https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster

I see you added the protect_config, but there is another one. It is The security_posture_config block. https://cloud.google.com/kubernetes-engine/docs/concepts/about-security-posture-dashboard https://cloud.google.com/kubernetes-engine/docs/concepts/about-configuration-scanning The security_posture_config block supports: mode - (Optional) Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC. vulnerability_mode - (Optional) Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC.