Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHAs.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const myProtection = new auth0.AttackProtection("my_protection", {
suspiciousIpThrottling: {
enabled: true,
shields: [
"admin_notification",
"block",
],
allowlists: ["192.168.1.1"],
preLogin: {
maxAttempts: 100,
rate: 864000,
},
preUserRegistration: {
maxAttempts: 50,
rate: 1200,
},
},
bruteForceProtection: {
allowlists: ["127.0.0.1"],
enabled: true,
maxAttempts: 5,
mode: "count_per_identifier_and_ip",
shields: [
"block",
"user_notification",
],
},
breachedPasswordDetection: {
adminNotificationFrequencies: ["daily"],
enabled: true,
method: "standard",
shields: [
"admin_notification",
"block",
],
preUserRegistration: {
shields: [
"admin_notification",
"block",
],
},
preChangePassword: {
shields: [
"admin_notification",
"block",
],
},
},
botDetection: {
botDetectionLevel: "medium",
challengePasswordPolicy: "when_risky",
challengePasswordlessPolicy: "when_risky",
challengePasswordResetPolicy: "always",
allowlists: [
"192.168.1.0",
"10.0.0.0",
],
monitoringModeEnabled: true,
},
});
// ============================================================================
// CAPTCHA PROVIDER EXAMPLES - One per Provider
// ============================================================================
const config = new pulumi.Config();
// Google reCAPTCHA v2 site key
const recaptchaV2SiteKey = config.require("recaptchaV2SiteKey");
// Google reCAPTCHA v2 secret key
const recaptchaV2Secret = config.require("recaptchaV2Secret");
// Example 1: reCAPTCHA v2
const captchaRecaptchaV2 = new auth0.AttackProtection("captcha_recaptcha_v2", {captcha: {
activeProviderId: "recaptcha_v2",
recaptchaV2: {
siteKey: recaptchaV2SiteKey,
secret: recaptchaV2Secret,
},
}});
// Google reCAPTCHA Enterprise site key
const recaptchaEnterpriseSiteKey = config.require("recaptchaEnterpriseSiteKey");
// Google reCAPTCHA Enterprise API key
const recaptchaEnterpriseApiKey = config.require("recaptchaEnterpriseApiKey");
// Google reCAPTCHA Enterprise project ID
const recaptchaEnterpriseProjectId = config.require("recaptchaEnterpriseProjectId");
// Example 2: reCAPTCHA Enterprise
const captchaRecaptchaEnterprise = new auth0.AttackProtection("captcha_recaptcha_enterprise", {captcha: {
activeProviderId: "recaptcha_enterprise",
recaptchaEnterprise: {
siteKey: recaptchaEnterpriseSiteKey,
apiKey: recaptchaEnterpriseApiKey,
projectId: recaptchaEnterpriseProjectId,
},
}});
// hCaptcha site key
const hcaptchaSiteKey = config.require("hcaptchaSiteKey");
// hCaptcha secret key
const hcaptchaSecret = config.require("hcaptchaSecret");
// Example 3: hCaptcha
const captchaHcaptcha = new auth0.AttackProtection("captcha_hcaptcha", {captcha: {
activeProviderId: "hcaptcha",
hcaptcha: {
siteKey: hcaptchaSiteKey,
secret: hcaptchaSecret,
},
}});
// Friendly Captcha site key
const friendlyCaptchaSiteKey = config.require("friendlyCaptchaSiteKey");
// Friendly Captcha secret key
const friendlyCaptchaSecret = config.require("friendlyCaptchaSecret");
// Example 4: Friendly Captcha
const captchaFriendlyCaptcha = new auth0.AttackProtection("captcha_friendly_captcha", {captcha: {
activeProviderId: "friendly_captcha",
friendlyCaptcha: {
siteKey: friendlyCaptchaSiteKey,
secret: friendlyCaptchaSecret,
},
}});
// Arkose Labs site key
const arkoseSiteKey = config.require("arkoseSiteKey");
// Arkose Labs secret key
const arkoseSecret = config.require("arkoseSecret");
// Example 5: Arkose Labs
const captchaArkose = new auth0.AttackProtection("captcha_arkose", {captcha: {
activeProviderId: "arkose",
arkose: {
siteKey: arkoseSiteKey,
secret: arkoseSecret,
clientSubdomain: "client.example.com",
verifySubdomain: "verify.example.com",
failOpen: false,
},
}});
// ============================================================================
// VARIABLES FOR SENSITIVE DATA
// ============================================================================
import pulumi
import pulumi_auth0 as auth0
my_protection = auth0.AttackProtection("my_protection",
suspicious_ip_throttling={
"enabled": True,
"shields": [
"admin_notification",
"block",
],
"allowlists": ["192.168.1.1"],
"pre_login": {
"max_attempts": 100,
"rate": 864000,
},
"pre_user_registration": {
"max_attempts": 50,
"rate": 1200,
},
},
brute_force_protection={
"allowlists": ["127.0.0.1"],
"enabled": True,
"max_attempts": 5,
"mode": "count_per_identifier_and_ip",
"shields": [
"block",
"user_notification",
],
},
breached_password_detection={
"admin_notification_frequencies": ["daily"],
"enabled": True,
"method": "standard",
"shields": [
"admin_notification",
"block",
],
"pre_user_registration": {
"shields": [
"admin_notification",
"block",
],
},
"pre_change_password": {
"shields": [
"admin_notification",
"block",
],
},
},
bot_detection={
"bot_detection_level": "medium",
"challenge_password_policy": "when_risky",
"challenge_passwordless_policy": "when_risky",
"challenge_password_reset_policy": "always",
"allowlists": [
"192.168.1.0",
"10.0.0.0",
],
"monitoring_mode_enabled": True,
})
# ============================================================================
# CAPTCHA PROVIDER EXAMPLES - One per Provider
# ============================================================================
config = pulumi.Config()
# Google reCAPTCHA v2 site key
recaptcha_v2_site_key = config.require("recaptchaV2SiteKey")
# Google reCAPTCHA v2 secret key
recaptcha_v2_secret = config.require("recaptchaV2Secret")
# Example 1: reCAPTCHA v2
captcha_recaptcha_v2 = auth0.AttackProtection("captcha_recaptcha_v2", captcha={
"active_provider_id": "recaptcha_v2",
"recaptcha_v2": {
"site_key": recaptcha_v2_site_key,
"secret": recaptcha_v2_secret,
},
})
# Google reCAPTCHA Enterprise site key
recaptcha_enterprise_site_key = config.require("recaptchaEnterpriseSiteKey")
# Google reCAPTCHA Enterprise API key
recaptcha_enterprise_api_key = config.require("recaptchaEnterpriseApiKey")
# Google reCAPTCHA Enterprise project ID
recaptcha_enterprise_project_id = config.require("recaptchaEnterpriseProjectId")
# Example 2: reCAPTCHA Enterprise
captcha_recaptcha_enterprise = auth0.AttackProtection("captcha_recaptcha_enterprise", captcha={
"active_provider_id": "recaptcha_enterprise",
"recaptcha_enterprise": {
"site_key": recaptcha_enterprise_site_key,
"api_key": recaptcha_enterprise_api_key,
"project_id": recaptcha_enterprise_project_id,
},
})
# hCaptcha site key
hcaptcha_site_key = config.require("hcaptchaSiteKey")
# hCaptcha secret key
hcaptcha_secret = config.require("hcaptchaSecret")
# Example 3: hCaptcha
captcha_hcaptcha = auth0.AttackProtection("captcha_hcaptcha", captcha={
"active_provider_id": "hcaptcha",
"hcaptcha": {
"site_key": hcaptcha_site_key,
"secret": hcaptcha_secret,
},
})
# Friendly Captcha site key
friendly_captcha_site_key = config.require("friendlyCaptchaSiteKey")
# Friendly Captcha secret key
friendly_captcha_secret = config.require("friendlyCaptchaSecret")
# Example 4: Friendly Captcha
captcha_friendly_captcha = auth0.AttackProtection("captcha_friendly_captcha", captcha={
"active_provider_id": "friendly_captcha",
"friendly_captcha": {
"site_key": friendly_captcha_site_key,
"secret": friendly_captcha_secret,
},
})
# Arkose Labs site key
arkose_site_key = config.require("arkoseSiteKey")
# Arkose Labs secret key
arkose_secret = config.require("arkoseSecret")
# Example 5: Arkose Labs
captcha_arkose = auth0.AttackProtection("captcha_arkose", captcha={
"active_provider_id": "arkose",
"arkose": {
"site_key": arkose_site_key,
"secret": arkose_secret,
"client_subdomain": "client.example.com",
"verify_subdomain": "verify.example.com",
"fail_open": False,
},
})
# ============================================================================
# VARIABLES FOR SENSITIVE DATA
# ============================================================================
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewAttackProtection(ctx, "my_protection", &auth0.AttackProtectionArgs{
SuspiciousIpThrottling: &auth0.AttackProtectionSuspiciousIpThrottlingArgs{
Enabled: pulumi.Bool(true),
Shields: pulumi.StringArray{
pulumi.String("admin_notification"),
pulumi.String("block"),
},
Allowlists: pulumi.StringArray{
pulumi.String("192.168.1.1"),
},
PreLogin: &auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs{
MaxAttempts: pulumi.Int(100),
Rate: pulumi.Int(864000),
},
PreUserRegistration: &auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{
MaxAttempts: pulumi.Int(50),
Rate: pulumi.Int(1200),
},
},
BruteForceProtection: &auth0.AttackProtectionBruteForceProtectionArgs{
Allowlists: pulumi.StringArray{
pulumi.String("127.0.0.1"),
},
Enabled: pulumi.Bool(true),
MaxAttempts: pulumi.Int(5),
Mode: pulumi.String("count_per_identifier_and_ip"),
Shields: pulumi.StringArray{
pulumi.String("block"),
pulumi.String("user_notification"),
},
},
BreachedPasswordDetection: &auth0.AttackProtectionBreachedPasswordDetectionArgs{
AdminNotificationFrequencies: pulumi.StringArray{
pulumi.String("daily"),
},
Enabled: pulumi.Bool(true),
Method: pulumi.String("standard"),
Shields: pulumi.StringArray{
pulumi.String("admin_notification"),
pulumi.String("block"),
},
PreUserRegistration: &auth0.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs{
Shields: pulumi.StringArray{
pulumi.String("admin_notification"),
pulumi.String("block"),
},
},
PreChangePassword: &auth0.AttackProtectionBreachedPasswordDetectionPreChangePasswordArgs{
Shields: pulumi.StringArray{
pulumi.String("admin_notification"),
pulumi.String("block"),
},
},
},
BotDetection: &auth0.AttackProtectionBotDetectionArgs{
BotDetectionLevel: pulumi.String("medium"),
ChallengePasswordPolicy: pulumi.String("when_risky"),
ChallengePasswordlessPolicy: pulumi.String("when_risky"),
ChallengePasswordResetPolicy: pulumi.String("always"),
Allowlists: pulumi.StringArray{
pulumi.String("192.168.1.0"),
pulumi.String("10.0.0.0"),
},
MonitoringModeEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
cfg := config.New(ctx, "")
// Google reCAPTCHA v2 site key
recaptchaV2SiteKey := cfg.Require("recaptchaV2SiteKey")
// Google reCAPTCHA v2 secret key
recaptchaV2Secret := cfg.Require("recaptchaV2Secret")
// Example 1: reCAPTCHA v2
_, err = auth0.NewAttackProtection(ctx, "captcha_recaptcha_v2", &auth0.AttackProtectionArgs{
Captcha: &auth0.AttackProtectionCaptchaArgs{
ActiveProviderId: pulumi.String("recaptcha_v2"),
RecaptchaV2: &auth0.AttackProtectionCaptchaRecaptchaV2Args{
SiteKey: pulumi.String(recaptchaV2SiteKey),
Secret: pulumi.String(recaptchaV2Secret),
},
},
})
if err != nil {
return err
}
// Google reCAPTCHA Enterprise site key
recaptchaEnterpriseSiteKey := cfg.Require("recaptchaEnterpriseSiteKey")
// Google reCAPTCHA Enterprise API key
recaptchaEnterpriseApiKey := cfg.Require("recaptchaEnterpriseApiKey")
// Google reCAPTCHA Enterprise project ID
recaptchaEnterpriseProjectId := cfg.Require("recaptchaEnterpriseProjectId")
// Example 2: reCAPTCHA Enterprise
_, err = auth0.NewAttackProtection(ctx, "captcha_recaptcha_enterprise", &auth0.AttackProtectionArgs{
Captcha: &auth0.AttackProtectionCaptchaArgs{
ActiveProviderId: pulumi.String("recaptcha_enterprise"),
RecaptchaEnterprise: &auth0.AttackProtectionCaptchaRecaptchaEnterpriseArgs{
SiteKey: pulumi.String(recaptchaEnterpriseSiteKey),
ApiKey: pulumi.String(recaptchaEnterpriseApiKey),
ProjectId: pulumi.String(recaptchaEnterpriseProjectId),
},
},
})
if err != nil {
return err
}
// hCaptcha site key
hcaptchaSiteKey := cfg.Require("hcaptchaSiteKey")
// hCaptcha secret key
hcaptchaSecret := cfg.Require("hcaptchaSecret")
// Example 3: hCaptcha
_, err = auth0.NewAttackProtection(ctx, "captcha_hcaptcha", &auth0.AttackProtectionArgs{
Captcha: &auth0.AttackProtectionCaptchaArgs{
ActiveProviderId: pulumi.String("hcaptcha"),
Hcaptcha: &auth0.AttackProtectionCaptchaHcaptchaArgs{
SiteKey: pulumi.String(hcaptchaSiteKey),
Secret: pulumi.String(hcaptchaSecret),
},
},
})
if err != nil {
return err
}
// Friendly Captcha site key
friendlyCaptchaSiteKey := cfg.Require("friendlyCaptchaSiteKey")
// Friendly Captcha secret key
friendlyCaptchaSecret := cfg.Require("friendlyCaptchaSecret")
// Example 4: Friendly Captcha
_, err = auth0.NewAttackProtection(ctx, "captcha_friendly_captcha", &auth0.AttackProtectionArgs{
Captcha: &auth0.AttackProtectionCaptchaArgs{
ActiveProviderId: pulumi.String("friendly_captcha"),
FriendlyCaptcha: &auth0.AttackProtectionCaptchaFriendlyCaptchaArgs{
SiteKey: pulumi.String(friendlyCaptchaSiteKey),
Secret: pulumi.String(friendlyCaptchaSecret),
},
},
})
if err != nil {
return err
}
// Arkose Labs site key
arkoseSiteKey := cfg.Require("arkoseSiteKey")
// Arkose Labs secret key
arkoseSecret := cfg.Require("arkoseSecret")
// Example 5: Arkose Labs
_, err = auth0.NewAttackProtection(ctx, "captcha_arkose", &auth0.AttackProtectionArgs{
Captcha: &auth0.AttackProtectionCaptchaArgs{
ActiveProviderId: pulumi.String("arkose"),
Arkose: &auth0.AttackProtectionCaptchaArkoseArgs{
SiteKey: pulumi.String(arkoseSiteKey),
Secret: pulumi.String(arkoseSecret),
ClientSubdomain: pulumi.String("client.example.com"),
VerifySubdomain: pulumi.String("verify.example.com"),
FailOpen: pulumi.Bool(false),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var myProtection = new Auth0.AttackProtection("my_protection", new()
{
SuspiciousIpThrottling = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingArgs
{
Enabled = true,
Shields = new[]
{
"admin_notification",
"block",
},
Allowlists = new[]
{
"192.168.1.1",
},
PreLogin = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs
{
MaxAttempts = 100,
Rate = 864000,
},
PreUserRegistration = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs
{
MaxAttempts = 50,
Rate = 1200,
},
},
BruteForceProtection = new Auth0.Inputs.AttackProtectionBruteForceProtectionArgs
{
Allowlists = new[]
{
"127.0.0.1",
},
Enabled = true,
MaxAttempts = 5,
Mode = "count_per_identifier_and_ip",
Shields = new[]
{
"block",
"user_notification",
},
},
BreachedPasswordDetection = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionArgs
{
AdminNotificationFrequencies = new[]
{
"daily",
},
Enabled = true,
Method = "standard",
Shields = new[]
{
"admin_notification",
"block",
},
PreUserRegistration = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs
{
Shields = new[]
{
"admin_notification",
"block",
},
},
PreChangePassword = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionPreChangePasswordArgs
{
Shields = new[]
{
"admin_notification",
"block",
},
},
},
BotDetection = new Auth0.Inputs.AttackProtectionBotDetectionArgs
{
BotDetectionLevel = "medium",
ChallengePasswordPolicy = "when_risky",
ChallengePasswordlessPolicy = "when_risky",
ChallengePasswordResetPolicy = "always",
Allowlists = new[]
{
"192.168.1.0",
"10.0.0.0",
},
MonitoringModeEnabled = true,
},
});
// ============================================================================
// CAPTCHA PROVIDER EXAMPLES - One per Provider
// ============================================================================
var config = new Config();
// Google reCAPTCHA v2 site key
var recaptchaV2SiteKey = config.Require("recaptchaV2SiteKey");
// Google reCAPTCHA v2 secret key
var recaptchaV2Secret = config.Require("recaptchaV2Secret");
// Example 1: reCAPTCHA v2
var captchaRecaptchaV2 = new Auth0.AttackProtection("captcha_recaptcha_v2", new()
{
Captcha = new Auth0.Inputs.AttackProtectionCaptchaArgs
{
ActiveProviderId = "recaptcha_v2",
RecaptchaV2 = new Auth0.Inputs.AttackProtectionCaptchaRecaptchaV2Args
{
SiteKey = recaptchaV2SiteKey,
Secret = recaptchaV2Secret,
},
},
});
// Google reCAPTCHA Enterprise site key
var recaptchaEnterpriseSiteKey = config.Require("recaptchaEnterpriseSiteKey");
// Google reCAPTCHA Enterprise API key
var recaptchaEnterpriseApiKey = config.Require("recaptchaEnterpriseApiKey");
// Google reCAPTCHA Enterprise project ID
var recaptchaEnterpriseProjectId = config.Require("recaptchaEnterpriseProjectId");
// Example 2: reCAPTCHA Enterprise
var captchaRecaptchaEnterprise = new Auth0.AttackProtection("captcha_recaptcha_enterprise", new()
{
Captcha = new Auth0.Inputs.AttackProtectionCaptchaArgs
{
ActiveProviderId = "recaptcha_enterprise",
RecaptchaEnterprise = new Auth0.Inputs.AttackProtectionCaptchaRecaptchaEnterpriseArgs
{
SiteKey = recaptchaEnterpriseSiteKey,
ApiKey = recaptchaEnterpriseApiKey,
ProjectId = recaptchaEnterpriseProjectId,
},
},
});
// hCaptcha site key
var hcaptchaSiteKey = config.Require("hcaptchaSiteKey");
// hCaptcha secret key
var hcaptchaSecret = config.Require("hcaptchaSecret");
// Example 3: hCaptcha
var captchaHcaptcha = new Auth0.AttackProtection("captcha_hcaptcha", new()
{
Captcha = new Auth0.Inputs.AttackProtectionCaptchaArgs
{
ActiveProviderId = "hcaptcha",
Hcaptcha = new Auth0.Inputs.AttackProtectionCaptchaHcaptchaArgs
{
SiteKey = hcaptchaSiteKey,
Secret = hcaptchaSecret,
},
},
});
// Friendly Captcha site key
var friendlyCaptchaSiteKey = config.Require("friendlyCaptchaSiteKey");
// Friendly Captcha secret key
var friendlyCaptchaSecret = config.Require("friendlyCaptchaSecret");
// Example 4: Friendly Captcha
var captchaFriendlyCaptcha = new Auth0.AttackProtection("captcha_friendly_captcha", new()
{
Captcha = new Auth0.Inputs.AttackProtectionCaptchaArgs
{
ActiveProviderId = "friendly_captcha",
FriendlyCaptcha = new Auth0.Inputs.AttackProtectionCaptchaFriendlyCaptchaArgs
{
SiteKey = friendlyCaptchaSiteKey,
Secret = friendlyCaptchaSecret,
},
},
});
// Arkose Labs site key
var arkoseSiteKey = config.Require("arkoseSiteKey");
// Arkose Labs secret key
var arkoseSecret = config.Require("arkoseSecret");
// Example 5: Arkose Labs
var captchaArkose = new Auth0.AttackProtection("captcha_arkose", new()
{
Captcha = new Auth0.Inputs.AttackProtectionCaptchaArgs
{
ActiveProviderId = "arkose",
Arkose = new Auth0.Inputs.AttackProtectionCaptchaArkoseArgs
{
SiteKey = arkoseSiteKey,
Secret = arkoseSecret,
ClientSubdomain = "client.example.com",
VerifySubdomain = "verify.example.com",
FailOpen = false,
},
},
});
// ============================================================================
// VARIABLES FOR SENSITIVE DATA
// ============================================================================
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.AttackProtection;
import com.pulumi.auth0.AttackProtectionArgs;
import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingArgs;
import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs;
import com.pulumi.auth0.inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs;
import com.pulumi.auth0.inputs.AttackProtectionBruteForceProtectionArgs;
import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionArgs;
import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs;
import com.pulumi.auth0.inputs.AttackProtectionBreachedPasswordDetectionPreChangePasswordArgs;
import com.pulumi.auth0.inputs.AttackProtectionBotDetectionArgs;
import com.pulumi.auth0.inputs.AttackProtectionCaptchaArgs;
import com.pulumi.auth0.inputs.AttackProtectionCaptchaRecaptchaV2Args;
import com.pulumi.auth0.inputs.AttackProtectionCaptchaRecaptchaEnterpriseArgs;
import com.pulumi.auth0.inputs.AttackProtectionCaptchaHcaptchaArgs;
import com.pulumi.auth0.inputs.AttackProtectionCaptchaFriendlyCaptchaArgs;
import com.pulumi.auth0.inputs.AttackProtectionCaptchaArkoseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
var myProtection = new AttackProtection("myProtection", AttackProtectionArgs.builder()
.suspiciousIpThrottling(AttackProtectionSuspiciousIpThrottlingArgs.builder()
.enabled(true)
.shields(
"admin_notification",
"block")
.allowlists("192.168.1.1")
.preLogin(AttackProtectionSuspiciousIpThrottlingPreLoginArgs.builder()
.maxAttempts(100)
.rate(864000)
.build())
.preUserRegistration(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.builder()
.maxAttempts(50)
.rate(1200)
.build())
.build())
.bruteForceProtection(AttackProtectionBruteForceProtectionArgs.builder()
.allowlists("127.0.0.1")
.enabled(true)
.maxAttempts(5)
.mode("count_per_identifier_and_ip")
.shields(
"block",
"user_notification")
.build())
.breachedPasswordDetection(AttackProtectionBreachedPasswordDetectionArgs.builder()
.adminNotificationFrequencies("daily")
.enabled(true)
.method("standard")
.shields(
"admin_notification",
"block")
.preUserRegistration(AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs.builder()
.shields(
"admin_notification",
"block")
.build())
.preChangePassword(AttackProtectionBreachedPasswordDetectionPreChangePasswordArgs.builder()
.shields(
"admin_notification",
"block")
.build())
.build())
.botDetection(AttackProtectionBotDetectionArgs.builder()
.botDetectionLevel("medium")
.challengePasswordPolicy("when_risky")
.challengePasswordlessPolicy("when_risky")
.challengePasswordResetPolicy("always")
.allowlists(
"192.168.1.0",
"10.0.0.0")
.monitoringModeEnabled(true)
.build())
.build());
// ============================================================================
// CAPTCHA PROVIDER EXAMPLES - One per Provider
// ============================================================================
final var recaptchaV2SiteKey = config.get("recaptchaV2SiteKey");
final var recaptchaV2Secret = config.get("recaptchaV2Secret");
// Example 1: reCAPTCHA v2
var captchaRecaptchaV2 = new AttackProtection("captchaRecaptchaV2", AttackProtectionArgs.builder()
.captcha(AttackProtectionCaptchaArgs.builder()
.activeProviderId("recaptcha_v2")
.recaptchaV2(AttackProtectionCaptchaRecaptchaV2Args.builder()
.siteKey(recaptchaV2SiteKey)
.secret(recaptchaV2Secret)
.build())
.build())
.build());
final var recaptchaEnterpriseSiteKey = config.get("recaptchaEnterpriseSiteKey");
final var recaptchaEnterpriseApiKey = config.get("recaptchaEnterpriseApiKey");
final var recaptchaEnterpriseProjectId = config.get("recaptchaEnterpriseProjectId");
// Example 2: reCAPTCHA Enterprise
var captchaRecaptchaEnterprise = new AttackProtection("captchaRecaptchaEnterprise", AttackProtectionArgs.builder()
.captcha(AttackProtectionCaptchaArgs.builder()
.activeProviderId("recaptcha_enterprise")
.recaptchaEnterprise(AttackProtectionCaptchaRecaptchaEnterpriseArgs.builder()
.siteKey(recaptchaEnterpriseSiteKey)
.apiKey(recaptchaEnterpriseApiKey)
.projectId(recaptchaEnterpriseProjectId)
.build())
.build())
.build());
final var hcaptchaSiteKey = config.get("hcaptchaSiteKey");
final var hcaptchaSecret = config.get("hcaptchaSecret");
// Example 3: hCaptcha
var captchaHcaptcha = new AttackProtection("captchaHcaptcha", AttackProtectionArgs.builder()
.captcha(AttackProtectionCaptchaArgs.builder()
.activeProviderId("hcaptcha")
.hcaptcha(AttackProtectionCaptchaHcaptchaArgs.builder()
.siteKey(hcaptchaSiteKey)
.secret(hcaptchaSecret)
.build())
.build())
.build());
final var friendlyCaptchaSiteKey = config.get("friendlyCaptchaSiteKey");
final var friendlyCaptchaSecret = config.get("friendlyCaptchaSecret");
// Example 4: Friendly Captcha
var captchaFriendlyCaptcha = new AttackProtection("captchaFriendlyCaptcha", AttackProtectionArgs.builder()
.captcha(AttackProtectionCaptchaArgs.builder()
.activeProviderId("friendly_captcha")
.friendlyCaptcha(AttackProtectionCaptchaFriendlyCaptchaArgs.builder()
.siteKey(friendlyCaptchaSiteKey)
.secret(friendlyCaptchaSecret)
.build())
.build())
.build());
final var arkoseSiteKey = config.get("arkoseSiteKey");
final var arkoseSecret = config.get("arkoseSecret");
// Example 5: Arkose Labs
var captchaArkose = new AttackProtection("captchaArkose", AttackProtectionArgs.builder()
.captcha(AttackProtectionCaptchaArgs.builder()
.activeProviderId("arkose")
.arkose(AttackProtectionCaptchaArkoseArgs.builder()
.siteKey(arkoseSiteKey)
.secret(arkoseSecret)
.clientSubdomain("client.example.com")
.verifySubdomain("verify.example.com")
.failOpen(false)
.build())
.build())
.build());
// ============================================================================
// VARIABLES FOR SENSITIVE DATA
// ============================================================================
}
}
configuration:
# reCAPTCHA v2
recaptchaV2SiteKey:
type: string
recaptchaV2Secret:
type: string
# reCAPTCHA Enterprise
recaptchaEnterpriseSiteKey:
type: string
recaptchaEnterpriseApiKey:
type: string
recaptchaEnterpriseProjectId:
type: string
# hCaptcha
hcaptchaSiteKey:
type: string
hcaptchaSecret:
type: string
# Friendly Captcha
friendlyCaptchaSiteKey:
type: string
friendlyCaptchaSecret:
type: string
# Arkose Labs
arkoseSiteKey:
type: string
arkoseSecret:
type: string
resources:
myProtection: # ============================================================================
# CAPTCHA PROVIDER EXAMPLES - One per Provider
# ============================================================================
type: auth0:AttackProtection
name: my_protection
properties:
suspiciousIpThrottling:
enabled: true
shields:
- admin_notification
- block
allowlists:
- 192.168.1.1
preLogin:
maxAttempts: 100
rate: 864000
preUserRegistration:
maxAttempts: 50
rate: 1200
bruteForceProtection:
allowlists:
- 127.0.0.1
enabled: true
maxAttempts: 5
mode: count_per_identifier_and_ip
shields:
- block
- user_notification
breachedPasswordDetection:
adminNotificationFrequencies:
- daily
enabled: true
method: standard
shields:
- admin_notification
- block
preUserRegistration:
shields:
- admin_notification
- block
preChangePassword:
shields:
- admin_notification
- block
botDetection:
botDetectionLevel: medium
challengePasswordPolicy: when_risky
challengePasswordlessPolicy: when_risky
challengePasswordResetPolicy: always
allowlists:
- 192.168.1.0
- 10.0.0.0
monitoringModeEnabled: true
# Example 1: reCAPTCHA v2
captchaRecaptchaV2:
type: auth0:AttackProtection
name: captcha_recaptcha_v2
properties:
captcha:
activeProviderId: recaptcha_v2
recaptchaV2:
siteKey: ${recaptchaV2SiteKey}
secret: ${recaptchaV2Secret}
# Example 2: reCAPTCHA Enterprise
captchaRecaptchaEnterprise:
type: auth0:AttackProtection
name: captcha_recaptcha_enterprise
properties:
captcha:
activeProviderId: recaptcha_enterprise
recaptchaEnterprise:
siteKey: ${recaptchaEnterpriseSiteKey}
apiKey: ${recaptchaEnterpriseApiKey}
projectId: ${recaptchaEnterpriseProjectId}
# Example 3: hCaptcha
captchaHcaptcha:
type: auth0:AttackProtection
name: captcha_hcaptcha
properties:
captcha:
activeProviderId: hcaptcha
hcaptcha:
siteKey: ${hcaptchaSiteKey}
secret: ${hcaptchaSecret}
# Example 4: Friendly Captcha
captchaFriendlyCaptcha:
type: auth0:AttackProtection
name: captcha_friendly_captcha
properties:
captcha:
activeProviderId: friendly_captcha
friendlyCaptcha:
siteKey: ${friendlyCaptchaSiteKey}
secret: ${friendlyCaptchaSecret}
# Example 5: Arkose Labs
captchaArkose: # ============================================================================
# VARIABLES FOR SENSITIVE DATA
# ============================================================================
type: auth0:AttackProtection
name: captcha_arkose
properties:
captcha:
activeProviderId: arkose
arkose:
siteKey: ${arkoseSiteKey}
secret: ${arkoseSecret}
clientSubdomain: client.example.com
verifySubdomain: verify.example.com
failOpen: false
Create AttackProtection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AttackProtection(name: string, args?: AttackProtectionArgs, opts?: CustomResourceOptions);@overload
def AttackProtection(resource_name: str,
args: Optional[AttackProtectionArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def AttackProtection(resource_name: str,
opts: Optional[ResourceOptions] = None,
bot_detection: Optional[AttackProtectionBotDetectionArgs] = None,
breached_password_detection: Optional[AttackProtectionBreachedPasswordDetectionArgs] = None,
brute_force_protection: Optional[AttackProtectionBruteForceProtectionArgs] = None,
captcha: Optional[AttackProtectionCaptchaArgs] = None,
suspicious_ip_throttling: Optional[AttackProtectionSuspiciousIpThrottlingArgs] = None)func NewAttackProtection(ctx *Context, name string, args *AttackProtectionArgs, opts ...ResourceOption) (*AttackProtection, error)public AttackProtection(string name, AttackProtectionArgs? args = null, CustomResourceOptions? opts = null)
public AttackProtection(String name, AttackProtectionArgs args)
public AttackProtection(String name, AttackProtectionArgs args, CustomResourceOptions options)
type: auth0:AttackProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AttackProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AttackProtectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AttackProtectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AttackProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AttackProtectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var attackProtectionResource = new Auth0.AttackProtection("attackProtectionResource", new()
{
BotDetection = new Auth0.Inputs.AttackProtectionBotDetectionArgs
{
Allowlists = new[]
{
"string",
},
BotDetectionLevel = "string",
ChallengePasswordPolicy = "string",
ChallengePasswordResetPolicy = "string",
ChallengePasswordlessPolicy = "string",
MonitoringModeEnabled = false,
},
BreachedPasswordDetection = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionArgs
{
Enabled = false,
AdminNotificationFrequencies = new[]
{
"string",
},
Method = "string",
PreChangePassword = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionPreChangePasswordArgs
{
Shields = new[]
{
"string",
},
},
PreUserRegistration = new Auth0.Inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs
{
Shields = new[]
{
"string",
},
},
Shields = new[]
{
"string",
},
},
BruteForceProtection = new Auth0.Inputs.AttackProtectionBruteForceProtectionArgs
{
Enabled = false,
Allowlists = new[]
{
"string",
},
MaxAttempts = 0,
Mode = "string",
Shields = new[]
{
"string",
},
},
Captcha = new Auth0.Inputs.AttackProtectionCaptchaArgs
{
ActiveProviderId = "string",
Arkose = new Auth0.Inputs.AttackProtectionCaptchaArkoseArgs
{
Secret = "string",
SiteKey = "string",
ClientSubdomain = "string",
FailOpen = false,
VerifySubdomain = "string",
},
AuthChallenge = new Auth0.Inputs.AttackProtectionCaptchaAuthChallengeArgs
{
FailOpen = false,
},
FriendlyCaptcha = new Auth0.Inputs.AttackProtectionCaptchaFriendlyCaptchaArgs
{
Secret = "string",
SiteKey = "string",
},
Hcaptcha = new Auth0.Inputs.AttackProtectionCaptchaHcaptchaArgs
{
Secret = "string",
SiteKey = "string",
},
RecaptchaEnterprise = new Auth0.Inputs.AttackProtectionCaptchaRecaptchaEnterpriseArgs
{
ApiKey = "string",
ProjectId = "string",
SiteKey = "string",
},
RecaptchaV2 = new Auth0.Inputs.AttackProtectionCaptchaRecaptchaV2Args
{
Secret = "string",
SiteKey = "string",
},
},
SuspiciousIpThrottling = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingArgs
{
Enabled = false,
Allowlists = new[]
{
"string",
},
PreLogin = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreLoginArgs
{
MaxAttempts = 0,
Rate = 0,
},
PreUserRegistration = new Auth0.Inputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs
{
MaxAttempts = 0,
Rate = 0,
},
Shields = new[]
{
"string",
},
},
});
example, err := auth0.NewAttackProtection(ctx, "attackProtectionResource", &auth0.AttackProtectionArgs{
BotDetection: &auth0.AttackProtectionBotDetectionArgs{
Allowlists: pulumi.StringArray{
pulumi.String("string"),
},
BotDetectionLevel: pulumi.String("string"),
ChallengePasswordPolicy: pulumi.String("string"),
ChallengePasswordResetPolicy: pulumi.String("string"),
ChallengePasswordlessPolicy: pulumi.String("string"),
MonitoringModeEnabled: pulumi.Bool(false),
},
BreachedPasswordDetection: &auth0.AttackProtectionBreachedPasswordDetectionArgs{
Enabled: pulumi.Bool(false),
AdminNotificationFrequencies: pulumi.StringArray{
pulumi.String("string"),
},
Method: pulumi.String("string"),
PreChangePassword: &auth0.AttackProtectionBreachedPasswordDetectionPreChangePasswordArgs{
Shields: pulumi.StringArray{
pulumi.String("string"),
},
},
PreUserRegistration: &auth0.AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs{
Shields: pulumi.StringArray{
pulumi.String("string"),
},
},
Shields: pulumi.StringArray{
pulumi.String("string"),
},
},
BruteForceProtection: &auth0.AttackProtectionBruteForceProtectionArgs{
Enabled: pulumi.Bool(false),
Allowlists: pulumi.StringArray{
pulumi.String("string"),
},
MaxAttempts: pulumi.Int(0),
Mode: pulumi.String("string"),
Shields: pulumi.StringArray{
pulumi.String("string"),
},
},
Captcha: &auth0.AttackProtectionCaptchaArgs{
ActiveProviderId: pulumi.String("string"),
Arkose: &auth0.AttackProtectionCaptchaArkoseArgs{
Secret: pulumi.String("string"),
SiteKey: pulumi.String("string"),
ClientSubdomain: pulumi.String("string"),
FailOpen: pulumi.Bool(false),
VerifySubdomain: pulumi.String("string"),
},
AuthChallenge: &auth0.AttackProtectionCaptchaAuthChallengeArgs{
FailOpen: pulumi.Bool(false),
},
FriendlyCaptcha: &auth0.AttackProtectionCaptchaFriendlyCaptchaArgs{
Secret: pulumi.String("string"),
SiteKey: pulumi.String("string"),
},
Hcaptcha: &auth0.AttackProtectionCaptchaHcaptchaArgs{
Secret: pulumi.String("string"),
SiteKey: pulumi.String("string"),
},
RecaptchaEnterprise: &auth0.AttackProtectionCaptchaRecaptchaEnterpriseArgs{
ApiKey: pulumi.String("string"),
ProjectId: pulumi.String("string"),
SiteKey: pulumi.String("string"),
},
RecaptchaV2: &auth0.AttackProtectionCaptchaRecaptchaV2Args{
Secret: pulumi.String("string"),
SiteKey: pulumi.String("string"),
},
},
SuspiciousIpThrottling: &auth0.AttackProtectionSuspiciousIpThrottlingArgs{
Enabled: pulumi.Bool(false),
Allowlists: pulumi.StringArray{
pulumi.String("string"),
},
PreLogin: &auth0.AttackProtectionSuspiciousIpThrottlingPreLoginArgs{
MaxAttempts: pulumi.Int(0),
Rate: pulumi.Int(0),
},
PreUserRegistration: &auth0.AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs{
MaxAttempts: pulumi.Int(0),
Rate: pulumi.Int(0),
},
Shields: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var attackProtectionResource = new AttackProtection("attackProtectionResource", AttackProtectionArgs.builder()
.botDetection(AttackProtectionBotDetectionArgs.builder()
.allowlists("string")
.botDetectionLevel("string")
.challengePasswordPolicy("string")
.challengePasswordResetPolicy("string")
.challengePasswordlessPolicy("string")
.monitoringModeEnabled(false)
.build())
.breachedPasswordDetection(AttackProtectionBreachedPasswordDetectionArgs.builder()
.enabled(false)
.adminNotificationFrequencies("string")
.method("string")
.preChangePassword(AttackProtectionBreachedPasswordDetectionPreChangePasswordArgs.builder()
.shields("string")
.build())
.preUserRegistration(AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs.builder()
.shields("string")
.build())
.shields("string")
.build())
.bruteForceProtection(AttackProtectionBruteForceProtectionArgs.builder()
.enabled(false)
.allowlists("string")
.maxAttempts(0)
.mode("string")
.shields("string")
.build())
.captcha(AttackProtectionCaptchaArgs.builder()
.activeProviderId("string")
.arkose(AttackProtectionCaptchaArkoseArgs.builder()
.secret("string")
.siteKey("string")
.clientSubdomain("string")
.failOpen(false)
.verifySubdomain("string")
.build())
.authChallenge(AttackProtectionCaptchaAuthChallengeArgs.builder()
.failOpen(false)
.build())
.friendlyCaptcha(AttackProtectionCaptchaFriendlyCaptchaArgs.builder()
.secret("string")
.siteKey("string")
.build())
.hcaptcha(AttackProtectionCaptchaHcaptchaArgs.builder()
.secret("string")
.siteKey("string")
.build())
.recaptchaEnterprise(AttackProtectionCaptchaRecaptchaEnterpriseArgs.builder()
.apiKey("string")
.projectId("string")
.siteKey("string")
.build())
.recaptchaV2(AttackProtectionCaptchaRecaptchaV2Args.builder()
.secret("string")
.siteKey("string")
.build())
.build())
.suspiciousIpThrottling(AttackProtectionSuspiciousIpThrottlingArgs.builder()
.enabled(false)
.allowlists("string")
.preLogin(AttackProtectionSuspiciousIpThrottlingPreLoginArgs.builder()
.maxAttempts(0)
.rate(0)
.build())
.preUserRegistration(AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs.builder()
.maxAttempts(0)
.rate(0)
.build())
.shields("string")
.build())
.build());
attack_protection_resource = auth0.AttackProtection("attackProtectionResource",
bot_detection={
"allowlists": ["string"],
"bot_detection_level": "string",
"challenge_password_policy": "string",
"challenge_password_reset_policy": "string",
"challenge_passwordless_policy": "string",
"monitoring_mode_enabled": False,
},
breached_password_detection={
"enabled": False,
"admin_notification_frequencies": ["string"],
"method": "string",
"pre_change_password": {
"shields": ["string"],
},
"pre_user_registration": {
"shields": ["string"],
},
"shields": ["string"],
},
brute_force_protection={
"enabled": False,
"allowlists": ["string"],
"max_attempts": 0,
"mode": "string",
"shields": ["string"],
},
captcha={
"active_provider_id": "string",
"arkose": {
"secret": "string",
"site_key": "string",
"client_subdomain": "string",
"fail_open": False,
"verify_subdomain": "string",
},
"auth_challenge": {
"fail_open": False,
},
"friendly_captcha": {
"secret": "string",
"site_key": "string",
},
"hcaptcha": {
"secret": "string",
"site_key": "string",
},
"recaptcha_enterprise": {
"api_key": "string",
"project_id": "string",
"site_key": "string",
},
"recaptcha_v2": {
"secret": "string",
"site_key": "string",
},
},
suspicious_ip_throttling={
"enabled": False,
"allowlists": ["string"],
"pre_login": {
"max_attempts": 0,
"rate": 0,
},
"pre_user_registration": {
"max_attempts": 0,
"rate": 0,
},
"shields": ["string"],
})
const attackProtectionResource = new auth0.AttackProtection("attackProtectionResource", {
botDetection: {
allowlists: ["string"],
botDetectionLevel: "string",
challengePasswordPolicy: "string",
challengePasswordResetPolicy: "string",
challengePasswordlessPolicy: "string",
monitoringModeEnabled: false,
},
breachedPasswordDetection: {
enabled: false,
adminNotificationFrequencies: ["string"],
method: "string",
preChangePassword: {
shields: ["string"],
},
preUserRegistration: {
shields: ["string"],
},
shields: ["string"],
},
bruteForceProtection: {
enabled: false,
allowlists: ["string"],
maxAttempts: 0,
mode: "string",
shields: ["string"],
},
captcha: {
activeProviderId: "string",
arkose: {
secret: "string",
siteKey: "string",
clientSubdomain: "string",
failOpen: false,
verifySubdomain: "string",
},
authChallenge: {
failOpen: false,
},
friendlyCaptcha: {
secret: "string",
siteKey: "string",
},
hcaptcha: {
secret: "string",
siteKey: "string",
},
recaptchaEnterprise: {
apiKey: "string",
projectId: "string",
siteKey: "string",
},
recaptchaV2: {
secret: "string",
siteKey: "string",
},
},
suspiciousIpThrottling: {
enabled: false,
allowlists: ["string"],
preLogin: {
maxAttempts: 0,
rate: 0,
},
preUserRegistration: {
maxAttempts: 0,
rate: 0,
},
shields: ["string"],
},
});
type: auth0:AttackProtection
properties:
botDetection:
allowlists:
- string
botDetectionLevel: string
challengePasswordPolicy: string
challengePasswordResetPolicy: string
challengePasswordlessPolicy: string
monitoringModeEnabled: false
breachedPasswordDetection:
adminNotificationFrequencies:
- string
enabled: false
method: string
preChangePassword:
shields:
- string
preUserRegistration:
shields:
- string
shields:
- string
bruteForceProtection:
allowlists:
- string
enabled: false
maxAttempts: 0
mode: string
shields:
- string
captcha:
activeProviderId: string
arkose:
clientSubdomain: string
failOpen: false
secret: string
siteKey: string
verifySubdomain: string
authChallenge:
failOpen: false
friendlyCaptcha:
secret: string
siteKey: string
hcaptcha:
secret: string
siteKey: string
recaptchaEnterprise:
apiKey: string
projectId: string
siteKey: string
recaptchaV2:
secret: string
siteKey: string
suspiciousIpThrottling:
allowlists:
- string
enabled: false
preLogin:
maxAttempts: 0
rate: 0
preUserRegistration:
maxAttempts: 0
rate: 0
shields:
- string
AttackProtection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AttackProtection resource accepts the following input properties:
- Bot
Detection AttackProtection Bot Detection - Bot detection configuration to identify and prevent automated threats.
- Breached
Password AttackDetection Protection Breached Password Detection - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- Brute
Force AttackProtection Protection Brute Force Protection - Brute-force protection safeguards against a single IP address attacking a single user account.
- Captcha
Attack
Protection Captcha - CAPTCHA configuration for attack protection.
- Suspicious
Ip AttackThrottling Protection Suspicious Ip Throttling - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- Bot
Detection AttackProtection Bot Detection Args - Bot detection configuration to identify and prevent automated threats.
- Breached
Password AttackDetection Protection Breached Password Detection Args - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- Brute
Force AttackProtection Protection Brute Force Protection Args - Brute-force protection safeguards against a single IP address attacking a single user account.
- Captcha
Attack
Protection Captcha Args - CAPTCHA configuration for attack protection.
- Suspicious
Ip AttackThrottling Protection Suspicious Ip Throttling Args - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- bot
Detection AttackProtection Bot Detection - Bot detection configuration to identify and prevent automated threats.
- breached
Password AttackDetection Protection Breached Password Detection - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- brute
Force AttackProtection Protection Brute Force Protection - Brute-force protection safeguards against a single IP address attacking a single user account.
- captcha
Attack
Protection Captcha - CAPTCHA configuration for attack protection.
- suspicious
Ip AttackThrottling Protection Suspicious Ip Throttling - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- bot
Detection AttackProtection Bot Detection - Bot detection configuration to identify and prevent automated threats.
- breached
Password AttackDetection Protection Breached Password Detection - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- brute
Force AttackProtection Protection Brute Force Protection - Brute-force protection safeguards against a single IP address attacking a single user account.
- captcha
Attack
Protection Captcha - CAPTCHA configuration for attack protection.
- suspicious
Ip AttackThrottling Protection Suspicious Ip Throttling - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- bot_
detection AttackProtection Bot Detection Args - Bot detection configuration to identify and prevent automated threats.
- breached_
password_ Attackdetection Protection Breached Password Detection Args - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- brute_
force_ Attackprotection Protection Brute Force Protection Args - Brute-force protection safeguards against a single IP address attacking a single user account.
- captcha
Attack
Protection Captcha Args - CAPTCHA configuration for attack protection.
- suspicious_
ip_ Attackthrottling Protection Suspicious Ip Throttling Args - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- bot
Detection Property Map - Bot detection configuration to identify and prevent automated threats.
- breached
Password Property MapDetection - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- brute
Force Property MapProtection - Brute-force protection safeguards against a single IP address attacking a single user account.
- captcha Property Map
- CAPTCHA configuration for attack protection.
- suspicious
Ip Property MapThrottling - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
Outputs
All input properties are implicitly available as output properties. Additionally, the AttackProtection resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AttackProtection Resource
Get an existing AttackProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AttackProtectionState, opts?: CustomResourceOptions): AttackProtection@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
bot_detection: Optional[AttackProtectionBotDetectionArgs] = None,
breached_password_detection: Optional[AttackProtectionBreachedPasswordDetectionArgs] = None,
brute_force_protection: Optional[AttackProtectionBruteForceProtectionArgs] = None,
captcha: Optional[AttackProtectionCaptchaArgs] = None,
suspicious_ip_throttling: Optional[AttackProtectionSuspiciousIpThrottlingArgs] = None) -> AttackProtectionfunc GetAttackProtection(ctx *Context, name string, id IDInput, state *AttackProtectionState, opts ...ResourceOption) (*AttackProtection, error)public static AttackProtection Get(string name, Input<string> id, AttackProtectionState? state, CustomResourceOptions? opts = null)public static AttackProtection get(String name, Output<String> id, AttackProtectionState state, CustomResourceOptions options)resources: _: type: auth0:AttackProtection get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Bot
Detection AttackProtection Bot Detection - Bot detection configuration to identify and prevent automated threats.
- Breached
Password AttackDetection Protection Breached Password Detection - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- Brute
Force AttackProtection Protection Brute Force Protection - Brute-force protection safeguards against a single IP address attacking a single user account.
- Captcha
Attack
Protection Captcha - CAPTCHA configuration for attack protection.
- Suspicious
Ip AttackThrottling Protection Suspicious Ip Throttling - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- Bot
Detection AttackProtection Bot Detection Args - Bot detection configuration to identify and prevent automated threats.
- Breached
Password AttackDetection Protection Breached Password Detection Args - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- Brute
Force AttackProtection Protection Brute Force Protection Args - Brute-force protection safeguards against a single IP address attacking a single user account.
- Captcha
Attack
Protection Captcha Args - CAPTCHA configuration for attack protection.
- Suspicious
Ip AttackThrottling Protection Suspicious Ip Throttling Args - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- bot
Detection AttackProtection Bot Detection - Bot detection configuration to identify and prevent automated threats.
- breached
Password AttackDetection Protection Breached Password Detection - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- brute
Force AttackProtection Protection Brute Force Protection - Brute-force protection safeguards against a single IP address attacking a single user account.
- captcha
Attack
Protection Captcha - CAPTCHA configuration for attack protection.
- suspicious
Ip AttackThrottling Protection Suspicious Ip Throttling - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- bot
Detection AttackProtection Bot Detection - Bot detection configuration to identify and prevent automated threats.
- breached
Password AttackDetection Protection Breached Password Detection - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- brute
Force AttackProtection Protection Brute Force Protection - Brute-force protection safeguards against a single IP address attacking a single user account.
- captcha
Attack
Protection Captcha - CAPTCHA configuration for attack protection.
- suspicious
Ip AttackThrottling Protection Suspicious Ip Throttling - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- bot_
detection AttackProtection Bot Detection Args - Bot detection configuration to identify and prevent automated threats.
- breached_
password_ Attackdetection Protection Breached Password Detection Args - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- brute_
force_ Attackprotection Protection Brute Force Protection Args - Brute-force protection safeguards against a single IP address attacking a single user account.
- captcha
Attack
Protection Captcha Args - CAPTCHA configuration for attack protection.
- suspicious_
ip_ Attackthrottling Protection Suspicious Ip Throttling Args - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
- bot
Detection Property Map - Bot detection configuration to identify and prevent automated threats.
- breached
Password Property MapDetection - Breached password detection protects your applications from bad actors logging in with stolen credentials.
- brute
Force Property MapProtection - Brute-force protection safeguards against a single IP address attacking a single user account.
- captcha Property Map
- CAPTCHA configuration for attack protection.
- suspicious
Ip Property MapThrottling - Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.
Supporting Types
AttackProtectionBotDetection, AttackProtectionBotDetectionArgs
- Allowlists List<string>
- List of IP addresses or ranges that will not trigger bot detection.
- Bot
Detection stringLevel - Bot detection level. Possible values:
low,medium,high. Set to empty string to disable. - Challenge
Password stringPolicy - Challenge policy for password flow. Possible values:
never,when_risky,always. - Challenge
Password stringReset Policy - Challenge policy for password reset flow. Possible values:
never,when_risky,always. - Challenge
Passwordless stringPolicy - Challenge policy for passwordless flow. Possible values:
never,when_risky,always. - Monitoring
Mode boolEnabled - Whether monitoring mode is enabled for bot detection.
- Allowlists []string
- List of IP addresses or ranges that will not trigger bot detection.
- Bot
Detection stringLevel - Bot detection level. Possible values:
low,medium,high. Set to empty string to disable. - Challenge
Password stringPolicy - Challenge policy for password flow. Possible values:
never,when_risky,always. - Challenge
Password stringReset Policy - Challenge policy for password reset flow. Possible values:
never,when_risky,always. - Challenge
Passwordless stringPolicy - Challenge policy for passwordless flow. Possible values:
never,when_risky,always. - Monitoring
Mode boolEnabled - Whether monitoring mode is enabled for bot detection.
- allowlists List<String>
- List of IP addresses or ranges that will not trigger bot detection.
- bot
Detection StringLevel - Bot detection level. Possible values:
low,medium,high. Set to empty string to disable. - challenge
Password StringPolicy - Challenge policy for password flow. Possible values:
never,when_risky,always. - challenge
Password StringReset Policy - Challenge policy for password reset flow. Possible values:
never,when_risky,always. - challenge
Passwordless StringPolicy - Challenge policy for passwordless flow. Possible values:
never,when_risky,always. - monitoring
Mode BooleanEnabled - Whether monitoring mode is enabled for bot detection.
- allowlists string[]
- List of IP addresses or ranges that will not trigger bot detection.
- bot
Detection stringLevel - Bot detection level. Possible values:
low,medium,high. Set to empty string to disable. - challenge
Password stringPolicy - Challenge policy for password flow. Possible values:
never,when_risky,always. - challenge
Password stringReset Policy - Challenge policy for password reset flow. Possible values:
never,when_risky,always. - challenge
Passwordless stringPolicy - Challenge policy for passwordless flow. Possible values:
never,when_risky,always. - monitoring
Mode booleanEnabled - Whether monitoring mode is enabled for bot detection.
- allowlists Sequence[str]
- List of IP addresses or ranges that will not trigger bot detection.
- bot_
detection_ strlevel - Bot detection level. Possible values:
low,medium,high. Set to empty string to disable. - challenge_
password_ strpolicy - Challenge policy for password flow. Possible values:
never,when_risky,always. - challenge_
password_ strreset_ policy - Challenge policy for password reset flow. Possible values:
never,when_risky,always. - challenge_
passwordless_ strpolicy - Challenge policy for passwordless flow. Possible values:
never,when_risky,always. - monitoring_
mode_ boolenabled - Whether monitoring mode is enabled for bot detection.
- allowlists List<String>
- List of IP addresses or ranges that will not trigger bot detection.
- bot
Detection StringLevel - Bot detection level. Possible values:
low,medium,high. Set to empty string to disable. - challenge
Password StringPolicy - Challenge policy for password flow. Possible values:
never,when_risky,always. - challenge
Password StringReset Policy - Challenge policy for password reset flow. Possible values:
never,when_risky,always. - challenge
Passwordless StringPolicy - Challenge policy for passwordless flow. Possible values:
never,when_risky,always. - monitoring
Mode BooleanEnabled - Whether monitoring mode is enabled for bot detection.
AttackProtectionBreachedPasswordDetection, AttackProtectionBreachedPasswordDetectionArgs
- Enabled bool
- Whether breached password detection is active.
- Admin
Notification List<string>Frequencies - When
admin_notificationis enabled within theshieldsproperty, determines how often email notifications are sent. Possible values:immediately,daily,weekly,monthly. - Method string
- The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values:
standard,enhanced. - Pre
Change AttackPassword Protection Breached Password Detection Pre Change Password - Configuration options that apply before every password change attempt.
- Pre
User AttackRegistration Protection Breached Password Detection Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- Shields List<string>
- Action to take when a breached password is detected. Options include:
block(block compromised user accounts),user_notification(send an email to user when we detect that they are using compromised credentials) andadmin_notification(send an email with a summary of the number of accounts logging in with compromised credentials).
- Enabled bool
- Whether breached password detection is active.
- Admin
Notification []stringFrequencies - When
admin_notificationis enabled within theshieldsproperty, determines how often email notifications are sent. Possible values:immediately,daily,weekly,monthly. - Method string
- The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values:
standard,enhanced. - Pre
Change AttackPassword Protection Breached Password Detection Pre Change Password - Configuration options that apply before every password change attempt.
- Pre
User AttackRegistration Protection Breached Password Detection Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- Shields []string
- Action to take when a breached password is detected. Options include:
block(block compromised user accounts),user_notification(send an email to user when we detect that they are using compromised credentials) andadmin_notification(send an email with a summary of the number of accounts logging in with compromised credentials).
- enabled Boolean
- Whether breached password detection is active.
- admin
Notification List<String>Frequencies - When
admin_notificationis enabled within theshieldsproperty, determines how often email notifications are sent. Possible values:immediately,daily,weekly,monthly. - method String
- The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values:
standard,enhanced. - pre
Change AttackPassword Protection Breached Password Detection Pre Change Password - Configuration options that apply before every password change attempt.
- pre
User AttackRegistration Protection Breached Password Detection Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- shields List<String>
- Action to take when a breached password is detected. Options include:
block(block compromised user accounts),user_notification(send an email to user when we detect that they are using compromised credentials) andadmin_notification(send an email with a summary of the number of accounts logging in with compromised credentials).
- enabled boolean
- Whether breached password detection is active.
- admin
Notification string[]Frequencies - When
admin_notificationis enabled within theshieldsproperty, determines how often email notifications are sent. Possible values:immediately,daily,weekly,monthly. - method string
- The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values:
standard,enhanced. - pre
Change AttackPassword Protection Breached Password Detection Pre Change Password - Configuration options that apply before every password change attempt.
- pre
User AttackRegistration Protection Breached Password Detection Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- shields string[]
- Action to take when a breached password is detected. Options include:
block(block compromised user accounts),user_notification(send an email to user when we detect that they are using compromised credentials) andadmin_notification(send an email with a summary of the number of accounts logging in with compromised credentials).
- enabled bool
- Whether breached password detection is active.
- admin_
notification_ Sequence[str]frequencies - When
admin_notificationis enabled within theshieldsproperty, determines how often email notifications are sent. Possible values:immediately,daily,weekly,monthly. - method str
- The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values:
standard,enhanced. - pre_
change_ Attackpassword Protection Breached Password Detection Pre Change Password - Configuration options that apply before every password change attempt.
- pre_
user_ Attackregistration Protection Breached Password Detection Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- shields Sequence[str]
- Action to take when a breached password is detected. Options include:
block(block compromised user accounts),user_notification(send an email to user when we detect that they are using compromised credentials) andadmin_notification(send an email with a summary of the number of accounts logging in with compromised credentials).
- enabled Boolean
- Whether breached password detection is active.
- admin
Notification List<String>Frequencies - When
admin_notificationis enabled within theshieldsproperty, determines how often email notifications are sent. Possible values:immediately,daily,weekly,monthly. - method String
- The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values:
standard,enhanced. - pre
Change Property MapPassword - Configuration options that apply before every password change attempt.
- pre
User Property MapRegistration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- shields List<String>
- Action to take when a breached password is detected. Options include:
block(block compromised user accounts),user_notification(send an email to user when we detect that they are using compromised credentials) andadmin_notification(send an email with a summary of the number of accounts logging in with compromised credentials).
AttackProtectionBreachedPasswordDetectionPreChangePassword, AttackProtectionBreachedPasswordDetectionPreChangePasswordArgs
- Shields List<string>
- Action to take when a breached password is detected before the password is changed. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- Shields []string
- Action to take when a breached password is detected before the password is changed. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- shields List<String>
- Action to take when a breached password is detected before the password is changed. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- shields string[]
- Action to take when a breached password is detected before the password is changed. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- shields Sequence[str]
- Action to take when a breached password is detected before the password is changed. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- shields List<String>
- Action to take when a breached password is detected before the password is changed. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
AttackProtectionBreachedPasswordDetectionPreUserRegistration, AttackProtectionBreachedPasswordDetectionPreUserRegistrationArgs
- Shields List<string>
- Action to take when a breached password is detected during a signup. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- Shields []string
- Action to take when a breached password is detected during a signup. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- shields List<String>
- Action to take when a breached password is detected during a signup. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- shields string[]
- Action to take when a breached password is detected during a signup. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- shields Sequence[str]
- Action to take when a breached password is detected during a signup. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
- shields List<String>
- Action to take when a breached password is detected during a signup. Possible values:
block(block compromised credentials for new accounts),admin_notification(send an email notification with a summary of compromised credentials in new accounts).
AttackProtectionBruteForceProtection, AttackProtectionBruteForceProtectionArgs
- Enabled bool
- Whether brute force attack protections are active.
- Allowlists List<string>
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- Max
Attempts int - Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
- Mode string
- Determines whether the IP address is used when counting failed attempts. Possible values:
count_per_identifier_and_ip(lockout an account from a given IP Address) orcount_per_identifier(lockout an account regardless of IP Address). - Shields List<string>
- Action to take when a brute force protection threshold is violated. Possible values:
block(block login attempts for a flagged user account),user_notification(send an email to user when their account has been blocked).
- Enabled bool
- Whether brute force attack protections are active.
- Allowlists []string
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- Max
Attempts int - Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
- Mode string
- Determines whether the IP address is used when counting failed attempts. Possible values:
count_per_identifier_and_ip(lockout an account from a given IP Address) orcount_per_identifier(lockout an account regardless of IP Address). - Shields []string
- Action to take when a brute force protection threshold is violated. Possible values:
block(block login attempts for a flagged user account),user_notification(send an email to user when their account has been blocked).
- enabled Boolean
- Whether brute force attack protections are active.
- allowlists List<String>
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- max
Attempts Integer - Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
- mode String
- Determines whether the IP address is used when counting failed attempts. Possible values:
count_per_identifier_and_ip(lockout an account from a given IP Address) orcount_per_identifier(lockout an account regardless of IP Address). - shields List<String>
- Action to take when a brute force protection threshold is violated. Possible values:
block(block login attempts for a flagged user account),user_notification(send an email to user when their account has been blocked).
- enabled boolean
- Whether brute force attack protections are active.
- allowlists string[]
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- max
Attempts number - Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
- mode string
- Determines whether the IP address is used when counting failed attempts. Possible values:
count_per_identifier_and_ip(lockout an account from a given IP Address) orcount_per_identifier(lockout an account regardless of IP Address). - shields string[]
- Action to take when a brute force protection threshold is violated. Possible values:
block(block login attempts for a flagged user account),user_notification(send an email to user when their account has been blocked).
- enabled bool
- Whether brute force attack protections are active.
- allowlists Sequence[str]
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- max_
attempts int - Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
- mode str
- Determines whether the IP address is used when counting failed attempts. Possible values:
count_per_identifier_and_ip(lockout an account from a given IP Address) orcount_per_identifier(lockout an account regardless of IP Address). - shields Sequence[str]
- Action to take when a brute force protection threshold is violated. Possible values:
block(block login attempts for a flagged user account),user_notification(send an email to user when their account has been blocked).
- enabled Boolean
- Whether brute force attack protections are active.
- allowlists List<String>
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- max
Attempts Number - Maximum number of consecutive failed login attempts from a single user before blocking is triggered. Only available on public tenants.
- mode String
- Determines whether the IP address is used when counting failed attempts. Possible values:
count_per_identifier_and_ip(lockout an account from a given IP Address) orcount_per_identifier(lockout an account regardless of IP Address). - shields List<String>
- Action to take when a brute force protection threshold is violated. Possible values:
block(block login attempts for a flagged user account),user_notification(send an email to user when their account has been blocked).
AttackProtectionCaptcha, AttackProtectionCaptchaArgs
- Active
Provider stringId - Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values:
recaptcha_v2,recaptcha_enterprise,hcaptcha,friendly_captcha,arkose,auth_challenge,simple_captcha. - Arkose
Attack
Protection Captcha Arkose - Configuration for Arkose Labs.
- Auth
Challenge AttackProtection Captcha Auth Challenge - Configuration for Auth0's Auth Challenge.
- Friendly
Captcha AttackProtection Captcha Friendly Captcha - Configuration for Friendly Captcha.
- Hcaptcha
Attack
Protection Captcha Hcaptcha - Configuration for hCaptcha.
- Recaptcha
Enterprise AttackProtection Captcha Recaptcha Enterprise - Configuration for Google reCAPTCHA Enterprise.
- Recaptcha
V2 AttackProtection Captcha Recaptcha V2 - Configuration for Google reCAPTCHA v2.
- Active
Provider stringId - Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values:
recaptcha_v2,recaptcha_enterprise,hcaptcha,friendly_captcha,arkose,auth_challenge,simple_captcha. - Arkose
Attack
Protection Captcha Arkose - Configuration for Arkose Labs.
- Auth
Challenge AttackProtection Captcha Auth Challenge - Configuration for Auth0's Auth Challenge.
- Friendly
Captcha AttackProtection Captcha Friendly Captcha - Configuration for Friendly Captcha.
- Hcaptcha
Attack
Protection Captcha Hcaptcha - Configuration for hCaptcha.
- Recaptcha
Enterprise AttackProtection Captcha Recaptcha Enterprise - Configuration for Google reCAPTCHA Enterprise.
- Recaptcha
V2 AttackProtection Captcha Recaptcha V2 - Configuration for Google reCAPTCHA v2.
- active
Provider StringId - Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values:
recaptcha_v2,recaptcha_enterprise,hcaptcha,friendly_captcha,arkose,auth_challenge,simple_captcha. - arkose
Attack
Protection Captcha Arkose - Configuration for Arkose Labs.
- auth
Challenge AttackProtection Captcha Auth Challenge - Configuration for Auth0's Auth Challenge.
- friendly
Captcha AttackProtection Captcha Friendly Captcha - Configuration for Friendly Captcha.
- hcaptcha
Attack
Protection Captcha Hcaptcha - Configuration for hCaptcha.
- recaptcha
Enterprise AttackProtection Captcha Recaptcha Enterprise - Configuration for Google reCAPTCHA Enterprise.
- recaptcha
V2 AttackProtection Captcha Recaptcha V2 - Configuration for Google reCAPTCHA v2.
- active
Provider stringId - Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values:
recaptcha_v2,recaptcha_enterprise,hcaptcha,friendly_captcha,arkose,auth_challenge,simple_captcha. - arkose
Attack
Protection Captcha Arkose - Configuration for Arkose Labs.
- auth
Challenge AttackProtection Captcha Auth Challenge - Configuration for Auth0's Auth Challenge.
- friendly
Captcha AttackProtection Captcha Friendly Captcha - Configuration for Friendly Captcha.
- hcaptcha
Attack
Protection Captcha Hcaptcha - Configuration for hCaptcha.
- recaptcha
Enterprise AttackProtection Captcha Recaptcha Enterprise - Configuration for Google reCAPTCHA Enterprise.
- recaptcha
V2 AttackProtection Captcha Recaptcha V2 - Configuration for Google reCAPTCHA v2.
- active_
provider_ strid - Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values:
recaptcha_v2,recaptcha_enterprise,hcaptcha,friendly_captcha,arkose,auth_challenge,simple_captcha. - arkose
Attack
Protection Captcha Arkose - Configuration for Arkose Labs.
- auth_
challenge AttackProtection Captcha Auth Challenge - Configuration for Auth0's Auth Challenge.
- friendly_
captcha AttackProtection Captcha Friendly Captcha - Configuration for Friendly Captcha.
- hcaptcha
Attack
Protection Captcha Hcaptcha - Configuration for hCaptcha.
- recaptcha_
enterprise AttackProtection Captcha Recaptcha Enterprise - Configuration for Google reCAPTCHA Enterprise.
- recaptcha_
v2 AttackProtection Captcha Recaptcha V2 - Configuration for Google reCAPTCHA v2.
- active
Provider StringId - Active CAPTCHA provider ID. Set to empty string to disable CAPTCHA. Possible values:
recaptcha_v2,recaptcha_enterprise,hcaptcha,friendly_captcha,arkose,auth_challenge,simple_captcha. - arkose Property Map
- Configuration for Arkose Labs.
- auth
Challenge Property Map - Configuration for Auth0's Auth Challenge.
- friendly
Captcha Property Map - Configuration for Friendly Captcha.
- hcaptcha Property Map
- Configuration for hCaptcha.
- recaptcha
Enterprise Property Map - Configuration for Google reCAPTCHA Enterprise.
- recaptcha
V2 Property Map - Configuration for Google reCAPTCHA v2.
AttackProtectionCaptchaArkose, AttackProtectionCaptchaArkoseArgs
- Secret string
- Secret for Arkose Labs.
- Site
Key string - Site key for Arkose Labs.
- Client
Subdomain string - Client subdomain for Arkose Labs.
- Fail
Open bool - Whether the captcha should fail open.
- Verify
Subdomain string - Verify subdomain for Arkose Labs.
- Secret string
- Secret for Arkose Labs.
- Site
Key string - Site key for Arkose Labs.
- Client
Subdomain string - Client subdomain for Arkose Labs.
- Fail
Open bool - Whether the captcha should fail open.
- Verify
Subdomain string - Verify subdomain for Arkose Labs.
- secret String
- Secret for Arkose Labs.
- site
Key String - Site key for Arkose Labs.
- client
Subdomain String - Client subdomain for Arkose Labs.
- fail
Open Boolean - Whether the captcha should fail open.
- verify
Subdomain String - Verify subdomain for Arkose Labs.
- secret string
- Secret for Arkose Labs.
- site
Key string - Site key for Arkose Labs.
- client
Subdomain string - Client subdomain for Arkose Labs.
- fail
Open boolean - Whether the captcha should fail open.
- verify
Subdomain string - Verify subdomain for Arkose Labs.
- secret str
- Secret for Arkose Labs.
- site_
key str - Site key for Arkose Labs.
- client_
subdomain str - Client subdomain for Arkose Labs.
- fail_
open bool - Whether the captcha should fail open.
- verify_
subdomain str - Verify subdomain for Arkose Labs.
- secret String
- Secret for Arkose Labs.
- site
Key String - Site key for Arkose Labs.
- client
Subdomain String - Client subdomain for Arkose Labs.
- fail
Open Boolean - Whether the captcha should fail open.
- verify
Subdomain String - Verify subdomain for Arkose Labs.
AttackProtectionCaptchaAuthChallenge, AttackProtectionCaptchaAuthChallengeArgs
- Fail
Open bool - Whether the auth challenge should fail open.
- Fail
Open bool - Whether the auth challenge should fail open.
- fail
Open Boolean - Whether the auth challenge should fail open.
- fail
Open boolean - Whether the auth challenge should fail open.
- fail_
open bool - Whether the auth challenge should fail open.
- fail
Open Boolean - Whether the auth challenge should fail open.
AttackProtectionCaptchaFriendlyCaptcha, AttackProtectionCaptchaFriendlyCaptchaArgs
AttackProtectionCaptchaHcaptcha, AttackProtectionCaptchaHcaptchaArgs
AttackProtectionCaptchaRecaptchaEnterprise, AttackProtectionCaptchaRecaptchaEnterpriseArgs
- api_
key str - API key for reCAPTCHA Enterprise.
- project_
id str - Project ID for reCAPTCHA Enterprise.
- site_
key str - Site key for reCAPTCHA Enterprise.
AttackProtectionCaptchaRecaptchaV2, AttackProtectionCaptchaRecaptchaV2Args
AttackProtectionSuspiciousIpThrottling, AttackProtectionSuspiciousIpThrottlingArgs
- Enabled bool
- Whether suspicious IP throttling attack protections are active.
- Allowlists List<string>
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- Pre
Login AttackProtection Suspicious Ip Throttling Pre Login - Configuration options that apply before every login attempt. Only available on public tenants.
- Pre
User AttackRegistration Protection Suspicious Ip Throttling Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- Shields List<string>
- Action to take when a suspicious IP throttling threshold is violated. Possible values:
block(throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts),admin_notification(send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
- Enabled bool
- Whether suspicious IP throttling attack protections are active.
- Allowlists []string
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- Pre
Login AttackProtection Suspicious Ip Throttling Pre Login - Configuration options that apply before every login attempt. Only available on public tenants.
- Pre
User AttackRegistration Protection Suspicious Ip Throttling Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- Shields []string
- Action to take when a suspicious IP throttling threshold is violated. Possible values:
block(throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts),admin_notification(send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
- enabled Boolean
- Whether suspicious IP throttling attack protections are active.
- allowlists List<String>
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- pre
Login AttackProtection Suspicious Ip Throttling Pre Login - Configuration options that apply before every login attempt. Only available on public tenants.
- pre
User AttackRegistration Protection Suspicious Ip Throttling Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- shields List<String>
- Action to take when a suspicious IP throttling threshold is violated. Possible values:
block(throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts),admin_notification(send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
- enabled boolean
- Whether suspicious IP throttling attack protections are active.
- allowlists string[]
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- pre
Login AttackProtection Suspicious Ip Throttling Pre Login - Configuration options that apply before every login attempt. Only available on public tenants.
- pre
User AttackRegistration Protection Suspicious Ip Throttling Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- shields string[]
- Action to take when a suspicious IP throttling threshold is violated. Possible values:
block(throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts),admin_notification(send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
- enabled bool
- Whether suspicious IP throttling attack protections are active.
- allowlists Sequence[str]
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- pre_
login AttackProtection Suspicious Ip Throttling Pre Login - Configuration options that apply before every login attempt. Only available on public tenants.
- pre_
user_ Attackregistration Protection Suspicious Ip Throttling Pre User Registration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- shields Sequence[str]
- Action to take when a suspicious IP throttling threshold is violated. Possible values:
block(throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts),admin_notification(send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
- enabled Boolean
- Whether suspicious IP throttling attack protections are active.
- allowlists List<String>
- List of trusted IP addresses that will not have attack protection enforced against them. This field allows you to specify multiple IP addresses, or ranges. You can use IPv4 or IPv6 addresses and CIDR notation.
- pre
Login Property Map - Configuration options that apply before every login attempt. Only available on public tenants.
- pre
User Property MapRegistration - Configuration options that apply before every user registration attempt. Only available on public tenants.
- shields List<String>
- Action to take when a suspicious IP throttling threshold is violated. Possible values:
block(throttle traffic from an IP address when there is a high number of login attempts targeting too many different accounts),admin_notification(send an email notification when traffic is throttled on one or more IP addresses due to high-velocity traffic).
AttackProtectionSuspiciousIpThrottlingPreLogin, AttackProtectionSuspiciousIpThrottlingPreLoginArgs
- Max
Attempts int - The maximum number of failed login attempts allowed from a single IP address.
- Rate int
- Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
- Max
Attempts int - The maximum number of failed login attempts allowed from a single IP address.
- Rate int
- Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
- max
Attempts Integer - The maximum number of failed login attempts allowed from a single IP address.
- rate Integer
- Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
- max
Attempts number - The maximum number of failed login attempts allowed from a single IP address.
- rate number
- Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
- max_
attempts int - The maximum number of failed login attempts allowed from a single IP address.
- rate int
- Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
- max
Attempts Number - The maximum number of failed login attempts allowed from a single IP address.
- rate Number
- Interval of time, given in milliseconds at which new login tokens will become available after they have been used by an IP address. Each login attempt will be added on the defined throttling rate.
AttackProtectionSuspiciousIpThrottlingPreUserRegistration, AttackProtectionSuspiciousIpThrottlingPreUserRegistrationArgs
- Max
Attempts int - The maximum number of sign up attempts allowed from a single IP address.
- Rate int
- Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
- Max
Attempts int - The maximum number of sign up attempts allowed from a single IP address.
- Rate int
- Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
- max
Attempts Integer - The maximum number of sign up attempts allowed from a single IP address.
- rate Integer
- Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
- max
Attempts number - The maximum number of sign up attempts allowed from a single IP address.
- rate number
- Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
- max_
attempts int - The maximum number of sign up attempts allowed from a single IP address.
- rate int
- Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
- max
Attempts Number - The maximum number of sign up attempts allowed from a single IP address.
- rate Number
- Interval of time, given in milliseconds at which new sign up tokens will become available after they have been used by an IP address. Each sign up attempt will be added on the defined throttling rate.
Import
As this is not a resource identifiable by an ID within the Auth0 Management API,
attack_protection can be imported using a random string.
We recommend Version 4 UUID
Example:
$ pulumi import auth0:index/attackProtection:AttackProtection my_protection "24940d4b-4bd4-44e7-894e-f92e4de36a40"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.
