Skip to content
CrowdStrike Developer Center

prevention_policy_attachment

This resource allows managing the host groups and ioa rule groups attached to a prevention policy. By default (when exclusive is true), this resource takes exclusive ownership over the host groups and ioa rule groups assigned to a prevention policy. When exclusive is false, this resource only manages the specific host groups and ioa rule groups defined in the configuration. If you want to fully create or manage a prevention policy please use the prevention_policy_* resource for the platform you want to manage.

API Scopes

Section titled “API Scopes”

The following API scopes are required:

  • Prevention policies: READ
  • Prevention policies: WRITE

Example Usage

Section titled “Example Usage”
terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}


provider "crowdstrike" {
  cloud = "us-2"
}


resource "crowdstrike_prevention_policy_attachment" "example" {
  id              = "16c0eecfeebb47ce95185fda2e5b3112"
  host_groups     = ["df868c936cd443e5a95b2603e2483602"]
  ioa_rule_groups = ["507117bc669d41bb93d0a009f557bb23"]
  exclusive       = false
}


output "prevention_policy_attachment" {
  value = crowdstrike_prevention_policy_attachment.example
}

Schema

Section titled “Schema”

Required

Section titled “Required”
  • id (String) The prevention policy id you want to attach to.

Optional

Section titled “Optional”
  • exclusive (Boolean) When true (default), this resource takes exclusive ownership of all host groups and ioa rule groups attached to the prevention policy. When false, this resource only manages the specific host groups and ioa rule groups defined in the configuration, leaving other groups untouched.
  • host_groups (Set of String) Host Group IDs to attach to the prevention policy.
  • ioa_rule_groups (Set of String) IOA Rule Group IDs to attach to the prevention policy.

Read-Only

Section titled “Read-Only”
  • last_updated (String) Timestamp of the last Terraform update of the resource.

Import

Section titled “Import”

Import is supported using the following syntax:

Terminal window
# Prevention Policy Attachment can be imported by specifying the id.
terraform import crowdstrike_prevention_policy_attachment.example 7fb858a949034a0cbca175f660f1e769
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use