it_automation_policies

This data source provides information about IT Automation policies in CrowdStrike Falcon. Use this to look up policies by platform, name, or other attributes and reference them in other resources.

API Scopes

The following API scopes are required:

IT Automation - Policies: READ

Example Usage

terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}

provider "crowdstrike" {
  cloud = "us-2"
}

# Look up all Windows IT Automation policies
data "crowdstrike_it_automation_policies" "windows" {
  platform_name = "Windows"
}

# Look up enabled Linux policies by name
data "crowdstrike_it_automation_policies" "prod" {
  platform_name = "Linux"
  name          = "prod*"
  enabled       = true
}

# Look up specific policies by ID
data "crowdstrike_it_automation_policies" "specific" {
  ids = ["f64b95555ef54ea682619ce880d267cc"]
}

# Look up all IT Automation policies across every platform, sorted by precedence
data "crowdstrike_it_automation_policies" "all" {
  sort = "precedence|asc"
}

Schema

Optional

enabled (Boolean) Filter policies by enabled status. Applied client-side after fetching results. Cannot be used together with ids.
ids (List of String) List of policy IDs to retrieve. Cannot be used together with other filter attributes.
name (String) Filter policies by name. Supports wildcard matching with *. Matching is case insensitive. Applied client-side after fetching results. Cannot be used together with ids.
platform_name (String) Filter policies by platform. One of: Windows, Linux, Mac. When omitted and ids is not set, queries all platforms. Cannot be used together with ids.
sort (String) Sort expression for the results. Allowed sort fields: precedence, created_timestamp, modified_timestamp. Example: precedence|asc. Sorting is applied per platform by the API; when platform_name is omitted, results are concatenated in Windows, Linux, Mac order and sort only orders within each platform group. Cannot be used together with ids.

Read-Only

policies (Attributes List) The list of IT Automation policies. (see below for nested schema)

Nested Schema for `policies`

Read-Only:

concurrent_host_file_transfer_limit (Number) Maximum number of hosts that can transfer files simultaneously.
concurrent_host_limit (Number) Maximum number of hosts that can run operations simultaneously.
concurrent_task_limit (Number) Maximum number of tasks that can run in parallel.
cpu_scheduling_priority (String) CPU scheduling priority (Mac only).
cpu_throttle (Number) CPU usage limit as a percentage (Windows/Linux only).
created_at (String) Timestamp when the policy was created.
created_by (String) User who created the policy.
description (String) Description of the policy.
enable_os_query (Boolean) Whether OSQuery functionality is enabled.
enable_python_execution (Boolean) Whether Python script execution is enabled.
enable_script_execution (Boolean) Whether script execution is enabled.
enabled (Boolean) Whether the policy is enabled.
execution_timeout (Number) Maximum time a script can run before timing out.
execution_timeout_unit (String) Unit of time for execution timeout.
host_groups (Set of String) Host group IDs associated with this policy.
id (String) Identifier for the policy.
memory_allocation (Number) Amount of memory allocated (Windows/Linux only).
memory_allocation_unit (String) Unit for memory allocation (Windows/Linux only).
memory_pressure_level (String) Memory pressure level (Mac only).
modified_at (String) Timestamp when the policy was last modified.
modified_by (String) User who last modified the policy.
name (String) Name of the policy.
platform_name (String) Platform for the policy (Windows, Linux, or Mac).
precedence (Number) Priority level of the policy.