From c0e8189f3c2bf75df5bcaf2dfb459ae976ad1686 Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Thu, 12 Feb 2026 13:00:31 +0100 Subject: [PATCH 1/2] docs(posture-control): document resource_kind valid values and fix import example Closes #684 --- website/docs/r/secure_posture_control.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/website/docs/r/secure_posture_control.md b/website/docs/r/secure_posture_control.md index 90d3745b7..3ed8d5bc1 100644 --- a/website/docs/r/secure_posture_control.md +++ b/website/docs/r/secure_posture_control.md @@ -52,7 +52,22 @@ resource "sysdig_secure_posture_control" "c"{ - `description` - (Required) The description of the Posture Control, eg. `EC2 - Instances should not have a public IP address` - `rego` - (Required) The Posture control Rego. `package sysdig\ndefault risky = false\nrisky {\n input.NetworkInterfaces[_].Association.PublicIp\n input. NetworkInterfaces[_].Association.PublicIp != \"\"\n}` - `remediation_details`- (Required) The Posture control Remediation details. `Use a non-default VPC so that your instance is not assigned a public IP address by default` -- `resource_kind` - (Required) The Posture Control Resource kind. It should be a supported resource kind, eg. `AWS_S3_BUCKET` +- `resource_kind` - (Required) The resource type this control evaluates. Must be a supported resource kind string matching + a resource type in the Sysdig CSPM inventory. The format varies by platform: + + - **AWS** (100+ kinds): `AWS_S3_BUCKET`, `AWS_EC2_INSTANCE`, `AWS_IAM_ROLE`, `AWS_LAMBDA_FUNCTION`, ... + - **GCP** (80+ kinds): `GCP_STORAGE_GOOGLEAPIS_COM_BUCKET`, `GCP_COMPUTE_GOOGLEAPIS_COM_INSTANCE`, ... + - **Azure** (70+ kinds): `AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES`, `AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS`, ... + - **Kubernetes**: `DEPLOYMENT`, `SERVICE`, `NAMESPACE`, `CLUSTERROLE`, ... + - **IBM Cloud** (100+ kinds): `IBM_USER-MANAGEMENT_USER`, `IBM_IS_VPC_INSTANCE`, `IBM_CLOUD-OBJECT-STORAGE_BUCKET`, ... + - **Host** (Linux/Windows/Docker): `host` + + To list all valid values, query the CSPM API: + ``` + GET /api/cspm/v1/policy/controls/resource-template/kinds + ``` + See the [Sysdig API Swagger docs](https://docs.sysdig.com/en/docs/developer-tools/sysdig-api/#swagger-documentation) and + the [posture controls API documentation](https://docs.sysdig.com/en/sysdig-secure/posture_controls/#sysdig-api-endpoint) for more details. - `severity` - (Required) The Posture Control Severity [`High`, `Medium`, `Low`], case sensitive, e.g., `High`. ## Attributes Reference @@ -65,5 +80,5 @@ In addition to all arguments above, the following attributes are exported: Posture custom control can be imported using the ID, e.g. ``` -$ terraform import sysdig_secure_posture_control.example c 12345 +$ terraform import sysdig_secure_posture_control.example 12345 ``` From f645498f0cc224a1bbf371d584cb8d82326b661c Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Thu, 12 Feb 2026 15:54:28 +0100 Subject: [PATCH 2/2] docs: do not specify the kind count Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- website/docs/r/secure_posture_control.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/docs/r/secure_posture_control.md b/website/docs/r/secure_posture_control.md index 3ed8d5bc1..6b712e7fd 100644 --- a/website/docs/r/secure_posture_control.md +++ b/website/docs/r/secure_posture_control.md @@ -55,11 +55,11 @@ resource "sysdig_secure_posture_control" "c"{ - `resource_kind` - (Required) The resource type this control evaluates. Must be a supported resource kind string matching a resource type in the Sysdig CSPM inventory. The format varies by platform: - - **AWS** (100+ kinds): `AWS_S3_BUCKET`, `AWS_EC2_INSTANCE`, `AWS_IAM_ROLE`, `AWS_LAMBDA_FUNCTION`, ... - - **GCP** (80+ kinds): `GCP_STORAGE_GOOGLEAPIS_COM_BUCKET`, `GCP_COMPUTE_GOOGLEAPIS_COM_INSTANCE`, ... - - **Azure** (70+ kinds): `AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES`, `AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS`, ... + - **AWS**: `AWS_S3_BUCKET`, `AWS_EC2_INSTANCE`, `AWS_IAM_ROLE`, `AWS_LAMBDA_FUNCTION`, ... + - **GCP**: `GCP_STORAGE_GOOGLEAPIS_COM_BUCKET`, `GCP_COMPUTE_GOOGLEAPIS_COM_INSTANCE`, ... + - **Azure**: `AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES`, `AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS`, ... - **Kubernetes**: `DEPLOYMENT`, `SERVICE`, `NAMESPACE`, `CLUSTERROLE`, ... - - **IBM Cloud** (100+ kinds): `IBM_USER-MANAGEMENT_USER`, `IBM_IS_VPC_INSTANCE`, `IBM_CLOUD-OBJECT-STORAGE_BUCKET`, ... + - **IBM Cloud**: `IBM_USER-MANAGEMENT_USER`, `IBM_IS_VPC_INSTANCE`, `IBM_CLOUD-OBJECT-STORAGE_BUCKET`, ... - **Host** (Linux/Windows/Docker): `host` To list all valid values, query the CSPM API: