data_protection_sensitivity_label

A sensitivity label manages an external data protection label in CrowdStrike Falcon. The underlying API supports create, read, and delete operations only, so changing any configurable attribute forces replacement.

API Scopes

The following API scopes are required:

Data Protection: READ
Data Protection: WRITE

Example Usage

terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}

provider "crowdstrike" {
  cloud = "us-2"
}

# Standard sensitivity label (user-defined)
resource "crowdstrike_data_protection_sensitivity_label" "standard" {
  name           = "Confidential"
  label_provider = "microsoft"
}

# Synced sensitivity label (from upstream provider connector)
resource "crowdstrike_data_protection_sensitivity_label" "synced" {
  name                     = "Confidential"
  external_id              = "a1b2c3d4-label-id-from-provider"
  label_provider           = "microsoft"
  plugins_configuration_id = "plugin-config-id"
}

Schema

Required

label_provider (String) Source system that provides the sensitivity label.
name (String) Name of the sensitivity label.

Optional

external_id (String) External identifier for the label in the upstream provider.
plugins_configuration_id (String) Identifier of the plugin configuration for the provider connector.

Read-Only

cid (String) CID that owns the sensitivity label.
co_authoring (Boolean) Whether co-authoring is enabled for the sensitivity label.
created_at (String) Timestamp when the sensitivity label was created.
id (String) Unique identifier of the sensitivity label.
last_updated (String) Timestamp when the sensitivity label was last updated in CrowdStrike.
synced (Boolean) Whether the label is synced from an upstream provider.

Import

Import is supported using the following syntax:

#!/bin/bash
# Import an existing data protection sensitivity label by ID
terraform import crowdstrike_data_protection_sensitivity_label.example <label-id>