *Context, name string, args *AttackProtectionArgs, opts ...ResourceOption) (*AttackProtection, error)
    public AttackProtection(string name, AttackProtectionArgs? args = null, CustomResourceOptions? opts = null)
    public AttackProtection(String name, AttackProtectionArgs args)
    public AttackProtection(String name, AttackProtectionArgs args, CustomResourceOptions options)
    
    type: auth0:AttackProtection
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AttackProtectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var attackProtectionResource = new Auth0.AttackProtection("attackProtectionResource", new()
    {
        BreachedPasswordDetection = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionArgs
        {
            Enabled = false,
            AdminNotificationFrequencies = new[]
            {
                "string",
            },
            Method = "string",
            PreUserRegistration = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs
            {
                Shields = new[]
                {
                    "string",
                },
            },
            Shields = new[]
            {
                "string",
            },
        },
        BruteForceProtection = new Auth0.Inputs.AttackProtectionBruteForceProtectionArgs
        {
            Enabled = false,
            Allowlists = new[]
            {
                "string",
            },
            MaxAttempts = 0,
            Mode = "string",
            Shields = new[]
            {
                "string",
            },
        },
        SuspiciousIpThrottling = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingArgs
        {
            Enabled = false,
            Allowlists = new[]
            {
                "string",
            },
            PreLogin = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs
            {
                MaxAttempts = 0,
                Rate = 0,
            },
            PreUserRegistration = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs
            {
                MaxAttempts = 0,
                Rate = 0,
            },
            Shields = new[]
            {
                "string",
            },
        },
    });
    
    example, err := auth0.NewAttackProtection(ctx, "attackProtectionResource", &auth0.AttackProtectionArgs{
    	BreachedPasswordDetection: &auth0.AttackProtectionBreachedPasswordDetectionArgs{
    		Enabled: pulumi.Bool(false),
    		AdminNotificationFrequencies: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Method: pulumi.String("string"),
    		PreUserRegistration: &auth0.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs{
    			Shields: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    		Shields: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	BruteForceProtection: &auth0.AttackProtectionBruteForceProtectionArgs{
    		Enabled: pulumi.Bool(false),
    		Allowlists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MaxAttempts: pulumi.Int(0),
    		Mode:        pulumi.String("string"),
    		Shields: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	SuspiciousIpThrottling: &auth0.AttackProtectionSuspiciousIpThrottlingArgs{
    		Enabled: pulumi.Bool(false),
    		Allowlists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		PreLogin: &auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs{
    			MaxAttempts: pulumi.Int(0),
    			Rate:        pulumi.Int(0),
    		},
    		PreUserRegistration: &auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{
    			MaxAttempts: pulumi.Int(0),
    			Rate:        pulumi.Int(0),
    		},
    		Shields: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    })
    
    var attackProtectionResource = new AttackProtection("attackProtectionResource", AttackProtectionArgs.builder()
        .breachedPasswordDetection(AttackProtectionBreachedPasswordDetectionArgs.builder()
            .enabled(false)
            .adminNotificationFrequencies("string")
            .method("string")
            .preUserRegistration(AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs.builder()
                .shields("string")
                .build())
            .shields("string")
            .build())
        .bruteForceProtection(AttackProtectionBruteForceProtectionArgs.builder()
            .enabled(false)
            .allowlists("string")
            .maxAttempts(0)
            .mode("string")
            .shields("string")
            .build())
        .suspiciousIpThrottling(AttackProtectionSuspiciousIpThrottlingArgs.builder()
            .enabled(false)
            .allowlists("string")
            .preLogin(AttackProtectionSuspiciousIpThrottlingPreLoginArgs.builder()
                .maxAttempts(0)
                .rate(0)
                .build())
            .preUserRegistration(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.builder()
                .maxAttempts(0)
                .rate(0)
                .build())
            .shields("string")
            .build())
        .build());
    
    attack_protection_resource = auth0.AttackProtection("attackProtectionResource",
        breached_password_detection={
            "enabled": False,
            "admin_notification_frequencies": ["string"],
            "method": "string",
            "pre_user_registration": {
                "shields": ["string"],
            },
            "shields": ["string"],
        },
        brute_force_protection={
            "enabled": False,
            "allowlists": ["string"],
            "max_attempts": 0,
            "mode": "string",
            "shields": ["string"],
        },
        suspicious_ip_throttling={
            "enabled": False,
            "allowlists": ["string"],
            "pre_login": {
                "max_attempts": 0,
                "rate": 0,
            },
            "pre_user_registration": {
                "max_attempts": 0,
                "rate": 0,
            },
            "shields": ["string"],
        })
    
    const attackProtectionResource = new auth0.AttackProtection("attackProtectionResource", {
        breachedPasswordDetection: {
            enabled: false,
            adminNotificationFrequencies: ["string"],
            method: "string",
            preUserRegistration: {
                shields: ["string"],
            },
            shields: ["string"],
        },
        bruteForceProtection: {
            enabled: false,
            allowlists: ["string"],
            maxAttempts: 0,
            mode: "string",
            shields: ["string"],
        },
        suspiciousIpThrottling: {
            enabled: false,
            allowlists: ["string"],
            preLogin: {
                maxAttempts: 0,
                rate: 0,
            },
            preUserRegistration: {
                maxAttempts: 0,
                rate: 0,
            },
            shields: ["string"],
        },
    });
    
    type: auth0:AttackProtection
    properties:
        breachedPasswordDetection:
            adminNotificationFrequencies:
                - string
            enabled: false
            method: string
            preUserRegistration:
                shields:
                    - string
            shields:
                - string
        bruteForceProtection:
            allowlists:
                - string
            enabled: false
            maxAttempts: 0
            mode: string
            shields:
                - string
        suspiciousIpThrottling:
            allowlists:
                - string
            enabled: false
            preLogin:
                maxAttempts: 0
                rate: 0
            preUserRegistration:
                maxAttempts: 0
                rate: 0
            shields:
                - string
    

    AttackProtection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AttackProtection resource accepts the following input properties:

    BreachedPasswordDetection AttackProtectionBreachedPasswordDetection
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    BruteForceProtection AttackProtectionBruteForceProtection
    Brute-force protection safeguards against a single IP address attacking a single user account.
    SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottling
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    BruteForceProtection AttackProtectionBruteForceProtectionArgs
    Brute-force protection safeguards against a single IP address attacking a single user account.
    SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    breachedPasswordDetection AttackProtectionBreachedPasswordDetection
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    bruteForceProtection AttackProtectionBruteForceProtection
    Brute-force protection safeguards against a single IP address attacking a single user account.
    suspiciousIpThrottling AttackProtectionSuspiciousIpThrottling
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    breachedPasswordDetection AttackProtectionBreachedPasswordDetection
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    bruteForceProtection AttackProtectionBruteForceProtection
    Brute-force protection safeguards against a single IP address attacking a single user account.
    suspiciousIpThrottling AttackProtectionSuspiciousIpThrottling
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    breached_password_detection AttackProtectionBreachedPasswordDetectionArgs
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    brute_force_protection AttackProtectionBruteForceProtectionArgs
    Brute-force protection safeguards against a single IP address attacking a single user account.
    suspicious_ip_throttling AttackProtectionSuspiciousIpThrottlingArgs
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    breachedPasswordDetection Property Map
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    bruteForceProtection Property Map
    Brute-force protection safeguards against a single IP address attacking a single user account.
    suspiciousIpThrottling Property Map
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AttackProtection resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AttackProtection Resource

    Get an existing AttackProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AttackProtectionState, opts?: CustomResourceOptions): AttackProtection
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            breached_password_detection: Optional[AttackProtectionBreachedPasswordDetectionArgs] = None,
            brute_force_protection: Optional[AttackProtectionBruteForceProtectionArgs] = None,
            suspicious_ip_throttling: Optional[AttackProtectionSuspiciousIpThrottlingArgs] = None) -> AttackProtection
    func GetAttackProtection(ctx *Context, name string, id IDInput, state *AttackProtectionState, opts ...ResourceOption) (*AttackProtection, error)
    public static AttackProtection Get(string name, Input<string> id, AttackProtectionState? state, CustomResourceOptions? opts = null)
    public static AttackProtection get(String name, Output<String> id, AttackProtectionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    BreachedPasswordDetection AttackProtectionBreachedPasswordDetection
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    BruteForceProtection AttackProtectionBruteForceProtection
    Brute-force protection safeguards against a single IP address attacking a single user account.
    SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottling
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    BreachedPasswordDetection AttackProtectionBreachedPasswordDetectionArgs
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    BruteForceProtection AttackProtectionBruteForceProtectionArgs
    Brute-force protection safeguards against a single IP address attacking a single user account.
    SuspiciousIpThrottling AttackProtectionSuspiciousIpThrottlingArgs
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    breachedPasswordDetection AttackProtectionBreachedPasswordDetection
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    bruteForceProtection AttackProtectionBruteForceProtection
    Brute-force protection safeguards against a single IP address attacking a single user account.
    suspiciousIpThrottling AttackProtectionSuspiciousIpThrottling
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    breachedPasswordDetection AttackProtectionBreachedPasswordDetection
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    bruteForceProtection AttackProtectionBruteForceProtection
    Brute-force protection safeguards against a single IP address attacking a single user account.
    suspiciousIpThrottling AttackProtectionSuspiciousIpThrottling
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    breached_password_detection AttackProtectionBreachedPasswordDetectionArgs
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    brute_force_protection AttackProtectionBruteForceProtectionArgs
    Brute-force protection safeguards against a single IP address attacking a single user account.
    suspicious_ip_throttling AttackProtectionSuspiciousIpThrottlingArgs
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
    breachedPasswordDetection Property Map
    Breached password detection protects your applications from bad actors logging in with stolen credentials.
    bruteForceProtection Property Map
    Brute-force protection safeguards against a single IP address attacking a single user account.
    suspiciousIpThrottling Property Map
    Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.

    Supporting Types

    AttackProtectionBreachedPasswordDetection, AttackProtectionBreachedPasswordDetectionArgs

    Enabled bool
    Whether breached password detection is active.
    AdminNotificationFrequencies List<string>
    When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
    Method string
    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
    PreUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    Shields List<string>
    Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).
    Enabled bool
    Whether breached password detection is active.
    AdminNotificationFrequencies []string
    When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
    Method string
    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
    PreUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    Shields []string
    Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).
    enabled Boolean
    Whether breached password detection is active.
    adminNotificationFrequencies List<String>
    When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
    method String
    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
    preUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    shields List<String>
    Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).
    enabled boolean
    Whether breached password detection is active.
    adminNotificationFrequencies string[]
    When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
    method string
    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
    preUserRegistration AttackProtectionBreachedPasswordDetectionPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    shields string[]
    Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).
    enabled bool
    Whether breached password detection is active.
    admin_notification_frequencies Sequence[str]
    When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
    method str
    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
    pre_user_registration AttackProtectionBreachedPasswordDetectionPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    shields Sequence[str]
    Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).
    enabled Boolean
    Whether breached password detection is active.
    adminNotificationFrequencies List<String>
    When admin_notification is enabled within the shields property, determines how often email notifications are sent. Possible values: immediately, daily, weekly, monthly.
    method String
    The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: standard, enhanced.
    preUserRegistration Property Map
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    shields List<String>
    Action to take when a breached password is detected. Options include: block (block compromised user accounts), user_notification (send an email to user when we detect that they are using compromised credentials) and admin_notification (send an email with a summary of the number of accounts logging in with compromised credentials).

    AttackProtectionBreachedPasswordDetectionPreUserRegistration, AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs

    Shields List<string>
    Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).
    Shields []string
    Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).
    shields List<String>
    Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).
    shields string[]
    Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).
    shields Sequence[str]
    Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).
    shields List<String>
    Action to take when a breached password is detected during a signup. Possible values: block (block compromised credentials for new accounts), admin_notification (send an email notification with a summary of compromised credentials in new accounts).

    AttackProtectionBruteForceProtection, AttackProtectionBruteForceProtectionArgs

    Enabled bool
    Whether brute force attack protections are active.
    Allowlists List<string>
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    MaxAttempts int
    Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
    Mode string
    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
    Shields List<string>
    Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).
    Enabled bool
    Whether brute force attack protections are active.
    Allowlists []string
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    MaxAttempts int
    Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
    Mode string
    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
    Shields []string
    Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).
    enabled Boolean
    Whether brute force attack protections are active.
    allowlists List<String>
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    maxAttempts Integer
    Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
    mode String
    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
    shields List<String>
    Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).
    enabled boolean
    Whether brute force attack protections are active.
    allowlists string[]
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    maxAttempts number
    Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
    mode string
    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
    shields string[]
    Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).
    enabled bool
    Whether brute force attack protections are active.
    allowlists Sequence[str]
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    max_attempts int
    Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
    mode str
    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
    shields Sequence[str]
    Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).
    enabled Boolean
    Whether brute force attack protections are active.
    allowlists List<String>
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    maxAttempts Number
    Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
    mode String
    Determines whether the IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip (lockout an account from a given IP Address) or count_per_identifier (lockout an account regardless of IP Address).
    shields List<String>
    Action to take when a brute force protection threshold is violated. Possible values: block (block login attempts for a flagged user account), user_notification (send an email to user when their account has been blocked).

    AttackProtectionSuspiciousIpThrottling, AttackProtectionSuspiciousIpThrottlingArgs

    Enabled bool
    Whether suspicious IP throttling attack protections are active.
    Allowlists List<string>
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    PreLogin AttackProtectionSuspiciousIpThrottlingPreLogin
    Configuration options that apply before every login attempt. Only available on public tenants.
    PreUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    Shields List<string>
    Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
    Enabled bool
    Whether suspicious IP throttling attack protections are active.
    Allowlists []string
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    PreLogin AttackProtectionSuspiciousIpThrottlingPreLogin
    Configuration options that apply before every login attempt. Only available on public tenants.
    PreUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    Shields []string
    Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
    enabled Boolean
    Whether suspicious IP throttling attack protections are active.
    allowlists List<String>
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    preLogin AttackProtectionSuspiciousIpThrottlingPreLogin
    Configuration options that apply before every login attempt. Only available on public tenants.
    preUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    shields List<String>
    Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
    enabled boolean
    Whether suspicious IP throttling attack protections are active.
    allowlists string[]
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    preLogin AttackProtectionSuspiciousIpThrottlingPreLogin
    Configuration options that apply before every login attempt. Only available on public tenants.
    preUserRegistration AttackProtectionSuspiciousIpThrottlingPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    shields string[]
    Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
    enabled bool
    Whether suspicious IP throttling attack protections are active.
    allowlists Sequence[str]
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    pre_login AttackProtectionSuspiciousIpThrottlingPreLogin
    Configuration options that apply before every login attempt. Only available on public tenants.
    pre_user_registration AttackProtectionSuspiciousIpThrottlingPreUserRegistration
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    shields Sequence[str]
    Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
    enabled Boolean
    Whether suspicious IP throttling attack protections are active.
    allowlists List<String>
    List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
    preLogin Property Map
    Configuration options that apply before every login attempt. Only available on public tenants.
    preUserRegistration Property Map
    Configuration options that apply before every user registration attempt. Only available on public tenants.
    shields List<String>
    Action to take when a suspicious IP throttling threshold is violated. Possible values: block (throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts), admin_notification (send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).

    AttackProtectionSuspiciousIpThrottlingPreLogin, AttackProtectionSuspiciousIpThrottlingPreLoginArgs

    MaxAttempts int
    The maximum number of failed login attempts allowed from a single IP address.
    Rate int
    Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
    MaxAttempts int
    The maximum number of failed login attempts allowed from a single IP address.
    Rate int
    Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
    maxAttempts Integer
    The maximum number of failed login attempts allowed from a single IP address.
    rate Integer
    Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
    maxAttempts number
    The maximum number of failed login attempts allowed from a single IP address.
    rate number
    Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
    max_attempts int
    The maximum number of failed login attempts allowed from a single IP address.
    rate int
    Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
    maxAttempts Number
    The maximum number of failed login attempts allowed from a single IP address.
    rate Number
    Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.

    AttackProtectionSuspiciousIpThrottlingPreUserRegistration, AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs

    MaxAttempts int
    The maximum number of sign up attempts allowed from a single IP address.
    Rate int
    Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
    MaxAttempts int
    The maximum number of sign up attempts allowed from a single IP address.
    Rate int
    Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
    maxAttempts Integer
    The maximum number of sign up attempts allowed from a single IP address.
    rate Integer
    Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
    maxAttempts number
    The maximum number of sign up attempts allowed from a single IP address.
    rate number
    Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
    max_attempts int
    The maximum number of sign up attempts allowed from a single IP address.
    rate int
    Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
    maxAttempts Number
    The maximum number of sign up attempts allowed from a single IP address.
    rate Number
    Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.

    Import

    As this is not a resource identifiable by an ID within the Auth0 Management API,

    attack_protection can be imported using a random string.

    We recommend Version 4 UUID

    Example:

    $ pulumi import auth0:index/attackProtection:AttackProtection my_protection "24940d4b-4bd4-44e7-894e-f92e4de36a40"
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Auth0 pulumi/pulumi-auth0
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the auth0 Terraform Provider.
    auth0 logo
    Auth0 v3.8.3 published on Wednesday, Nov 6, 2024 by Pulumi