Docs
PackagesAquasec v0.8.27 published on Monday, Jan 29, 2024 by Pulumiverse
aquasec.FunctionRuntimePolicy
Explore with Pulumi AI
Example Usage
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aquasec.FunctionRuntimePolicy;
import com.pulumi.aquasec.FunctionRuntimePolicyArgs;
import com.pulumi.aquasec.inputs.FunctionRuntimePolicyScopeVariableArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var functionRuntimePolicy = new FunctionRuntimePolicy("functionRuntimePolicy", FunctionRuntimePolicyArgs.builder()
.applicationScopes("Global")
.blockMaliciousExecutables(true)
.blockMaliciousExecutablesAllowedProcesses(
"proc1",
"proc2")
.blockRunningExecutablesInTmpFolder(true)
.blockedExecutables(
"exe1",
"exe2")
.description("function_runtime_policy")
.enabled(true)
.enforce(false)
.scopeVariables(
FunctionRuntimePolicyScopeVariableArgs.builder()
.attribute("kubernetes.cluster")
.value("default")
.build(),
FunctionRuntimePolicyScopeVariableArgs.builder()
.attribute("kubernetes.label")
.name("app")
.value("aqua")
.build())
.build());
}
}
Coming soon!
Coming soon!
resources:
functionRuntimePolicy:
type: aquasec:FunctionRuntimePolicy
properties:
applicationScopes:
- Global
blockMaliciousExecutables: true
blockMaliciousExecutablesAllowedProcesses:
- proc1
- proc2
blockRunningExecutablesInTmpFolder: true
blockedExecutables:
- exe1
- exe2
description: function_runtime_policy
enabled: true
enforce: false
scopeVariables:
- attribute: kubernetes.cluster
value: default
- attribute: kubernetes.label
name: app
value: aqua
Create FunctionRuntimePolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FunctionRuntimePolicy(name: string, args?: FunctionRuntimePolicyArgs, opts?: CustomResourceOptions);@overload
def FunctionRuntimePolicy(resource_name: str,
args: Optional[FunctionRuntimePolicyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def FunctionRuntimePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_executables: Optional[Sequence[FunctionRuntimePolicyAllowedExecutableArgs]] = None,
allowed_registries: Optional[Sequence[FunctionRuntimePolicyAllowedRegistryArgs]] = None,
application_scopes: Optional[Sequence[str]] = None,
audit_brute_force_login: Optional[bool] = None,
auditing: Optional[FunctionRuntimePolicyAuditingArgs] = None,
author: Optional[str] = None,
blacklisted_os_users: Optional[FunctionRuntimePolicyBlacklistedOsUsersArgs] = None,
block_container_exec: Optional[bool] = None,
block_disallowed_images: Optional[bool] = None,
block_fileless_exec: Optional[bool] = None,
block_non_compliant_workloads: Optional[bool] = None,
block_non_k8s_containers: Optional[bool] = None,
bypass_scopes: Optional[Sequence[FunctionRuntimePolicyBypassScopeArgs]] = None,
container_exec: Optional[FunctionRuntimePolicyContainerExecArgs] = None,
created: Optional[str] = None,
cve: Optional[str] = None,
default_security_profile: Optional[str] = None,
description: Optional[str] = None,
digest: Optional[str] = None,
drift_preventions: Optional[Sequence[FunctionRuntimePolicyDriftPreventionArgs]] = None,
enable_crypto_mining_dns: Optional[bool] = None,
enable_fork_guard: Optional[bool] = None,
enable_ip_reputation: Optional[bool] = None,
enable_port_scan_protection: Optional[bool] = None,
enabled: Optional[bool] = None,
enforce: Optional[bool] = None,
enforce_after_days: Optional[int] = None,
enforce_scheduler_added_on: Optional[int] = None,
exclude_application_scopes: Optional[Sequence[str]] = None,
executable_blacklists: Optional[Sequence[FunctionRuntimePolicyExecutableBlacklistArgs]] = None,
failed_kubernetes_checks: Optional[FunctionRuntimePolicyFailedKubernetesChecksArgs] = None,
file_block: Optional[FunctionRuntimePolicyFileBlockArgs] = None,
file_integrity_monitorings: Optional[Sequence[FunctionRuntimePolicyFileIntegrityMonitoringArgs]] = None,
fork_guard_process_limit: Optional[int] = None,
honeypot_access_key: Optional[str] = None,
honeypot_apply_ons: Optional[Sequence[str]] = None,
honeypot_secret_key: Optional[str] = None,
honeypot_serverless_app_name: Optional[str] = None,
image_name: Optional[str] = None,
is_audit_checked: Optional[bool] = None,
is_auto_generated: Optional[bool] = None,
is_ootb_policy: Optional[bool] = None,
lastupdate: Optional[int] = None,
limit_container_privileges: Optional[Sequence[FunctionRuntimePolicyLimitContainerPrivilegeArgs]] = None,
linux_capabilities: Optional[FunctionRuntimePolicyLinuxCapabilitiesArgs] = None,
malware_scan_options: Optional[FunctionRuntimePolicyMalwareScanOptionsArgs] = None,
name: Optional[str] = None,
no_new_privileges: Optional[bool] = None,
only_registered_images: Optional[bool] = None,
package_block: Optional[FunctionRuntimePolicyPackageBlockArgs] = None,
permission: Optional[str] = None,
port_block: Optional[FunctionRuntimePolicyPortBlockArgs] = None,
readonly_files: Optional[FunctionRuntimePolicyReadonlyFilesArgs] = None,
readonly_registry: Optional[FunctionRuntimePolicyReadonlyRegistryArgs] = None,
registry: Optional[str] = None,
registry_access_monitoring: Optional[FunctionRuntimePolicyRegistryAccessMonitoringArgs] = None,
repo_name: Optional[str] = None,
resource_name_: Optional[str] = None,
resource_type: Optional[str] = None,
restricted_volumes: Optional[Sequence[FunctionRuntimePolicyRestrictedVolumeArgs]] = None,
reverse_shell: Optional[FunctionRuntimePolicyReverseShellArgs] = None,
runtime_mode: Optional[int] = None,
runtime_type: Optional[str] = None,
scope_expression: Optional[str] = None,
scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None,
scopes: Optional[Sequence[FunctionRuntimePolicyScopeArgs]] = None,
system_integrity_protection: Optional[FunctionRuntimePolicySystemIntegrityProtectionArgs] = None,
tripwire: Optional[FunctionRuntimePolicyTripwireArgs] = None,
type: Optional[str] = None,
updated: Optional[str] = None,
version: Optional[str] = None,
vpatch_version: Optional[str] = None,
whitelisted_os_users: Optional[FunctionRuntimePolicyWhitelistedOsUsersArgs] = None)func NewFunctionRuntimePolicy(ctx *Context, name string, args *FunctionRuntimePolicyArgs, opts ...ResourceOption) (*FunctionRuntimePolicy, error)public FunctionRuntimePolicy(string name, FunctionRuntimePolicyArgs? args = null, CustomResourceOptions? opts = null)
public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args)
public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args, CustomResourceOptions options)
type: aquasec:FunctionRuntimePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var functionRuntimePolicyResource = new Aquasec.FunctionRuntimePolicy("functionRuntimePolicyResource", new()
{
AllowedExecutables = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyAllowedExecutableArgs
{
AllowExecutables = new[]
{
"string",
},
AllowRootExecutables = new[]
{
"string",
},
Enabled = false,
SeparateExecutables = false,
},
},
AllowedRegistries = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyAllowedRegistryArgs
{
AllowedRegistries = new[]
{
"string",
},
Enabled = false,
},
},
ApplicationScopes = new[]
{
"string",
},
AuditBruteForceLogin = false,
Auditing = new Aquasec.Inputs.FunctionRuntimePolicyAuditingArgs
{
AuditAllNetwork = false,
AuditAllProcesses = false,
AuditFailedLogin = false,
AuditOsUserActivity = false,
AuditProcessCmdline = false,
AuditSuccessLogin = false,
AuditUserAccountManagement = false,
Enabled = false,
},
Author = "string",
BlacklistedOsUsers = new Aquasec.Inputs.FunctionRuntimePolicyBlacklistedOsUsersArgs
{
Enabled = false,
GroupBlackLists = new[]
{
"string",
},
UserBlackLists = new[]
{
"string",
},
},
BlockContainerExec = false,
BlockDisallowedImages = false,
BlockFilelessExec = false,
BlockNonCompliantWorkloads = false,
BlockNonK8sContainers = false,
BypassScopes = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyBypassScopeArgs
{
Enabled = false,
Scopes = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyBypassScopeScopeArgs
{
Expression = "string",
Variables = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyBypassScopeScopeVariableArgs
{
Attribute = "string",
Value = "string",
},
},
},
},
},
},
ContainerExec = new Aquasec.Inputs.FunctionRuntimePolicyContainerExecArgs
{
BlockContainerExec = false,
ContainerExecProcWhiteLists = new[]
{
"string",
},
Enabled = false,
ReverseShellIpWhiteLists = new[]
{
"string",
},
},
Created = "string",
Cve = "string",
DefaultSecurityProfile = "string",
Description = "string",
Digest = "string",
DriftPreventions = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyDriftPreventionArgs
{
Enabled = false,
ExecLockdown = false,
ExecLockdownWhiteLists = new[]
{
"string",
},
ImageLockdown = false,
},
},
EnableCryptoMiningDns = false,
EnableForkGuard = false,
EnableIpReputation = false,
EnablePortScanProtection = false,
Enabled = false,
Enforce = false,
EnforceAfterDays = 0,
EnforceSchedulerAddedOn = 0,
ExcludeApplicationScopes = new[]
{
"string",
},
ExecutableBlacklists = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyExecutableBlacklistArgs
{
Enabled = false,
Executables = new[]
{
"string",
},
},
},
FailedKubernetesChecks = new Aquasec.Inputs.FunctionRuntimePolicyFailedKubernetesChecksArgs
{
Enabled = false,
FailedChecks = new[]
{
"string",
},
},
FileBlock = new Aquasec.Inputs.FunctionRuntimePolicyFileBlockArgs
{
BlockFilesProcesses = new[]
{
"string",
},
BlockFilesUsers = new[]
{
"string",
},
Enabled = false,
ExceptionalBlockFiles = new[]
{
"string",
},
ExceptionalBlockFilesProcesses = new[]
{
"string",
},
ExceptionalBlockFilesUsers = new[]
{
"string",
},
FilenameBlockLists = new[]
{
"string",
},
},
FileIntegrityMonitorings = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyFileIntegrityMonitoringArgs
{
Enabled = false,
ExceptionalMonitoredFiles = new[]
{
"string",
},
ExceptionalMonitoredFilesProcesses = new[]
{
"string",
},
ExceptionalMonitoredFilesUsers = new[]
{
"string",
},
MonitoredFiles = new[]
{
"string",
},
MonitoredFilesAttributes = false,
MonitoredFilesCreate = false,
MonitoredFilesDelete = false,
MonitoredFilesModify = false,
MonitoredFilesProcesses = new[]
{
"string",
},
MonitoredFilesRead = false,
MonitoredFilesUsers = new[]
{
"string",
},
},
},
ForkGuardProcessLimit = 0,
HoneypotAccessKey = "string",
HoneypotApplyOns = new[]
{
"string",
},
HoneypotSecretKey = "string",
HoneypotServerlessAppName = "string",
ImageName = "string",
IsAuditChecked = false,
IsAutoGenerated = false,
IsOotbPolicy = false,
Lastupdate = 0,
LimitContainerPrivileges = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyLimitContainerPrivilegeArgs
{
BlockAddCapabilities = false,
Enabled = false,
Ipcmode = false,
Netmode = false,
Pidmode = false,
PreventLowPortBinding = false,
PreventRootUser = false,
Privileged = false,
UseHostUser = false,
Usermode = false,
Utsmode = false,
},
},
LinuxCapabilities = new Aquasec.Inputs.FunctionRuntimePolicyLinuxCapabilitiesArgs
{
Enabled = false,
RemoveLinuxCapabilities = new[]
{
"string",
},
},
MalwareScanOptions = new Aquasec.Inputs.FunctionRuntimePolicyMalwareScanOptionsArgs
{
Action = "string",
Enabled = false,
ExcludeDirectories = new[]
{
"string",
},
ExcludeProcesses = new[]
{
"string",
},
IncludeDirectories = new[]
{
"string",
},
},
Name = "string",
NoNewPrivileges = false,
OnlyRegisteredImages = false,
PackageBlock = new Aquasec.Inputs.FunctionRuntimePolicyPackageBlockArgs
{
BlockPackagesProcesses = new[]
{
"string",
},
BlockPackagesUsers = new[]
{
"string",
},
Enabled = false,
ExceptionalBlockPackagesFiles = new[]
{
"string",
},
ExceptionalBlockPackagesProcesses = new[]
{
"string",
},
ExceptionalBlockPackagesUsers = new[]
{
"string",
},
PackagesBlackLists = new[]
{
"string",
},
},
Permission = "string",
PortBlock = new Aquasec.Inputs.FunctionRuntimePolicyPortBlockArgs
{
BlockInboundPorts = new[]
{
"string",
},
BlockOutboundPorts = new[]
{
"string",
},
Enabled = false,
},
ReadonlyFiles = new Aquasec.Inputs.FunctionRuntimePolicyReadonlyFilesArgs
{
Enabled = false,
ExceptionalReadonlyFiles = new[]
{
"string",
},
ExceptionalReadonlyFilesProcesses = new[]
{
"string",
},
ExceptionalReadonlyFilesUsers = new[]
{
"string",
},
ReadonlyFiles = new[]
{
"string",
},
ReadonlyFilesProcesses = new[]
{
"string",
},
ReadonlyFilesUsers = new[]
{
"string",
},
},
ReadonlyRegistry = new Aquasec.Inputs.FunctionRuntimePolicyReadonlyRegistryArgs
{
Enabled = false,
ExceptionalReadonlyRegistryPaths = new[]
{
"string",
},
ExceptionalReadonlyRegistryProcesses = new[]
{
"string",
},
ExceptionalReadonlyRegistryUsers = new[]
{
"string",
},
ReadonlyRegistryPaths = new[]
{
"string",
},
ReadonlyRegistryProcesses = new[]
{
"string",
},
ReadonlyRegistryUsers = new[]
{
"string",
},
},
Registry = "string",
RegistryAccessMonitoring = new Aquasec.Inputs.FunctionRuntimePolicyRegistryAccessMonitoringArgs
{
Enabled = false,
ExceptionalMonitoredRegistryPaths = new[]
{
"string",
},
ExceptionalMonitoredRegistryProcesses = new[]
{
"string",
},
ExceptionalMonitoredRegistryUsers = new[]
{
"string",
},
MonitoredRegistryAttributes = false,
MonitoredRegistryCreate = false,
MonitoredRegistryDelete = false,
MonitoredRegistryModify = false,
MonitoredRegistryPaths = new[]
{
"string",
},
MonitoredRegistryProcesses = new[]
{
"string",
},
MonitoredRegistryRead = false,
MonitoredRegistryUsers = new[]
{
"string",
},
},
RepoName = "string",
ResourceName = "string",
ResourceType = "string",
RestrictedVolumes = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyRestrictedVolumeArgs
{
Enabled = false,
Volumes = new[]
{
"string",
},
},
},
ReverseShell = new Aquasec.Inputs.FunctionRuntimePolicyReverseShellArgs
{
BlockReverseShell = false,
Enabled = false,
ReverseShellIpWhiteLists = new[]
{
"string",
},
ReverseShellProcWhiteLists = new[]
{
"string",
},
},
RuntimeMode = 0,
RuntimeType = "string",
ScopeExpression = "string",
ScopeVariables = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
{
Attribute = "string",
Value = "string",
Name = "string",
},
},
Scopes = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyScopeArgs
{
Expression = "string",
Variables = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
{
Attribute = "string",
Value = "string",
Name = "string",
},
},
},
},
SystemIntegrityProtection = new Aquasec.Inputs.FunctionRuntimePolicySystemIntegrityProtectionArgs
{
AuditSystemtimeChange = false,
Enabled = false,
MonitorAuditLogIntegrity = false,
WindowsServicesMonitoring = false,
},
Tripwire = new Aquasec.Inputs.FunctionRuntimePolicyTripwireArgs
{
ApplyOns = new[]
{
"string",
},
Enabled = false,
ServerlessApp = "string",
UserId = "string",
UserPassword = "string",
},
Type = "string",
Updated = "string",
Version = "string",
VpatchVersion = "string",
WhitelistedOsUsers = new Aquasec.Inputs.FunctionRuntimePolicyWhitelistedOsUsersArgs
{
Enabled = false,
GroupWhiteLists = new[]
{
"string",
},
UserWhiteLists = new[]
{
"string",
},
},
});
example, err := aquasec.NewFunctionRuntimePolicy(ctx, "functionRuntimePolicyResource", &aquasec.FunctionRuntimePolicyArgs{
AllowedExecutables: aquasec.FunctionRuntimePolicyAllowedExecutableArray{
&aquasec.FunctionRuntimePolicyAllowedExecutableArgs{
AllowExecutables: pulumi.StringArray{
pulumi.String("string"),
},
AllowRootExecutables: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
SeparateExecutables: pulumi.Bool(false),
},
},
AllowedRegistries: aquasec.FunctionRuntimePolicyAllowedRegistryArray{
&aquasec.FunctionRuntimePolicyAllowedRegistryArgs{
AllowedRegistries: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
},
},
ApplicationScopes: pulumi.StringArray{
pulumi.String("string"),
},
AuditBruteForceLogin: pulumi.Bool(false),
Auditing: &aquasec.FunctionRuntimePolicyAuditingArgs{
AuditAllNetwork: pulumi.Bool(false),
AuditAllProcesses: pulumi.Bool(false),
AuditFailedLogin: pulumi.Bool(false),
AuditOsUserActivity: pulumi.Bool(false),
AuditProcessCmdline: pulumi.Bool(false),
AuditSuccessLogin: pulumi.Bool(false),
AuditUserAccountManagement: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
},
Author: pulumi.String("string"),
BlacklistedOsUsers: &aquasec.FunctionRuntimePolicyBlacklistedOsUsersArgs{
Enabled: pulumi.Bool(false),
GroupBlackLists: pulumi.StringArray{
pulumi.String("string"),
},
UserBlackLists: pulumi.StringArray{
pulumi.String("string"),
},
},
BlockContainerExec: pulumi.Bool(false),
BlockDisallowedImages: pulumi.Bool(false),
BlockFilelessExec: pulumi.Bool(false),
BlockNonCompliantWorkloads: pulumi.Bool(false),
BlockNonK8sContainers: pulumi.Bool(false),
BypassScopes: aquasec.FunctionRuntimePolicyBypassScopeArray{
&aquasec.FunctionRuntimePolicyBypassScopeArgs{
Enabled: pulumi.Bool(false),
Scopes: aquasec.FunctionRuntimePolicyBypassScopeScopeArray{
&aquasec.FunctionRuntimePolicyBypassScopeScopeArgs{
Expression: pulumi.String("string"),
Variables: aquasec.FunctionRuntimePolicyBypassScopeScopeVariableArray{
&aquasec.FunctionRuntimePolicyBypassScopeScopeVariableArgs{
Attribute: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
},
},
ContainerExec: &aquasec.FunctionRuntimePolicyContainerExecArgs{
BlockContainerExec: pulumi.Bool(false),
ContainerExecProcWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
ReverseShellIpWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
},
Created: pulumi.String("string"),
Cve: pulumi.String("string"),
DefaultSecurityProfile: pulumi.String("string"),
Description: pulumi.String("string"),
Digest: pulumi.String("string"),
DriftPreventions: aquasec.FunctionRuntimePolicyDriftPreventionArray{
&aquasec.FunctionRuntimePolicyDriftPreventionArgs{
Enabled: pulumi.Bool(false),
ExecLockdown: pulumi.Bool(false),
ExecLockdownWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
ImageLockdown: pulumi.Bool(false),
},
},
EnableCryptoMiningDns: pulumi.Bool(false),
EnableForkGuard: pulumi.Bool(false),
EnableIpReputation: pulumi.Bool(false),
EnablePortScanProtection: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Enforce: pulumi.Bool(false),
EnforceAfterDays: pulumi.Int(0),
EnforceSchedulerAddedOn: pulumi.Int(0),
ExcludeApplicationScopes: pulumi.StringArray{
pulumi.String("string"),
},
ExecutableBlacklists: aquasec.FunctionRuntimePolicyExecutableBlacklistArray{
&aquasec.FunctionRuntimePolicyExecutableBlacklistArgs{
Enabled: pulumi.Bool(false),
Executables: pulumi.StringArray{
pulumi.String("string"),
},
},
},
FailedKubernetesChecks: &aquasec.FunctionRuntimePolicyFailedKubernetesChecksArgs{
Enabled: pulumi.Bool(false),
FailedChecks: pulumi.StringArray{
pulumi.String("string"),
},
},
FileBlock: &aquasec.FunctionRuntimePolicyFileBlockArgs{
BlockFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
BlockFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
ExceptionalBlockFiles: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalBlockFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalBlockFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
FilenameBlockLists: pulumi.StringArray{
pulumi.String("string"),
},
},
FileIntegrityMonitorings: aquasec.FunctionRuntimePolicyFileIntegrityMonitoringArray{
&aquasec.FunctionRuntimePolicyFileIntegrityMonitoringArgs{
Enabled: pulumi.Bool(false),
ExceptionalMonitoredFiles: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalMonitoredFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalMonitoredFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredFiles: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredFilesAttributes: pulumi.Bool(false),
MonitoredFilesCreate: pulumi.Bool(false),
MonitoredFilesDelete: pulumi.Bool(false),
MonitoredFilesModify: pulumi.Bool(false),
MonitoredFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredFilesRead: pulumi.Bool(false),
MonitoredFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ForkGuardProcessLimit: pulumi.Int(0),
HoneypotAccessKey: pulumi.String("string"),
HoneypotApplyOns: pulumi.StringArray{
pulumi.String("string"),
},
HoneypotSecretKey: pulumi.String("string"),
HoneypotServerlessAppName: pulumi.String("string"),
ImageName: pulumi.String("string"),
IsAuditChecked: pulumi.Bool(false),
IsAutoGenerated: pulumi.Bool(false),
IsOotbPolicy: pulumi.Bool(false),
Lastupdate: pulumi.Int(0),
LimitContainerPrivileges: aquasec.FunctionRuntimePolicyLimitContainerPrivilegeArray{
&aquasec.FunctionRuntimePolicyLimitContainerPrivilegeArgs{
BlockAddCapabilities: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Ipcmode: pulumi.Bool(false),
Netmode: pulumi.Bool(false),
Pidmode: pulumi.Bool(false),
PreventLowPortBinding: pulumi.Bool(false),
PreventRootUser: pulumi.Bool(false),
Privileged: pulumi.Bool(false),
UseHostUser: pulumi.Bool(false),
Usermode: pulumi.Bool(false),
Utsmode: pulumi.Bool(false),
},
},
LinuxCapabilities: &aquasec.FunctionRuntimePolicyLinuxCapabilitiesArgs{
Enabled: pulumi.Bool(false),
RemoveLinuxCapabilities: pulumi.StringArray{
pulumi.String("string"),
},
},
MalwareScanOptions: &aquasec.FunctionRuntimePolicyMalwareScanOptionsArgs{
Action: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ExcludeDirectories: pulumi.StringArray{
pulumi.String("string"),
},
ExcludeProcesses: pulumi.StringArray{
pulumi.String("string"),
},
IncludeDirectories: pulumi.StringArray{
pulumi.String("string"),
},
},
Name: pulumi.String("string"),
NoNewPrivileges: pulumi.Bool(false),
OnlyRegisteredImages: pulumi.Bool(false),
PackageBlock: &aquasec.FunctionRuntimePolicyPackageBlockArgs{
BlockPackagesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
BlockPackagesUsers: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
ExceptionalBlockPackagesFiles: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalBlockPackagesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalBlockPackagesUsers: pulumi.StringArray{
pulumi.String("string"),
},
PackagesBlackLists: pulumi.StringArray{
pulumi.String("string"),
},
},
Permission: pulumi.String("string"),
PortBlock: &aquasec.FunctionRuntimePolicyPortBlockArgs{
BlockInboundPorts: pulumi.StringArray{
pulumi.String("string"),
},
BlockOutboundPorts: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
},
ReadonlyFiles: &aquasec.FunctionRuntimePolicyReadonlyFilesArgs{
Enabled: pulumi.Bool(false),
ExceptionalReadonlyFiles: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalReadonlyFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalReadonlyFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyFiles: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
ReadonlyRegistry: &aquasec.FunctionRuntimePolicyReadonlyRegistryArgs{
Enabled: pulumi.Bool(false),
ExceptionalReadonlyRegistryPaths: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalReadonlyRegistryProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalReadonlyRegistryUsers: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyRegistryPaths: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyRegistryProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyRegistryUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
Registry: pulumi.String("string"),
RegistryAccessMonitoring: &aquasec.FunctionRuntimePolicyRegistryAccessMonitoringArgs{
Enabled: pulumi.Bool(false),
ExceptionalMonitoredRegistryPaths: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalMonitoredRegistryProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalMonitoredRegistryUsers: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredRegistryAttributes: pulumi.Bool(false),
MonitoredRegistryCreate: pulumi.Bool(false),
MonitoredRegistryDelete: pulumi.Bool(false),
MonitoredRegistryModify: pulumi.Bool(false),
MonitoredRegistryPaths: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredRegistryProcesses: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredRegistryRead: pulumi.Bool(false),
MonitoredRegistryUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
RepoName: pulumi.String("string"),
ResourceName: pulumi.String("string"),
ResourceType: pulumi.String("string"),
RestrictedVolumes: aquasec.FunctionRuntimePolicyRestrictedVolumeArray{
&aquasec.FunctionRuntimePolicyRestrictedVolumeArgs{
Enabled: pulumi.Bool(false),
Volumes: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ReverseShell: &aquasec.FunctionRuntimePolicyReverseShellArgs{
BlockReverseShell: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
ReverseShellIpWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
ReverseShellProcWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
},
RuntimeMode: pulumi.Int(0),
RuntimeType: pulumi.String("string"),
ScopeExpression: pulumi.String("string"),
ScopeVariables: aquasec.FunctionRuntimePolicyScopeVariableArray{
&aquasec.FunctionRuntimePolicyScopeVariableArgs{
Attribute: pulumi.String("string"),
Value: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Scopes: aquasec.FunctionRuntimePolicyScopeArray{
&aquasec.FunctionRuntimePolicyScopeArgs{
Expression: pulumi.String("string"),
Variables: aquasec.FunctionRuntimePolicyScopeVariableArray{
&aquasec.FunctionRuntimePolicyScopeVariableArgs{
Attribute: pulumi.String("string"),
Value: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
},
},
SystemIntegrityProtection: &aquasec.FunctionRuntimePolicySystemIntegrityProtectionArgs{
AuditSystemtimeChange: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
MonitorAuditLogIntegrity: pulumi.Bool(false),
WindowsServicesMonitoring: pulumi.Bool(false),
},
Tripwire: &aquasec.FunctionRuntimePolicyTripwireArgs{
ApplyOns: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
ServerlessApp: pulumi.String("string"),
UserId: pulumi.String("string"),
UserPassword: pulumi.String("string"),
},
Type: pulumi.String("string"),
Updated: pulumi.String("string"),
Version: pulumi.String("string"),
VpatchVersion: pulumi.String("string"),
WhitelistedOsUsers: &aquasec.FunctionRuntimePolicyWhitelistedOsUsersArgs{
Enabled: pulumi.Bool(false),
GroupWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
UserWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var functionRuntimePolicyResource = new FunctionRuntimePolicy("functionRuntimePolicyResource", FunctionRuntimePolicyArgs.builder()
.allowedExecutables(FunctionRuntimePolicyAllowedExecutableArgs.builder()
.allowExecutables("string")
.allowRootExecutables("string")
.enabled(false)
.separateExecutables(false)
.build())
.allowedRegistries(FunctionRuntimePolicyAllowedRegistryArgs.builder()
.allowedRegistries("string")
.enabled(false)
.build())
.applicationScopes("string")
.auditBruteForceLogin(false)
.auditing(FunctionRuntimePolicyAuditingArgs.builder()
.auditAllNetwork(false)
.auditAllProcesses(false)
.auditFailedLogin(false)
.auditOsUserActivity(false)
.auditProcessCmdline(false)
.auditSuccessLogin(false)
.auditUserAccountManagement(false)
.enabled(false)
.build())
.author("string")
.blacklistedOsUsers(FunctionRuntimePolicyBlacklistedOsUsersArgs.builder()
.enabled(false)
.groupBlackLists("string")
.userBlackLists("string")
.build())
.blockContainerExec(false)
.blockDisallowedImages(false)
.blockFilelessExec(false)
.blockNonCompliantWorkloads(false)
.blockNonK8sContainers(false)
.bypassScopes(FunctionRuntimePolicyBypassScopeArgs.builder()
.enabled(false)
.scopes(FunctionRuntimePolicyBypassScopeScopeArgs.builder()
.expression("string")
.variables(FunctionRuntimePolicyBypassScopeScopeVariableArgs.builder()
.attribute("string")
.value("string")
.build())
.build())
.build())
.containerExec(FunctionRuntimePolicyContainerExecArgs.builder()
.blockContainerExec(false)
.containerExecProcWhiteLists("string")
.enabled(false)
.reverseShellIpWhiteLists("string")
.build())
.created("string")
.cve("string")
.defaultSecurityProfile("string")
.description("string")
.digest("string")
.driftPreventions(FunctionRuntimePolicyDriftPreventionArgs.builder()
.enabled(false)
.execLockdown(false)
.execLockdownWhiteLists("string")
.imageLockdown(false)
.build())
.enableCryptoMiningDns(false)
.enableForkGuard(false)
.enableIpReputation(false)
.enablePortScanProtection(false)
.enabled(false)
.enforce(false)
.enforceAfterDays(0)
.enforceSchedulerAddedOn(0)
.excludeApplicationScopes("string")
.executableBlacklists(FunctionRuntimePolicyExecutableBlacklistArgs.builder()
.enabled(false)
.executables("string")
.build())
.failedKubernetesChecks(FunctionRuntimePolicyFailedKubernetesChecksArgs.builder()
.enabled(false)
.failedChecks("string")
.build())
.fileBlock(FunctionRuntimePolicyFileBlockArgs.builder()
.blockFilesProcesses("string")
.blockFilesUsers("string")
.enabled(false)
.exceptionalBlockFiles("string")
.exceptionalBlockFilesProcesses("string")
.exceptionalBlockFilesUsers("string")
.filenameBlockLists("string")
.build())
.fileIntegrityMonitorings(FunctionRuntimePolicyFileIntegrityMonitoringArgs.builder()
.enabled(false)
.exceptionalMonitoredFiles("string")
.exceptionalMonitoredFilesProcesses("string")
.exceptionalMonitoredFilesUsers("string")
.monitoredFiles("string")
.monitoredFilesAttributes(false)
.monitoredFilesCreate(false)
.monitoredFilesDelete(false)
.monitoredFilesModify(false)
.monitoredFilesProcesses("string")
.monitoredFilesRead(false)
.monitoredFilesUsers("string")
.build())
.forkGuardProcessLimit(0)
.honeypotAccessKey("string")
.honeypotApplyOns("string")
.honeypotSecretKey("string")
.honeypotServerlessAppName("string")
.imageName("string")
.isAuditChecked(false)
.isAutoGenerated(false)
.isOotbPolicy(false)
.lastupdate(0)
.limitContainerPrivileges(FunctionRuntimePolicyLimitContainerPrivilegeArgs.builder()
.blockAddCapabilities(false)
.enabled(false)
.ipcmode(false)
.netmode(false)
.pidmode(false)
.preventLowPortBinding(false)
.preventRootUser(false)
.privileged(false)
.useHostUser(false)
.usermode(false)
.utsmode(false)
.build())
.linuxCapabilities(FunctionRuntimePolicyLinuxCapabilitiesArgs.builder()
.enabled(false)
.removeLinuxCapabilities("string")
.build())
.malwareScanOptions(FunctionRuntimePolicyMalwareScanOptionsArgs.builder()
.action("string")
.enabled(false)
.excludeDirectories("string")
.excludeProcesses("string")
.includeDirectories("string")
.build())
.name("string")
.noNewPrivileges(false)
.onlyRegisteredImages(false)
.packageBlock(FunctionRuntimePolicyPackageBlockArgs.builder()
.blockPackagesProcesses("string")
.blockPackagesUsers("string")
.enabled(false)
.exceptionalBlockPackagesFiles("string")
.exceptionalBlockPackagesProcesses("string")
.exceptionalBlockPackagesUsers("string")
.packagesBlackLists("string")
.build())
.permission("string")
.portBlock(FunctionRuntimePolicyPortBlockArgs.builder()
.blockInboundPorts("string")
.blockOutboundPorts("string")
.enabled(false)
.build())
.readonlyFiles(FunctionRuntimePolicyReadonlyFilesArgs.builder()
.enabled(false)
.exceptionalReadonlyFiles("string")
.exceptionalReadonlyFilesProcesses("string")
.exceptionalReadonlyFilesUsers("string")
.readonlyFiles("string")
.readonlyFilesProcesses("string")
.readonlyFilesUsers("string")
.build())
.readonlyRegistry(FunctionRuntimePolicyReadonlyRegistryArgs.builder()
.enabled(false)
.exceptionalReadonlyRegistryPaths("string")
.exceptionalReadonlyRegistryProcesses("string")
.exceptionalReadonlyRegistryUsers("string")
.readonlyRegistryPaths("string")
.readonlyRegistryProcesses("string")
.readonlyRegistryUsers("string")
.build())
.registry("string")
.registryAccessMonitoring(FunctionRuntimePolicyRegistryAccessMonitoringArgs.builder()
.enabled(false)
.exceptionalMonitoredRegistryPaths("string")
.exceptionalMonitoredRegistryProcesses("string")
.exceptionalMonitoredRegistryUsers("string")
.monitoredRegistryAttributes(false)
.monitoredRegistryCreate(false)
.monitoredRegistryDelete(false)
.monitoredRegistryModify(false)
.monitoredRegistryPaths("string")
.monitoredRegistryProcesses("string")
.monitoredRegistryRead(false)
.monitoredRegistryUsers("string")
.build())
.repoName("string")
.resourceName("string")
.resourceType("string")
.restrictedVolumes(FunctionRuntimePolicyRestrictedVolumeArgs.builder()
.enabled(false)
.volumes("string")
.build())
.reverseShell(FunctionRuntimePolicyReverseShellArgs.builder()
.blockReverseShell(false)
.enabled(false)
.reverseShellIpWhiteLists("string")
.reverseShellProcWhiteLists("string")
.build())
.runtimeMode(0)
.runtimeType("string")
.scopeExpression("string")
.scopeVariables(FunctionRuntimePolicyScopeVariableArgs.builder()
.attribute("string")
.value("string")
.name("string")
.build())
.scopes(FunctionRuntimePolicyScopeArgs.builder()
.expression("string")
.variables(FunctionRuntimePolicyScopeVariableArgs.builder()
.attribute("string")
.value("string")
.name("string")
.build())
.build())
.systemIntegrityProtection(FunctionRuntimePolicySystemIntegrityProtectionArgs.builder()
.auditSystemtimeChange(false)
.enabled(false)
.monitorAuditLogIntegrity(false)
.windowsServicesMonitoring(false)
.build())
.tripwire(FunctionRuntimePolicyTripwireArgs.builder()
.applyOns("string")
.enabled(false)
.serverlessApp("string")
.userId("string")
.userPassword("string")
.build())
.type("string")
.updated("string")
.version("string")
.vpatchVersion("string")
.whitelistedOsUsers(FunctionRuntimePolicyWhitelistedOsUsersArgs.builder()
.enabled(false)
.groupWhiteLists("string")
.userWhiteLists("string")
.build())
.build());
function_runtime_policy_resource = aquasec.FunctionRuntimePolicy("functionRuntimePolicyResource",
allowed_executables=[aquasec.FunctionRuntimePolicyAllowedExecutableArgs(
allow_executables=["string"],
allow_root_executables=["string"],
enabled=False,
separate_executables=False,
)],
allowed_registries=[aquasec.FunctionRuntimePolicyAllowedRegistryArgs(
allowed_registries=["string"],
enabled=False,
)],
application_scopes=["string"],
audit_brute_force_login=False,
auditing=aquasec.FunctionRuntimePolicyAuditingArgs(
audit_all_network=False,
audit_all_processes=False,
audit_failed_login=False,
audit_os_user_activity=False,
audit_process_cmdline=False,
audit_success_login=False,
audit_user_account_management=False,
enabled=False,
),
author="string",
blacklisted_os_users=aquasec.FunctionRuntimePolicyBlacklistedOsUsersArgs(
enabled=False,
group_black_lists=["string"],
user_black_lists=["string"],
),
block_container_exec=False,
block_disallowed_images=False,
block_fileless_exec=False,
block_non_compliant_workloads=False,
block_non_k8s_containers=False,
bypass_scopes=[aquasec.FunctionRuntimePolicyBypassScopeArgs(
enabled=False,
scopes=[aquasec.FunctionRuntimePolicyBypassScopeScopeArgs(
expression="string",
variables=[aquasec.FunctionRuntimePolicyBypassScopeScopeVariableArgs(
attribute="string",
value="string",
)],
)],
)],
container_exec=aquasec.FunctionRuntimePolicyContainerExecArgs(
block_container_exec=False,
container_exec_proc_white_lists=["string"],
enabled=False,
reverse_shell_ip_white_lists=["string"],
),
created="string",
cve="string",
default_security_profile="string",
description="string",
digest="string",
drift_preventions=[aquasec.FunctionRuntimePolicyDriftPreventionArgs(
enabled=False,
exec_lockdown=False,
exec_lockdown_white_lists=["string"],
image_lockdown=False,
)],
enable_crypto_mining_dns=False,
enable_fork_guard=False,
enable_ip_reputation=False,
enable_port_scan_protection=False,
enabled=False,
enforce=False,
enforce_after_days=0,
enforce_scheduler_added_on=0,
exclude_application_scopes=["string"],
executable_blacklists=[aquasec.FunctionRuntimePolicyExecutableBlacklistArgs(
enabled=False,
executables=["string"],
)],
failed_kubernetes_checks=aquasec.FunctionRuntimePolicyFailedKubernetesChecksArgs(
enabled=False,
failed_checks=["string"],
),
file_block=aquasec.FunctionRuntimePolicyFileBlockArgs(
block_files_processes=["string"],
block_files_users=["string"],
enabled=False,
exceptional_block_files=["string"],
exceptional_block_files_processes=["string"],
exceptional_block_files_users=["string"],
filename_block_lists=["string"],
),
file_integrity_monitorings=[aquasec.FunctionRuntimePolicyFileIntegrityMonitoringArgs(
enabled=False,
exceptional_monitored_files=["string"],
exceptional_monitored_files_processes=["string"],
exceptional_monitored_files_users=["string"],
monitored_files=["string"],
monitored_files_attributes=False,
monitored_files_create=False,
monitored_files_delete=False,
monitored_files_modify=False,
monitored_files_processes=["string"],
monitored_files_read=False,
monitored_files_users=["string"],
)],
fork_guard_process_limit=0,
honeypot_access_key="string",
honeypot_apply_ons=["string"],
honeypot_secret_key="string",
honeypot_serverless_app_name="string",
image_name="string",
is_audit_checked=False,
is_auto_generated=False,
is_ootb_policy=False,
lastupdate=0,
limit_container_privileges=[aquasec.FunctionRuntimePolicyLimitContainerPrivilegeArgs(
block_add_capabilities=False,
enabled=False,
ipcmode=False,
netmode=False,
pidmode=False,
prevent_low_port_binding=False,
prevent_root_user=False,
privileged=False,
use_host_user=False,
usermode=False,
utsmode=False,
)],
linux_capabilities=aquasec.FunctionRuntimePolicyLinuxCapabilitiesArgs(
enabled=False,
remove_linux_capabilities=["string"],
),
malware_scan_options=aquasec.FunctionRuntimePolicyMalwareScanOptionsArgs(
action="string",
enabled=False,
exclude_directories=["string"],
exclude_processes=["string"],
include_directories=["string"],
),
name="string",
no_new_privileges=False,
only_registered_images=False,
package_block=aquasec.FunctionRuntimePolicyPackageBlockArgs(
block_packages_processes=["string"],
block_packages_users=["string"],
enabled=False,
exceptional_block_packages_files=["string"],
exceptional_block_packages_processes=["string"],
exceptional_block_packages_users=["string"],
packages_black_lists=["string"],
),
permission="string",
port_block=aquasec.FunctionRuntimePolicyPortBlockArgs(
block_inbound_ports=["string"],
block_outbound_ports=["string"],
enabled=False,
),
readonly_files=aquasec.FunctionRuntimePolicyReadonlyFilesArgs(
enabled=False,
exceptional_readonly_files=["string"],
exceptional_readonly_files_processes=["string"],
exceptional_readonly_files_users=["string"],
readonly_files=["string"],
readonly_files_processes=["string"],
readonly_files_users=["string"],
),
readonly_registry=aquasec.FunctionRuntimePolicyReadonlyRegistryArgs(
enabled=False,
exceptional_readonly_registry_paths=["string"],
exceptional_readonly_registry_processes=["string"],
exceptional_readonly_registry_users=["string"],
readonly_registry_paths=["string"],
readonly_registry_processes=["string"],
readonly_registry_users=["string"],
),
registry="string",
registry_access_monitoring=aquasec.FunctionRuntimePolicyRegistryAccessMonitoringArgs(
enabled=False,
exceptional_monitored_registry_paths=["string"],
exceptional_monitored_registry_processes=["string"],
exceptional_monitored_registry_users=["string"],
monitored_registry_attributes=False,
monitored_registry_create=False,
monitored_registry_delete=False,
monitored_registry_modify=False,
monitored_registry_paths=["string"],
monitored_registry_processes=["string"],
monitored_registry_read=False,
monitored_registry_users=["string"],
),
repo_name="string",
resource_name_="string",
resource_type="string",
restricted_volumes=[aquasec.FunctionRuntimePolicyRestrictedVolumeArgs(
enabled=False,
volumes=["string"],
)],
reverse_shell=aquasec.FunctionRuntimePolicyReverseShellArgs(
block_reverse_shell=False,
enabled=False,
reverse_shell_ip_white_lists=["string"],
reverse_shell_proc_white_lists=["string"],
),
runtime_mode=0,
runtime_type="string",
scope_expression="string",
scope_variables=[aquasec.FunctionRuntimePolicyScopeVariableArgs(
attribute="string",
value="string",
name="string",
)],
scopes=[aquasec.FunctionRuntimePolicyScopeArgs(
expression="string",
variables=[aquasec.FunctionRuntimePolicyScopeVariableArgs(
attribute="string",
value="string",
name="string",
)],
)],
system_integrity_protection=aquasec.FunctionRuntimePolicySystemIntegrityProtectionArgs(
audit_systemtime_change=False,
enabled=False,
monitor_audit_log_integrity=False,
windows_services_monitoring=False,
),
tripwire=aquasec.FunctionRuntimePolicyTripwireArgs(
apply_ons=["string"],
enabled=False,
serverless_app="string",
user_id="string",
user_password="string",
),
type="string",
updated="string",
version="string",
vpatch_version="string",
whitelisted_os_users=aquasec.FunctionRuntimePolicyWhitelistedOsUsersArgs(
enabled=False,
group_white_lists=["string"],
user_white_lists=["string"],
))
const functionRuntimePolicyResource = new aquasec.FunctionRuntimePolicy("functionRuntimePolicyResource", {
allowedExecutables: [{
allowExecutables: ["string"],
allowRootExecutables: ["string"],
enabled: false,
separateExecutables: false,
}],
allowedRegistries: [{
allowedRegistries: ["string"],
enabled: false,
}],
applicationScopes: ["string"],
auditBruteForceLogin: false,
auditing: {
auditAllNetwork: false,
auditAllProcesses: false,
auditFailedLogin: false,
auditOsUserActivity: false,
auditProcessCmdline: false,
auditSuccessLogin: false,
auditUserAccountManagement: false,
enabled: false,
},
author: "string",
blacklistedOsUsers: {
enabled: false,
groupBlackLists: ["string"],
userBlackLists: ["string"],
},
blockContainerExec: false,
blockDisallowedImages: false,
blockFilelessExec: false,
blockNonCompliantWorkloads: false,
blockNonK8sContainers: false,
bypassScopes: [{
enabled: false,
scopes: [{
expression: "string",
variables: [{
attribute: "string",
value: "string",
}],
}],
}],
containerExec: {
blockContainerExec: false,
containerExecProcWhiteLists: ["string"],
enabled: false,
reverseShellIpWhiteLists: ["string"],
},
created: "string",
cve: "string",
defaultSecurityProfile: "string",
description: "string",
digest: "string",
driftPreventions: [{
enabled: false,
execLockdown: false,
execLockdownWhiteLists: ["string"],
imageLockdown: false,
}],
enableCryptoMiningDns: false,
enableForkGuard: false,
enableIpReputation: false,
enablePortScanProtection: false,
enabled: false,
enforce: false,
enforceAfterDays: 0,
enforceSchedulerAddedOn: 0,
excludeApplicationScopes: ["string"],
executableBlacklists: [{
enabled: false,
executables: ["string"],
}],
failedKubernetesChecks: {
enabled: false,
failedChecks: ["string"],
},
fileBlock: {
blockFilesProcesses: ["string"],
blockFilesUsers: ["string"],
enabled: false,
exceptionalBlockFiles: ["string"],
exceptionalBlockFilesProcesses: ["string"],
exceptionalBlockFilesUsers: ["string"],
filenameBlockLists: ["string"],
},
fileIntegrityMonitorings: [{
enabled: false,
exceptionalMonitoredFiles: ["string"],
exceptionalMonitoredFilesProcesses: ["string"],
exceptionalMonitoredFilesUsers: ["string"],
monitoredFiles: ["string"],
monitoredFilesAttributes: false,
monitoredFilesCreate: false,
monitoredFilesDelete: false,
monitoredFilesModify: false,
monitoredFilesProcesses: ["string"],
monitoredFilesRead: false,
monitoredFilesUsers: ["string"],
}],
forkGuardProcessLimit: 0,
honeypotAccessKey: "string",
honeypotApplyOns: ["string"],
honeypotSecretKey: "string",
honeypotServerlessAppName: "string",
imageName: "string",
isAuditChecked: false,
isAutoGenerated: false,
isOotbPolicy: false,
lastupdate: 0,
limitContainerPrivileges: [{
blockAddCapabilities: false,
enabled: false,
ipcmode: false,
netmode: false,
pidmode: false,
preventLowPortBinding: false,
preventRootUser: false,
privileged: false,
useHostUser: false,
usermode: false,
utsmode: false,
}],
linuxCapabilities: {
enabled: false,
removeLinuxCapabilities: ["string"],
},
malwareScanOptions: {
action: "string",
enabled: false,
excludeDirectories: ["string"],
excludeProcesses: ["string"],
includeDirectories: ["string"],
},
name: "string",
noNewPrivileges: false,
onlyRegisteredImages: false,
packageBlock: {
blockPackagesProcesses: ["string"],
blockPackagesUsers: ["string"],
enabled: false,
exceptionalBlockPackagesFiles: ["string"],
exceptionalBlockPackagesProcesses: ["string"],
exceptionalBlockPackagesUsers: ["string"],
packagesBlackLists: ["string"],
},
permission: "string",
portBlock: {
blockInboundPorts: ["string"],
blockOutboundPorts: ["string"],
enabled: false,
},
readonlyFiles: {
enabled: false,
exceptionalReadonlyFiles: ["string"],
exceptionalReadonlyFilesProcesses: ["string"],
exceptionalReadonlyFilesUsers: ["string"],
readonlyFiles: ["string"],
readonlyFilesProcesses: ["string"],
readonlyFilesUsers: ["string"],
},
readonlyRegistry: {
enabled: false,
exceptionalReadonlyRegistryPaths: ["string"],
exceptionalReadonlyRegistryProcesses: ["string"],
exceptionalReadonlyRegistryUsers: ["string"],
readonlyRegistryPaths: ["string"],
readonlyRegistryProcesses: ["string"],
readonlyRegistryUsers: ["string"],
},
registry: "string",
registryAccessMonitoring: {
enabled: false,
exceptionalMonitoredRegistryPaths: ["string"],
exceptionalMonitoredRegistryProcesses: ["string"],
exceptionalMonitoredRegistryUsers: ["string"],
monitoredRegistryAttributes: false,
monitoredRegistryCreate: false,
monitoredRegistryDelete: false,
monitoredRegistryModify: false,
monitoredRegistryPaths: ["string"],
monitoredRegistryProcesses: ["string"],
monitoredRegistryRead: false,
monitoredRegistryUsers: ["string"],
},
repoName: "string",
resourceName: "string",
resourceType: "string",
restrictedVolumes: [{
enabled: false,
volumes: ["string"],
}],
reverseShell: {
blockReverseShell: false,
enabled: false,
reverseShellIpWhiteLists: ["string"],
reverseShellProcWhiteLists: ["string"],
},
runtimeMode: 0,
runtimeType: "string",
scopeExpression: "string",
scopeVariables: [{
attribute: "string",
value: "string",
name: "string",
}],
scopes: [{
expression: "string",
variables: [{
attribute: "string",
value: "string",
name: "string",
}],
}],
systemIntegrityProtection: {
auditSystemtimeChange: false,
enabled: false,
monitorAuditLogIntegrity: false,
windowsServicesMonitoring: false,
},
tripwire: {
applyOns: ["string"],
enabled: false,
serverlessApp: "string",
userId: "string",
userPassword: "string",
},
type: "string",
updated: "string",
version: "string",
vpatchVersion: "string",
whitelistedOsUsers: {
enabled: false,
groupWhiteLists: ["string"],
userWhiteLists: ["string"],
},
});
type: aquasec:FunctionRuntimePolicy
properties:
allowedExecutables:
- allowExecutables:
- string
allowRootExecutables:
- string
enabled: false
separateExecutables: false
allowedRegistries:
- allowedRegistries:
- string
enabled: false
applicationScopes:
- string
auditBruteForceLogin: false
auditing:
auditAllNetwork: false
auditAllProcesses: false
auditFailedLogin: false
auditOsUserActivity: false
auditProcessCmdline: false
auditSuccessLogin: false
auditUserAccountManagement: false
enabled: false
author: string
blacklistedOsUsers:
enabled: false
groupBlackLists:
- string
userBlackLists:
- string
blockContainerExec: false
blockDisallowedImages: false
blockFilelessExec: false
blockNonCompliantWorkloads: false
blockNonK8sContainers: false
bypassScopes:
- enabled: false
scopes:
- expression: string
variables:
- attribute: string
value: string
containerExec:
blockContainerExec: false
containerExecProcWhiteLists:
- string
enabled: false
reverseShellIpWhiteLists:
- string
created: string
cve: string
defaultSecurityProfile: string
description: string
digest: string
driftPreventions:
- enabled: false
execLockdown: false
execLockdownWhiteLists:
- string
imageLockdown: false
enableCryptoMiningDns: false
enableForkGuard: false
enableIpReputation: false
enablePortScanProtection: false
enabled: false
enforce: false
enforceAfterDays: 0
enforceSchedulerAddedOn: 0
excludeApplicationScopes:
- string
executableBlacklists:
- enabled: false
executables:
- string
failedKubernetesChecks:
enabled: false
failedChecks:
- string
fileBlock:
blockFilesProcesses:
- string
blockFilesUsers:
- string
enabled: false
exceptionalBlockFiles:
- string
exceptionalBlockFilesProcesses:
- string
exceptionalBlockFilesUsers:
- string
filenameBlockLists:
- string
fileIntegrityMonitorings:
- enabled: false
exceptionalMonitoredFiles:
- string
exceptionalMonitoredFilesProcesses:
- string
exceptionalMonitoredFilesUsers:
- string
monitoredFiles:
- string
monitoredFilesAttributes: false
monitoredFilesCreate: false
monitoredFilesDelete: false
monitoredFilesModify: false
monitoredFilesProcesses:
- string
monitoredFilesRead: false
monitoredFilesUsers:
- string
forkGuardProcessLimit: 0
honeypotAccessKey: string
honeypotApplyOns:
- string
honeypotSecretKey: string
honeypotServerlessAppName: string
imageName: string
isAuditChecked: false
isAutoGenerated: false
isOotbPolicy: false
lastupdate: 0
limitContainerPrivileges:
- blockAddCapabilities: false
enabled: false
ipcmode: false
netmode: false
pidmode: false
preventLowPortBinding: false
preventRootUser: false
privileged: false
useHostUser: false
usermode: false
utsmode: false
linuxCapabilities:
enabled: false
removeLinuxCapabilities:
- string
malwareScanOptions:
action: string
enabled: false
excludeDirectories:
- string
excludeProcesses:
- string
includeDirectories:
- string
name: string
noNewPrivileges: false
onlyRegisteredImages: false
packageBlock:
blockPackagesProcesses:
- string
blockPackagesUsers:
- string
enabled: false
exceptionalBlockPackagesFiles:
- string
exceptionalBlockPackagesProcesses:
- string
exceptionalBlockPackagesUsers:
- string
packagesBlackLists:
- string
permission: string
portBlock:
blockInboundPorts:
- string
blockOutboundPorts:
- string
enabled: false
readonlyFiles:
enabled: false
exceptionalReadonlyFiles:
- string
exceptionalReadonlyFilesProcesses:
- string
exceptionalReadonlyFilesUsers:
- string
readonlyFiles:
- string
readonlyFilesProcesses:
- string
readonlyFilesUsers:
- string
readonlyRegistry:
enabled: false
exceptionalReadonlyRegistryPaths:
- string
exceptionalReadonlyRegistryProcesses:
- string
exceptionalReadonlyRegistryUsers:
- string
readonlyRegistryPaths:
- string
readonlyRegistryProcesses:
- string
readonlyRegistryUsers:
- string
registry: string
registryAccessMonitoring:
enabled: false
exceptionalMonitoredRegistryPaths:
- string
exceptionalMonitoredRegistryProcesses:
- string
exceptionalMonitoredRegistryUsers:
- string
monitoredRegistryAttributes: false
monitoredRegistryCreate: false
monitoredRegistryDelete: false
monitoredRegistryModify: false
monitoredRegistryPaths:
- string
monitoredRegistryProcesses:
- string
monitoredRegistryRead: false
monitoredRegistryUsers:
- string
repoName: string
resourceName: string
resourceType: string
restrictedVolumes:
- enabled: false
volumes:
- string
reverseShell:
blockReverseShell: false
enabled: false
reverseShellIpWhiteLists:
- string
reverseShellProcWhiteLists:
- string
runtimeMode: 0
runtimeType: string
scopeExpression: string
scopeVariables:
- attribute: string
name: string
value: string
scopes:
- expression: string
variables:
- attribute: string
name: string
value: string
systemIntegrityProtection:
auditSystemtimeChange: false
enabled: false
monitorAuditLogIntegrity: false
windowsServicesMonitoring: false
tripwire:
applyOns:
- string
enabled: false
serverlessApp: string
userId: string
userPassword: string
type: string
updated: string
version: string
vpatchVersion: string
whitelistedOsUsers:
enabled: false
groupWhiteLists:
- string
userWhiteLists:
- string
FunctionRuntimePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FunctionRuntimePolicy resource accepts the following input properties:
- Allowed
Executables List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Allowed Executable> - Allowed executables configuration.
- Allowed
Registries List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Allowed Registry> - List of allowed registries.
- Application
Scopes List<string> - Indicates the application scope of the service.
- Audit
Brute boolForce Login - Detects brute force login attempts
- Auditing
Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Auditing - string
- Username of the account that created the service.
- Blacklisted
Os Pulumiverse.Users Aquasec. Inputs. Function Runtime Policy Blacklisted Os Users - Block
Container boolExec - Block
Disallowed boolImages - Block
Fileless boolExec - Block
Non boolCompliant Workloads - Block
Non boolK8s Containers - Bypass
Scopes List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Bypass Scope> - Bypass scope configuration.
- Container
Exec Pulumiverse.Aquasec. Inputs. Function Runtime Policy Container Exec - Created string
- Cve string
- Default
Security stringProfile - Description string
- The description of the function runtime policy
- Digest string
- Drift
Preventions List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Drift Prevention> - Drift prevention configuration.
- Enable
Crypto boolMining Dns - Enable
Fork boolGuard - Enable
Ip boolReputation - Enable
Port boolScan Protection - Enabled bool
- Whether allowed executables configuration is enabled.
- Enforce bool
- Indicates that policy should effect container execution (not just for audit).
- Enforce
After intDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- Enforce
Scheduler intAdded On - Exclude
Application List<string>Scopes - List of excluded application scopes.
- Executable
Blacklists List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Executable Blacklist> - Executable blacklist configuration.
- Failed
Kubernetes Pulumiverse.Checks Aquasec. Inputs. Function Runtime Policy Failed Kubernetes Checks - File
Block Pulumiverse.Aquasec. Inputs. Function Runtime Policy File Block - File
Integrity List<Pulumiverse.Monitorings Aquasec. Inputs. Function Runtime Policy File Integrity Monitoring> - Configuration for file integrity monitoring.
- Fork
Guard intProcess Limit - Honeypot
Access stringKey - Honeypot User ID (Access Key)
- Honeypot
Apply List<string>Ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- Honeypot
Secret stringKey - Honeypot User Password (Secret Key)
- Honeypot
Serverless stringApp Name - Serverless application name
- Image
Name string - Is
Audit boolChecked - Is
Auto boolGenerated - Is
Ootb boolPolicy - Lastupdate int
- Limit
Container List<Pulumiverse.Privileges Aquasec. Inputs. Function Runtime Policy Limit Container Privilege> - Container privileges configuration.
- Linux
Capabilities Pulumiverse.Aquasec. Inputs. Function Runtime Policy Linux Capabilities - Malware
Scan Pulumiverse.Options Aquasec. Inputs. Function Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- Name string
- Name assigned to the attribute.
- No
New boolPrivileges - Only
Registered boolImages - Package
Block Pulumiverse.Aquasec. Inputs. Function Runtime Policy Package Block - Permission string
- Port
Block Pulumiverse.Aquasec. Inputs. Function Runtime Policy Port Block - Readonly
Files Pulumiverse.Aquasec. Inputs. Function Runtime Policy Readonly Files - Readonly
Registry Pulumiverse.Aquasec. Inputs. Function Runtime Policy Readonly Registry - Registry string
- Registry
Access Pulumiverse.Monitoring Aquasec. Inputs. Function Runtime Policy Registry Access Monitoring - Repo
Name string - Resource
Name string - Resource
Type string - Restricted
Volumes List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Restricted Volume> - Restricted volumes configuration.
- Reverse
Shell Pulumiverse.Aquasec. Inputs. Function Runtime Policy Reverse Shell - Runtime
Mode int - Runtime
Type string - Scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Scope Variable> - List of scope attributes.
- Scopes
List<Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Scope> - Scope configuration.
- System
Integrity Pulumiverse.Protection Aquasec. Inputs. Function Runtime Policy System Integrity Protection - Tripwire
Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Tripwire - Type string
- Updated string
- Version string
- Vpatch
Version string - Whitelisted
Os Pulumiverse.Users Aquasec. Inputs. Function Runtime Policy Whitelisted Os Users
- Allowed
Executables []FunctionRuntime Policy Allowed Executable Args - Allowed executables configuration.
- Allowed
Registries []FunctionRuntime Policy Allowed Registry Args - List of allowed registries.
- Application
Scopes []string - Indicates the application scope of the service.
- Audit
Brute boolForce Login - Detects brute force login attempts
- Auditing
Function
Runtime Policy Auditing Args - string
- Username of the account that created the service.
- Blacklisted
Os FunctionUsers Runtime Policy Blacklisted Os Users Args - Block
Container boolExec - Block
Disallowed boolImages - Block
Fileless boolExec - Block
Non boolCompliant Workloads - Block
Non boolK8s Containers - Bypass
Scopes []FunctionRuntime Policy Bypass Scope Args - Bypass scope configuration.
- Container
Exec FunctionRuntime Policy Container Exec Args - Created string
- Cve string
- Default
Security stringProfile - Description string
- The description of the function runtime policy
- Digest string
- Drift
Preventions []FunctionRuntime Policy Drift Prevention Args - Drift prevention configuration.
- Enable
Crypto boolMining Dns - Enable
Fork boolGuard - Enable
Ip boolReputation - Enable
Port boolScan Protection - Enabled bool
- Whether allowed executables configuration is enabled.
- Enforce bool
- Indicates that policy should effect container execution (not just for audit).
- Enforce
After intDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- Enforce
Scheduler intAdded On - Exclude
Application []stringScopes - List of excluded application scopes.
- Executable
Blacklists []FunctionRuntime Policy Executable Blacklist Args - Executable blacklist configuration.
- Failed
Kubernetes FunctionChecks Runtime Policy Failed Kubernetes Checks Args - File
Block FunctionRuntime Policy File Block Args - File
Integrity []FunctionMonitorings Runtime Policy File Integrity Monitoring Args - Configuration for file integrity monitoring.
- Fork
Guard intProcess Limit - Honeypot
Access stringKey - Honeypot User ID (Access Key)
- Honeypot
Apply []stringOns - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- Honeypot
Secret stringKey - Honeypot User Password (Secret Key)
- Honeypot
Serverless stringApp Name - Serverless application name
- Image
Name string - Is
Audit boolChecked - Is
Auto boolGenerated - Is
Ootb boolPolicy - Lastupdate int
- Limit
Container []FunctionPrivileges Runtime Policy Limit Container Privilege Args - Container privileges configuration.
- Linux
Capabilities FunctionRuntime Policy Linux Capabilities Args - Malware
Scan FunctionOptions Runtime Policy Malware Scan Options Args - Configuration for Real-Time Malware Protection.
- Name string
- Name assigned to the attribute.
- No
New boolPrivileges - Only
Registered boolImages - Package
Block FunctionRuntime Policy Package Block Args - Permission string
- Port
Block FunctionRuntime Policy Port Block Args - Readonly
Files FunctionRuntime Policy Readonly Files Args - Readonly
Registry FunctionRuntime Policy Readonly Registry Args - Registry string
- Registry
Access FunctionMonitoring Runtime Policy Registry Access Monitoring Args - Repo
Name string - Resource
Name string - Resource
Type string - Restricted
Volumes []FunctionRuntime Policy Restricted Volume Args - Restricted volumes configuration.
- Reverse
Shell FunctionRuntime Policy Reverse Shell Args - Runtime
Mode int - Runtime
Type string - Scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables []FunctionRuntime Policy Scope Variable Args - List of scope attributes.
- Scopes
[]Function
Runtime Policy Scope Args - Scope configuration.
- System
Integrity FunctionProtection Runtime Policy System Integrity Protection Args - Tripwire
Function
Runtime Policy Tripwire Args - Type string
- Updated string
- Version string
- Vpatch
Version string - Whitelisted
Os FunctionUsers Runtime Policy Whitelisted Os Users Args
- allowed
Executables List<FunctionRuntime Policy Allowed Executable> - Allowed executables configuration.
- allowed
Registries List<FunctionRuntime Policy Allowed Registry> - List of allowed registries.
- application
Scopes List<String> - Indicates the application scope of the service.
- audit
Brute BooleanForce Login - Detects brute force login attempts
- auditing
Function
Runtime Policy Auditing - String
- Username of the account that created the service.
- blacklisted
Os FunctionUsers Runtime Policy Blacklisted Os Users - block
Container BooleanExec - block
Disallowed BooleanImages - block
Fileless BooleanExec - block
Non BooleanCompliant Workloads - block
Non BooleanK8s Containers - bypass
Scopes List<FunctionRuntime Policy Bypass Scope> - Bypass scope configuration.
- container
Exec FunctionRuntime Policy Container Exec - created String
- cve String
- default
Security StringProfile - description String
- The description of the function runtime policy
- digest String
- drift
Preventions List<FunctionRuntime Policy Drift Prevention> - Drift prevention configuration.
- enable
Crypto BooleanMining Dns - enable
Fork BooleanGuard - enable
Ip BooleanReputation - enable
Port BooleanScan Protection - enabled Boolean
- Whether allowed executables configuration is enabled.
- enforce Boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After IntegerDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler IntegerAdded On - exclude
Application List<String>Scopes - List of excluded application scopes.
- executable
Blacklists List<FunctionRuntime Policy Executable Blacklist> - Executable blacklist configuration.
- failed
Kubernetes FunctionChecks Runtime Policy Failed Kubernetes Checks - file
Block FunctionRuntime Policy File Block - file
Integrity List<FunctionMonitorings Runtime Policy File Integrity Monitoring> - Configuration for file integrity monitoring.
- fork
Guard IntegerProcess Limit - honeypot
Access StringKey - Honeypot User ID (Access Key)
- honeypot
Apply List<String>Ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret StringKey - Honeypot User Password (Secret Key)
- honeypot
Serverless StringApp Name - Serverless application name
- image
Name String - is
Audit BooleanChecked - is
Auto BooleanGenerated - is
Ootb BooleanPolicy - lastupdate Integer
- limit
Container List<FunctionPrivileges Runtime Policy Limit Container Privilege> - Container privileges configuration.
- linux
Capabilities FunctionRuntime Policy Linux Capabilities - malware
Scan FunctionOptions Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- name String
- Name assigned to the attribute.
- no
New BooleanPrivileges - only
Registered BooleanImages - package
Block FunctionRuntime Policy Package Block - permission String
- port
Block FunctionRuntime Policy Port Block - readonly
Files FunctionRuntime Policy Readonly Files - readonly
Registry FunctionRuntime Policy Readonly Registry - registry String
- registry
Access FunctionMonitoring Runtime Policy Registry Access Monitoring - repo
Name String - resource
Name String - resource
Type String - restricted
Volumes List<FunctionRuntime Policy Restricted Volume> - Restricted volumes configuration.
- reverse
Shell FunctionRuntime Policy Reverse Shell - runtime
Mode Integer - runtime
Type String - scope
Expression String - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<FunctionRuntime Policy Scope Variable> - List of scope attributes.
- scopes
List<Function
Runtime Policy Scope> - Scope configuration.
- system
Integrity FunctionProtection Runtime Policy System Integrity Protection - tripwire
Function
Runtime Policy Tripwire - type String
- updated String
- version String
- vpatch
Version String - whitelisted
Os FunctionUsers Runtime Policy Whitelisted Os Users
- allowed
Executables FunctionRuntime Policy Allowed Executable[] - Allowed executables configuration.
- allowed
Registries FunctionRuntime Policy Allowed Registry[] - List of allowed registries.
- application
Scopes string[] - Indicates the application scope of the service.
- audit
Brute booleanForce Login - Detects brute force login attempts
- auditing
Function
Runtime Policy Auditing - string
- Username of the account that created the service.
- blacklisted
Os FunctionUsers Runtime Policy Blacklisted Os Users - block
Container booleanExec - block
Disallowed booleanImages - block
Fileless booleanExec - block
Non booleanCompliant Workloads - block
Non booleanK8s Containers - bypass
Scopes FunctionRuntime Policy Bypass Scope[] - Bypass scope configuration.
- container
Exec FunctionRuntime Policy Container Exec - created string
- cve string
- default
Security stringProfile - description string
- The description of the function runtime policy
- digest string
- drift
Preventions FunctionRuntime Policy Drift Prevention[] - Drift prevention configuration.
- enable
Crypto booleanMining Dns - enable
Fork booleanGuard - enable
Ip booleanReputation - enable
Port booleanScan Protection - enabled boolean
- Whether allowed executables configuration is enabled.
- enforce boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After numberDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler numberAdded On - exclude
Application string[]Scopes - List of excluded application scopes.
- executable
Blacklists FunctionRuntime Policy Executable Blacklist[] - Executable blacklist configuration.
- failed
Kubernetes FunctionChecks Runtime Policy Failed Kubernetes Checks - file
Block FunctionRuntime Policy File Block - file
Integrity FunctionMonitorings Runtime Policy File Integrity Monitoring[] - Configuration for file integrity monitoring.
- fork
Guard numberProcess Limit - honeypot
Access stringKey - Honeypot User ID (Access Key)
- honeypot
Apply string[]Ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret stringKey - Honeypot User Password (Secret Key)
- honeypot
Serverless stringApp Name - Serverless application name
- image
Name string - is
Audit booleanChecked - is
Auto booleanGenerated - is
Ootb booleanPolicy - lastupdate number
- limit
Container FunctionPrivileges Runtime Policy Limit Container Privilege[] - Container privileges configuration.
- linux
Capabilities FunctionRuntime Policy Linux Capabilities - malware
Scan FunctionOptions Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- name string
- Name assigned to the attribute.
- no
New booleanPrivileges - only
Registered booleanImages - package
Block FunctionRuntime Policy Package Block - permission string
- port
Block FunctionRuntime Policy Port Block - readonly
Files FunctionRuntime Policy Readonly Files - readonly
Registry FunctionRuntime Policy Readonly Registry - registry string
- registry
Access FunctionMonitoring Runtime Policy Registry Access Monitoring - repo
Name string - resource
Name string - resource
Type string - restricted
Volumes FunctionRuntime Policy Restricted Volume[] - Restricted volumes configuration.
- reverse
Shell FunctionRuntime Policy Reverse Shell - runtime
Mode number - runtime
Type string - scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables FunctionRuntime Policy Scope Variable[] - List of scope attributes.
- scopes
Function
Runtime Policy Scope[] - Scope configuration.
- system
Integrity FunctionProtection Runtime Policy System Integrity Protection - tripwire
Function
Runtime Policy Tripwire - type string
- updated string
- version string
- vpatch
Version string - whitelisted
Os FunctionUsers Runtime Policy Whitelisted Os Users
- allowed_
executables Sequence[FunctionRuntime Policy Allowed Executable Args] - Allowed executables configuration.
- allowed_
registries Sequence[FunctionRuntime Policy Allowed Registry Args] - List of allowed registries.
- application_
scopes Sequence[str] - Indicates the application scope of the service.
- audit_
brute_ boolforce_ login - Detects brute force login attempts
- auditing
Function
Runtime Policy Auditing Args - str
- Username of the account that created the service.
- blacklisted_
os_ Functionusers Runtime Policy Blacklisted Os Users Args - block_
container_ boolexec - block_
disallowed_ boolimages - block_
fileless_ boolexec - block_
non_ boolcompliant_ workloads - block_
non_ boolk8s_ containers - bypass_
scopes Sequence[FunctionRuntime Policy Bypass Scope Args] - Bypass scope configuration.
- container_
exec FunctionRuntime Policy Container Exec Args - created str
- cve str
- default_
security_ strprofile - description str
- The description of the function runtime policy
- digest str
- drift_
preventions Sequence[FunctionRuntime Policy Drift Prevention Args] - Drift prevention configuration.
- enable_
crypto_ boolmining_ dns - enable_
fork_ boolguard - enable_
ip_ boolreputation - enable_
port_ boolscan_ protection - enabled bool
- Whether allowed executables configuration is enabled.
- enforce bool
- Indicates that policy should effect container execution (not just for audit).
- enforce_
after_ intdays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce_
scheduler_ intadded_ on - exclude_
application_ Sequence[str]scopes - List of excluded application scopes.
- executable_
blacklists Sequence[FunctionRuntime Policy Executable Blacklist Args] - Executable blacklist configuration.
- failed_
kubernetes_ Functionchecks Runtime Policy Failed Kubernetes Checks Args - file_
block FunctionRuntime Policy File Block Args - file_
integrity_ Sequence[Functionmonitorings Runtime Policy File Integrity Monitoring Args] - Configuration for file integrity monitoring.
- fork_
guard_ intprocess_ limit - honeypot_
access_ strkey - Honeypot User ID (Access Key)
- honeypot_
apply_ Sequence[str]ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot_
secret_ strkey - Honeypot User Password (Secret Key)
- honeypot_
serverless_ strapp_ name - Serverless application name
- image_
name str - is_
audit_ boolchecked - is_
auto_ boolgenerated - is_
ootb_ boolpolicy - lastupdate int
- limit_
container_ Sequence[Functionprivileges Runtime Policy Limit Container Privilege Args] - Container privileges configuration.
- linux_
capabilities FunctionRuntime Policy Linux Capabilities Args - malware_
scan_ Functionoptions Runtime Policy Malware Scan Options Args - Configuration for Real-Time Malware Protection.
- name str
- Name assigned to the attribute.
- no_
new_ boolprivileges - only_
registered_ boolimages - package_
block FunctionRuntime Policy Package Block Args - permission str
- port_
block FunctionRuntime Policy Port Block Args - readonly_
files FunctionRuntime Policy Readonly Files Args - readonly_
registry FunctionRuntime Policy Readonly Registry Args - registry str
- registry_
access_ Functionmonitoring Runtime Policy Registry Access Monitoring Args - repo_
name str - resource_
name str - resource_
type str - restricted_
volumes Sequence[FunctionRuntime Policy Restricted Volume Args] - Restricted volumes configuration.
- reverse_
shell FunctionRuntime Policy Reverse Shell Args - runtime_
mode int - runtime_
type str - scope_
expression str - Logical expression of how to compute the dependency of the scope variables.
- scope_
variables Sequence[FunctionRuntime Policy Scope Variable Args] - List of scope attributes.
- scopes
Sequence[Function
Runtime Policy Scope Args] - Scope configuration.
- system_
integrity_ Functionprotection Runtime Policy System Integrity Protection Args - tripwire
Function
Runtime Policy Tripwire Args - type str
- updated str
- version str
- vpatch_
version str - whitelisted_
os_ Functionusers Runtime Policy Whitelisted Os Users Args
- allowed
Executables List<Property Map> - Allowed executables configuration.
- allowed
Registries List<Property Map> - List of allowed registries.
- application
Scopes List<String> - Indicates the application scope of the service.
- audit
Brute BooleanForce Login - Detects brute force login attempts
- auditing Property Map
- String
- Username of the account that created the service.
- blacklisted
Os Property MapUsers - block
Container BooleanExec - block
Disallowed BooleanImages - block
Fileless BooleanExec - block
Non BooleanCompliant Workloads - block
Non BooleanK8s Containers - bypass
Scopes List<Property Map> - Bypass scope configuration.
- container
Exec Property Map - created String
- cve String
- default
Security StringProfile - description String
- The description of the function runtime policy
- digest String
- drift
Preventions List<Property Map> - Drift prevention configuration.
- enable
Crypto BooleanMining Dns - enable
Fork BooleanGuard - enable
Ip BooleanReputation - enable
Port BooleanScan Protection - enabled Boolean
- Whether allowed executables configuration is enabled.
- enforce Boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After NumberDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler NumberAdded On - exclude
Application List<String>Scopes - List of excluded application scopes.
- executable
Blacklists List<Property Map> - Executable blacklist configuration.
- failed
Kubernetes Property MapChecks - file
Block Property Map - file
Integrity List<Property Map>Monitorings - Configuration for file integrity monitoring.
- fork
Guard NumberProcess Limit - honeypot
Access StringKey - Honeypot User ID (Access Key)
- honeypot
Apply List<String>Ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret StringKey - Honeypot User Password (Secret Key)
- honeypot
Serverless StringApp Name - Serverless application name
- image
Name String - is
Audit BooleanChecked - is
Auto BooleanGenerated - is
Ootb BooleanPolicy - lastupdate Number
- limit
Container List<Property Map>Privileges - Container privileges configuration.
- linux
Capabilities Property Map - malware
Scan Property MapOptions - Configuration for Real-Time Malware Protection.
- name String
- Name assigned to the attribute.
- no
New BooleanPrivileges - only
Registered BooleanImages - package
Block Property Map - permission String
- port
Block Property Map - readonly
Files Property Map - readonly
Registry Property Map - registry String
- registry
Access Property MapMonitoring - repo
Name String - resource
Name String - resource
Type String - restricted
Volumes List<Property Map> - Restricted volumes configuration.
- reverse
Shell Property Map - runtime
Mode Number - runtime
Type String - scope
Expression String - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<Property Map> - List of scope attributes.
- scopes List<Property Map>
- Scope configuration.
- system
Integrity Property MapProtection - tripwire Property Map
- type String
- updated String
- version String
- vpatch
Version String - whitelisted
Os Property MapUsers
Outputs
All input properties are implicitly available as output properties. Additionally, the FunctionRuntimePolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FunctionRuntimePolicy Resource
Get an existing FunctionRuntimePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FunctionRuntimePolicyState, opts?: CustomResourceOptions): FunctionRuntimePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_executables: Optional[Sequence[FunctionRuntimePolicyAllowedExecutableArgs]] = None,
allowed_registries: Optional[Sequence[FunctionRuntimePolicyAllowedRegistryArgs]] = None,
application_scopes: Optional[Sequence[str]] = None,
audit_brute_force_login: Optional[bool] = None,
auditing: Optional[FunctionRuntimePolicyAuditingArgs] = None,
author: Optional[str] = None,
blacklisted_os_users: Optional[FunctionRuntimePolicyBlacklistedOsUsersArgs] = None,
block_container_exec: Optional[bool] = None,
block_disallowed_images: Optional[bool] = None,
block_fileless_exec: Optional[bool] = None,
block_non_compliant_workloads: Optional[bool] = None,
block_non_k8s_containers: Optional[bool] = None,
bypass_scopes: Optional[Sequence[FunctionRuntimePolicyBypassScopeArgs]] = None,
container_exec: Optional[FunctionRuntimePolicyContainerExecArgs] = None,
created: Optional[str] = None,
cve: Optional[str] = None,
default_security_profile: Optional[str] = None,
description: Optional[str] = None,
digest: Optional[str] = None,
drift_preventions: Optional[Sequence[FunctionRuntimePolicyDriftPreventionArgs]] = None,
enable_crypto_mining_dns: Optional[bool] = None,
enable_fork_guard: Optional[bool] = None,
enable_ip_reputation: Optional[bool] = None,
enable_port_scan_protection: Optional[bool] = None,
enabled: Optional[bool] = None,
enforce: Optional[bool] = None,
enforce_after_days: Optional[int] = None,
enforce_scheduler_added_on: Optional[int] = None,
exclude_application_scopes: Optional[Sequence[str]] = None,
executable_blacklists: Optional[Sequence[FunctionRuntimePolicyExecutableBlacklistArgs]] = None,
failed_kubernetes_checks: Optional[FunctionRuntimePolicyFailedKubernetesChecksArgs] = None,
file_block: Optional[FunctionRuntimePolicyFileBlockArgs] = None,
file_integrity_monitorings: Optional[Sequence[FunctionRuntimePolicyFileIntegrityMonitoringArgs]] = None,
fork_guard_process_limit: Optional[int] = None,
honeypot_access_key: Optional[str] = None,
honeypot_apply_ons: Optional[Sequence[str]] = None,
honeypot_secret_key: Optional[str] = None,
honeypot_serverless_app_name: Optional[str] = None,
image_name: Optional[str] = None,
is_audit_checked: Optional[bool] = None,
is_auto_generated: Optional[bool] = None,
is_ootb_policy: Optional[bool] = None,
lastupdate: Optional[int] = None,
limit_container_privileges: Optional[Sequence[FunctionRuntimePolicyLimitContainerPrivilegeArgs]] = None,
linux_capabilities: Optional[FunctionRuntimePolicyLinuxCapabilitiesArgs] = None,
malware_scan_options: Optional[FunctionRuntimePolicyMalwareScanOptionsArgs] = None,
name: Optional[str] = None,
no_new_privileges: Optional[bool] = None,
only_registered_images: Optional[bool] = None,
package_block: Optional[FunctionRuntimePolicyPackageBlockArgs] = None,
permission: Optional[str] = None,
port_block: Optional[FunctionRuntimePolicyPortBlockArgs] = None,
readonly_files: Optional[FunctionRuntimePolicyReadonlyFilesArgs] = None,
readonly_registry: Optional[FunctionRuntimePolicyReadonlyRegistryArgs] = None,
registry: Optional[str] = None,
registry_access_monitoring: Optional[FunctionRuntimePolicyRegistryAccessMonitoringArgs] = None,
repo_name: Optional[str] = None,
resource_name: Optional[str] = None,
resource_type: Optional[str] = None,
restricted_volumes: Optional[Sequence[FunctionRuntimePolicyRestrictedVolumeArgs]] = None,
reverse_shell: Optional[FunctionRuntimePolicyReverseShellArgs] = None,
runtime_mode: Optional[int] = None,
runtime_type: Optional[str] = None,
scope_expression: Optional[str] = None,
scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None,
scopes: Optional[Sequence[FunctionRuntimePolicyScopeArgs]] = None,
system_integrity_protection: Optional[FunctionRuntimePolicySystemIntegrityProtectionArgs] = None,
tripwire: Optional[FunctionRuntimePolicyTripwireArgs] = None,
type: Optional[str] = None,
updated: Optional[str] = None,
version: Optional[str] = None,
vpatch_version: Optional[str] = None,
whitelisted_os_users: Optional[FunctionRuntimePolicyWhitelistedOsUsersArgs] = None) -> FunctionRuntimePolicyfunc GetFunctionRuntimePolicy(ctx *Context, name string, id IDInput, state *FunctionRuntimePolicyState, opts ...ResourceOption) (*FunctionRuntimePolicy, error)public static FunctionRuntimePolicy Get(string name, Input<string> id, FunctionRuntimePolicyState? state, CustomResourceOptions? opts = null)public static FunctionRuntimePolicy get(String name, Output<String> id, FunctionRuntimePolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Executables List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Allowed Executable> - Allowed executables configuration.
- Allowed
Registries List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Allowed Registry> - List of allowed registries.
- Application
Scopes List<string> - Indicates the application scope of the service.
- Audit
Brute boolForce Login - Detects brute force login attempts
- Auditing
Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Auditing - string
- Username of the account that created the service.
- Blacklisted
Os Pulumiverse.Users Aquasec. Inputs. Function Runtime Policy Blacklisted Os Users - Block
Container boolExec - Block
Disallowed boolImages - Block
Fileless boolExec - Block
Non boolCompliant Workloads - Block
Non boolK8s Containers - Bypass
Scopes List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Bypass Scope> - Bypass scope configuration.
- Container
Exec Pulumiverse.Aquasec. Inputs. Function Runtime Policy Container Exec - Created string
- Cve string
- Default
Security stringProfile - Description string
- The description of the function runtime policy
- Digest string
- Drift
Preventions List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Drift Prevention> - Drift prevention configuration.
- Enable
Crypto boolMining Dns - Enable
Fork boolGuard - Enable
Ip boolReputation - Enable
Port boolScan Protection - Enabled bool
- Whether allowed executables configuration is enabled.
- Enforce bool
- Indicates that policy should effect container execution (not just for audit).
- Enforce
After intDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- Enforce
Scheduler intAdded On - Exclude
Application List<string>Scopes - List of excluded application scopes.
- Executable
Blacklists List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Executable Blacklist> - Executable blacklist configuration.
- Failed
Kubernetes Pulumiverse.Checks Aquasec. Inputs. Function Runtime Policy Failed Kubernetes Checks - File
Block Pulumiverse.Aquasec. Inputs. Function Runtime Policy File Block - File
Integrity List<Pulumiverse.Monitorings Aquasec. Inputs. Function Runtime Policy File Integrity Monitoring> - Configuration for file integrity monitoring.
- Fork
Guard intProcess Limit - Honeypot
Access stringKey - Honeypot User ID (Access Key)
- Honeypot
Apply List<string>Ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- Honeypot
Secret stringKey - Honeypot User Password (Secret Key)
- Honeypot
Serverless stringApp Name - Serverless application name
- Image
Name string - Is
Audit boolChecked - Is
Auto boolGenerated - Is
Ootb boolPolicy - Lastupdate int
- Limit
Container List<Pulumiverse.Privileges Aquasec. Inputs. Function Runtime Policy Limit Container Privilege> - Container privileges configuration.
- Linux
Capabilities Pulumiverse.Aquasec. Inputs. Function Runtime Policy Linux Capabilities - Malware
Scan Pulumiverse.Options Aquasec. Inputs. Function Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- Name string
- Name assigned to the attribute.
- No
New boolPrivileges - Only
Registered boolImages - Package
Block Pulumiverse.Aquasec. Inputs. Function Runtime Policy Package Block - Permission string
- Port
Block Pulumiverse.Aquasec. Inputs. Function Runtime Policy Port Block - Readonly
Files Pulumiverse.Aquasec. Inputs. Function Runtime Policy Readonly Files - Readonly
Registry Pulumiverse.Aquasec. Inputs. Function Runtime Policy Readonly Registry - Registry string
- Registry
Access Pulumiverse.Monitoring Aquasec. Inputs. Function Runtime Policy Registry Access Monitoring - Repo
Name string - Resource
Name string - Resource
Type string - Restricted
Volumes List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Restricted Volume> - Restricted volumes configuration.
- Reverse
Shell Pulumiverse.Aquasec. Inputs. Function Runtime Policy Reverse Shell - Runtime
Mode int - Runtime
Type string - Scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Scope Variable> - List of scope attributes.
- Scopes
List<Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Scope> - Scope configuration.
- System
Integrity Pulumiverse.Protection Aquasec. Inputs. Function Runtime Policy System Integrity Protection - Tripwire
Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Tripwire - Type string
- Updated string
- Version string
- Vpatch
Version string - Whitelisted
Os Pulumiverse.Users Aquasec. Inputs. Function Runtime Policy Whitelisted Os Users
- Allowed
Executables []FunctionRuntime Policy Allowed Executable Args - Allowed executables configuration.
- Allowed
Registries []FunctionRuntime Policy Allowed Registry Args - List of allowed registries.
- Application
Scopes []string - Indicates the application scope of the service.
- Audit
Brute boolForce Login - Detects brute force login attempts
- Auditing
Function
Runtime Policy Auditing Args - string
- Username of the account that created the service.
- Blacklisted
Os FunctionUsers Runtime Policy Blacklisted Os Users Args - Block
Container boolExec - Block
Disallowed boolImages - Block
Fileless boolExec - Block
Non boolCompliant Workloads - Block
Non boolK8s Containers - Bypass
Scopes []FunctionRuntime Policy Bypass Scope Args - Bypass scope configuration.
- Container
Exec FunctionRuntime Policy Container Exec Args - Created string
- Cve string
- Default
Security stringProfile - Description string
- The description of the function runtime policy
- Digest string
- Drift
Preventions []FunctionRuntime Policy Drift Prevention Args - Drift prevention configuration.
- Enable
Crypto boolMining Dns - Enable
Fork boolGuard - Enable
Ip boolReputation - Enable
Port boolScan Protection - Enabled bool
- Whether allowed executables configuration is enabled.
- Enforce bool
- Indicates that policy should effect container execution (not just for audit).
- Enforce
After intDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- Enforce
Scheduler intAdded On - Exclude
Application []stringScopes - List of excluded application scopes.
- Executable
Blacklists []FunctionRuntime Policy Executable Blacklist Args - Executable blacklist configuration.
- Failed
Kubernetes FunctionChecks Runtime Policy Failed Kubernetes Checks Args - File
Block FunctionRuntime Policy File Block Args - File
Integrity []FunctionMonitorings Runtime Policy File Integrity Monitoring Args - Configuration for file integrity monitoring.
- Fork
Guard intProcess Limit - Honeypot
Access stringKey - Honeypot User ID (Access Key)
- Honeypot
Apply []stringOns - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- Honeypot
Secret stringKey - Honeypot User Password (Secret Key)
- Honeypot
Serverless stringApp Name - Serverless application name
- Image
Name string - Is
Audit boolChecked - Is
Auto boolGenerated - Is
Ootb boolPolicy - Lastupdate int
- Limit
Container []FunctionPrivileges Runtime Policy Limit Container Privilege Args - Container privileges configuration.
- Linux
Capabilities FunctionRuntime Policy Linux Capabilities Args - Malware
Scan FunctionOptions Runtime Policy Malware Scan Options Args - Configuration for Real-Time Malware Protection.
- Name string
- Name assigned to the attribute.
- No
New boolPrivileges - Only
Registered boolImages - Package
Block FunctionRuntime Policy Package Block Args - Permission string
- Port
Block FunctionRuntime Policy Port Block Args - Readonly
Files FunctionRuntime Policy Readonly Files Args - Readonly
Registry FunctionRuntime Policy Readonly Registry Args - Registry string
- Registry
Access FunctionMonitoring Runtime Policy Registry Access Monitoring Args - Repo
Name string - Resource
Name string - Resource
Type string - Restricted
Volumes []FunctionRuntime Policy Restricted Volume Args - Restricted volumes configuration.
- Reverse
Shell FunctionRuntime Policy Reverse Shell Args - Runtime
Mode int - Runtime
Type string - Scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables []FunctionRuntime Policy Scope Variable Args - List of scope attributes.
- Scopes
[]Function
Runtime Policy Scope Args - Scope configuration.
- System
Integrity FunctionProtection Runtime Policy System Integrity Protection Args - Tripwire
Function
Runtime Policy Tripwire Args - Type string
- Updated string
- Version string
- Vpatch
Version string - Whitelisted
Os FunctionUsers Runtime Policy Whitelisted Os Users Args
- allowed
Executables List<FunctionRuntime Policy Allowed Executable> - Allowed executables configuration.
- allowed
Registries List<FunctionRuntime Policy Allowed Registry> - List of allowed registries.
- application
Scopes List<String> - Indicates the application scope of the service.
- audit
Brute BooleanForce Login - Detects brute force login attempts
- auditing
Function
Runtime Policy Auditing - String
- Username of the account that created the service.
- blacklisted
Os FunctionUsers Runtime Policy Blacklisted Os Users - block
Container BooleanExec - block
Disallowed BooleanImages - block
Fileless BooleanExec - block
Non BooleanCompliant Workloads - block
Non BooleanK8s Containers - bypass
Scopes List<FunctionRuntime Policy Bypass Scope> - Bypass scope configuration.
- container
Exec FunctionRuntime Policy Container Exec - created String
- cve String
- default
Security StringProfile - description String
- The description of the function runtime policy
- digest String
- drift
Preventions List<FunctionRuntime Policy Drift Prevention> - Drift prevention configuration.
- enable
Crypto BooleanMining Dns - enable
Fork BooleanGuard - enable
Ip BooleanReputation - enable
Port BooleanScan Protection - enabled Boolean
- Whether allowed executables configuration is enabled.
- enforce Boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After IntegerDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler IntegerAdded On - exclude
Application List<String>Scopes - List of excluded application scopes.
- executable
Blacklists List<FunctionRuntime Policy Executable Blacklist> - Executable blacklist configuration.
- failed
Kubernetes FunctionChecks Runtime Policy Failed Kubernetes Checks - file
Block FunctionRuntime Policy File Block - file
Integrity List<FunctionMonitorings Runtime Policy File Integrity Monitoring> - Configuration for file integrity monitoring.
- fork
Guard IntegerProcess Limit - honeypot
Access StringKey - Honeypot User ID (Access Key)
- honeypot
Apply List<String>Ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret StringKey - Honeypot User Password (Secret Key)
- honeypot
Serverless StringApp Name - Serverless application name
- image
Name String - is
Audit BooleanChecked - is
Auto BooleanGenerated - is
Ootb BooleanPolicy - lastupdate Integer
- limit
Container List<FunctionPrivileges Runtime Policy Limit Container Privilege> - Container privileges configuration.
- linux
Capabilities FunctionRuntime Policy Linux Capabilities - malware
Scan FunctionOptions Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- name String
- Name assigned to the attribute.
- no
New BooleanPrivileges - only
Registered BooleanImages - package
Block FunctionRuntime Policy Package Block - permission String
- port
Block FunctionRuntime Policy Port Block - readonly
Files FunctionRuntime Policy Readonly Files - readonly
Registry FunctionRuntime Policy Readonly Registry - registry String
- registry
Access FunctionMonitoring Runtime Policy Registry Access Monitoring - repo
Name String - resource
Name String - resource
Type String - restricted
Volumes List<FunctionRuntime Policy Restricted Volume> - Restricted volumes configuration.
- reverse
Shell FunctionRuntime Policy Reverse Shell - runtime
Mode Integer - runtime
Type String - scope
Expression String - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<FunctionRuntime Policy Scope Variable> - List of scope attributes.
- scopes
List<Function
Runtime Policy Scope> - Scope configuration.
- system
Integrity FunctionProtection Runtime Policy System Integrity Protection - tripwire
Function
Runtime Policy Tripwire - type String
- updated String
- version String
- vpatch
Version String - whitelisted
Os FunctionUsers Runtime Policy Whitelisted Os Users
- allowed
Executables FunctionRuntime Policy Allowed Executable[] - Allowed executables configuration.
- allowed
Registries FunctionRuntime Policy Allowed Registry[] - List of allowed registries.
- application
Scopes string[] - Indicates the application scope of the service.
- audit
Brute booleanForce Login - Detects brute force login attempts
- auditing
Function
Runtime Policy Auditing - string
- Username of the account that created the service.
- blacklisted
Os FunctionUsers Runtime Policy Blacklisted Os Users - block
Container booleanExec - block
Disallowed booleanImages - block
Fileless booleanExec - block
Non booleanCompliant Workloads - block
Non booleanK8s Containers - bypass
Scopes FunctionRuntime Policy Bypass Scope[] - Bypass scope configuration.
- container
Exec FunctionRuntime Policy Container Exec - created string
- cve string
- default
Security stringProfile - description string
- The description of the function runtime policy
- digest string
- drift
Preventions FunctionRuntime Policy Drift Prevention[] - Drift prevention configuration.
- enable
Crypto booleanMining Dns - enable
Fork booleanGuard - enable
Ip booleanReputation - enable
Port booleanScan Protection - enabled boolean
- Whether allowed executables configuration is enabled.
- enforce boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After numberDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler numberAdded On - exclude
Application string[]Scopes - List of excluded application scopes.
- executable
Blacklists FunctionRuntime Policy Executable Blacklist[] - Executable blacklist configuration.
- failed
Kubernetes FunctionChecks Runtime Policy Failed Kubernetes Checks - file
Block FunctionRuntime Policy File Block - file
Integrity FunctionMonitorings Runtime Policy File Integrity Monitoring[] - Configuration for file integrity monitoring.
- fork
Guard numberProcess Limit - honeypot
Access stringKey - Honeypot User ID (Access Key)
- honeypot
Apply string[]Ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret stringKey - Honeypot User Password (Secret Key)
- honeypot
Serverless stringApp Name - Serverless application name
- image
Name string - is
Audit booleanChecked - is
Auto booleanGenerated - is
Ootb booleanPolicy - lastupdate number
- limit
Container FunctionPrivileges Runtime Policy Limit Container Privilege[] - Container privileges configuration.
- linux
Capabilities FunctionRuntime Policy Linux Capabilities - malware
Scan FunctionOptions Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- name string
- Name assigned to the attribute.
- no
New booleanPrivileges - only
Registered booleanImages - package
Block FunctionRuntime Policy Package Block - permission string
- port
Block FunctionRuntime Policy Port Block - readonly
Files FunctionRuntime Policy Readonly Files - readonly
Registry FunctionRuntime Policy Readonly Registry - registry string
- registry
Access FunctionMonitoring Runtime Policy Registry Access Monitoring - repo
Name string - resource
Name string - resource
Type string - restricted
Volumes FunctionRuntime Policy Restricted Volume[] - Restricted volumes configuration.
- reverse
Shell FunctionRuntime Policy Reverse Shell - runtime
Mode number - runtime
Type string - scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables FunctionRuntime Policy Scope Variable[] - List of scope attributes.
- scopes
Function
Runtime Policy Scope[] - Scope configuration.
- system
Integrity FunctionProtection Runtime Policy System Integrity Protection - tripwire
Function
Runtime Policy Tripwire - type string
- updated string
- version string
- vpatch
Version string - whitelisted
Os FunctionUsers Runtime Policy Whitelisted Os Users
- allowed_
executables Sequence[FunctionRuntime Policy Allowed Executable Args] - Allowed executables configuration.
- allowed_
registries Sequence[FunctionRuntime Policy Allowed Registry Args] - List of allowed registries.
- application_
scopes Sequence[str] - Indicates the application scope of the service.
- audit_
brute_ boolforce_ login - Detects brute force login attempts
- auditing
Function
Runtime Policy Auditing Args - str
- Username of the account that created the service.
- blacklisted_
os_ Functionusers Runtime Policy Blacklisted Os Users Args - block_
container_ boolexec - block_
disallowed_ boolimages - block_
fileless_ boolexec - block_
non_ boolcompliant_ workloads - block_
non_ boolk8s_ containers - bypass_
scopes Sequence[FunctionRuntime Policy Bypass Scope Args] - Bypass scope configuration.
- container_
exec FunctionRuntime Policy Container Exec Args - created str
- cve str
- default_
security_ strprofile - description str
- The description of the function runtime policy
- digest str
- drift_
preventions Sequence[FunctionRuntime Policy Drift Prevention Args] - Drift prevention configuration.
- enable_
crypto_ boolmining_ dns - enable_
fork_ boolguard - enable_
ip_ boolreputation - enable_
port_ boolscan_ protection - enabled bool
- Whether allowed executables configuration is enabled.
- enforce bool
- Indicates that policy should effect container execution (not just for audit).
- enforce_
after_ intdays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce_
scheduler_ intadded_ on - exclude_
application_ Sequence[str]scopes - List of excluded application scopes.
- executable_
blacklists Sequence[FunctionRuntime Policy Executable Blacklist Args] - Executable blacklist configuration.
- failed_
kubernetes_ Functionchecks Runtime Policy Failed Kubernetes Checks Args - file_
block FunctionRuntime Policy File Block Args - file_
integrity_ Sequence[Functionmonitorings Runtime Policy File Integrity Monitoring Args] - Configuration for file integrity monitoring.
- fork_
guard_ intprocess_ limit - honeypot_
access_ strkey - Honeypot User ID (Access Key)
- honeypot_
apply_ Sequence[str]ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot_
secret_ strkey - Honeypot User Password (Secret Key)
- honeypot_
serverless_ strapp_ name - Serverless application name
- image_
name str - is_
audit_ boolchecked - is_
auto_ boolgenerated - is_
ootb_ boolpolicy - lastupdate int
- limit_
container_ Sequence[Functionprivileges Runtime Policy Limit Container Privilege Args] - Container privileges configuration.
- linux_
capabilities FunctionRuntime Policy Linux Capabilities Args - malware_
scan_ Functionoptions Runtime Policy Malware Scan Options Args - Configuration for Real-Time Malware Protection.
- name str
- Name assigned to the attribute.
- no_
new_ boolprivileges - only_
registered_ boolimages - package_
block FunctionRuntime Policy Package Block Args - permission str
- port_
block FunctionRuntime Policy Port Block Args - readonly_
files FunctionRuntime Policy Readonly Files Args - readonly_
registry FunctionRuntime Policy Readonly Registry Args - registry str
- registry_
access_ Functionmonitoring Runtime Policy Registry Access Monitoring Args - repo_
name str - resource_
name str - resource_
type str - restricted_
volumes Sequence[FunctionRuntime Policy Restricted Volume Args] - Restricted volumes configuration.
- reverse_
shell FunctionRuntime Policy Reverse Shell Args - runtime_
mode int - runtime_
type str - scope_
expression str - Logical expression of how to compute the dependency of the scope variables.
- scope_
variables Sequence[FunctionRuntime Policy Scope Variable Args] - List of scope attributes.
- scopes
Sequence[Function
Runtime Policy Scope Args] - Scope configuration.
- system_
integrity_ Functionprotection Runtime Policy System Integrity Protection Args - tripwire
Function
Runtime Policy Tripwire Args - type str
- updated str
- version str
- vpatch_
version str - whitelisted_
os_ Functionusers Runtime Policy Whitelisted Os Users Args
- allowed
Executables List<Property Map> - Allowed executables configuration.
- allowed
Registries List<Property Map> - List of allowed registries.
- application
Scopes List<String> - Indicates the application scope of the service.
- audit
Brute BooleanForce Login - Detects brute force login attempts
- auditing Property Map
- String
- Username of the account that created the service.
- blacklisted
Os Property MapUsers - block
Container BooleanExec - block
Disallowed BooleanImages - block
Fileless BooleanExec - block
Non BooleanCompliant Workloads - block
Non BooleanK8s Containers - bypass
Scopes List<Property Map> - Bypass scope configuration.
- container
Exec Property Map - created String
- cve String
- default
Security StringProfile - description String
- The description of the function runtime policy
- digest String
- drift
Preventions List<Property Map> - Drift prevention configuration.
- enable
Crypto BooleanMining Dns - enable
Fork BooleanGuard - enable
Ip BooleanReputation - enable
Port BooleanScan Protection - enabled Boolean
- Whether allowed executables configuration is enabled.
- enforce Boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After NumberDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler NumberAdded On - exclude
Application List<String>Scopes - List of excluded application scopes.
- executable
Blacklists List<Property Map> - Executable blacklist configuration.
- failed
Kubernetes Property MapChecks - file
Block Property Map - file
Integrity List<Property Map>Monitorings - Configuration for file integrity monitoring.
- fork
Guard NumberProcess Limit - honeypot
Access StringKey - Honeypot User ID (Access Key)
- honeypot
Apply List<String>Ons - List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret StringKey - Honeypot User Password (Secret Key)
- honeypot
Serverless StringApp Name - Serverless application name
- image
Name String - is
Audit BooleanChecked - is
Auto BooleanGenerated - is
Ootb BooleanPolicy - lastupdate Number
- limit
Container List<Property Map>Privileges - Container privileges configuration.
- linux
Capabilities Property Map - malware
Scan Property MapOptions - Configuration for Real-Time Malware Protection.
- name String
- Name assigned to the attribute.
- no
New BooleanPrivileges - only
Registered BooleanImages - package
Block Property Map - permission String
- port
Block Property Map - readonly
Files Property Map - readonly
Registry Property Map - registry String
- registry
Access Property MapMonitoring - repo
Name String - resource
Name String - resource
Type String - restricted
Volumes List<Property Map> - Restricted volumes configuration.
- reverse
Shell Property Map - runtime
Mode Number - runtime
Type String - scope
Expression String - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<Property Map> - List of scope attributes.
- scopes List<Property Map>
- Scope configuration.
- system
Integrity Property MapProtection - tripwire Property Map
- type String
- updated String
- version String
- vpatch
Version String - whitelisted
Os Property MapUsers
Supporting Types
FunctionRuntimePolicyAllowedExecutable, FunctionRuntimePolicyAllowedExecutableArgs
- Allow
Executables List<string> - List of allowed executables.
- Allow
Root List<string>Executables - List of allowed root executables.
- Enabled bool
- Whether allowed executables configuration is enabled.
- Separate
Executables bool - Whether to treat executables separately.
- Allow
Executables []string - List of allowed executables.
- Allow
Root []stringExecutables - List of allowed root executables.
- Enabled bool
- Whether allowed executables configuration is enabled.
- Separate
Executables bool - Whether to treat executables separately.
- allow
Executables List<String> - List of allowed executables.
- allow
Root List<String>Executables - List of allowed root executables.
- enabled Boolean
- Whether allowed executables configuration is enabled.
- separate
Executables Boolean - Whether to treat executables separately.
- allow
Executables string[] - List of allowed executables.
- allow
Root string[]Executables - List of allowed root executables.
- enabled boolean
- Whether allowed executables configuration is enabled.
- separate
Executables boolean - Whether to treat executables separately.
- allow_
executables Sequence[str] - List of allowed executables.
- allow_
root_ Sequence[str]executables - List of allowed root executables.
- enabled bool
- Whether allowed executables configuration is enabled.
- separate_
executables bool - Whether to treat executables separately.
- allow
Executables List<String> - List of allowed executables.
- allow
Root List<String>Executables - List of allowed root executables.
- enabled Boolean
- Whether allowed executables configuration is enabled.
- separate
Executables Boolean - Whether to treat executables separately.
FunctionRuntimePolicyAllowedRegistry, FunctionRuntimePolicyAllowedRegistryArgs
- Allowed
Registries List<string> - List of allowed registries.
- Enabled bool
- Whether allowed registries are enabled.
- Allowed
Registries []string - List of allowed registries.
- Enabled bool
- Whether allowed registries are enabled.
- allowed
Registries List<String> - List of allowed registries.
- enabled Boolean
- Whether allowed registries are enabled.
- allowed
Registries string[] - List of allowed registries.
- enabled boolean
- Whether allowed registries are enabled.
- allowed_
registries Sequence[str] - List of allowed registries.
- enabled bool
- Whether allowed registries are enabled.
- allowed
Registries List<String> - List of allowed registries.
- enabled Boolean
- Whether allowed registries are enabled.
FunctionRuntimePolicyAuditing, FunctionRuntimePolicyAuditingArgs
- Audit
All boolNetwork - Audit
All boolProcesses - Audit
Failed boolLogin - Audit
Os boolUser Activity - Audit
Process boolCmdline - Audit
Success boolLogin - Audit
User boolAccount Management - Enabled bool
- Audit
All boolNetwork - Audit
All boolProcesses - Audit
Failed boolLogin - Audit
Os boolUser Activity - Audit
Process boolCmdline - Audit
Success boolLogin - Audit
User boolAccount Management - Enabled bool
- audit
All BooleanNetwork - audit
All BooleanProcesses - audit
Failed BooleanLogin - audit
Os BooleanUser Activity - audit
Process BooleanCmdline - audit
Success BooleanLogin - audit
User BooleanAccount Management - enabled Boolean
- audit
All booleanNetwork - audit
All booleanProcesses - audit
Failed booleanLogin - audit
Os booleanUser Activity - audit
Process booleanCmdline - audit
Success booleanLogin - audit
User booleanAccount Management - enabled boolean
- audit_
all_ boolnetwork - audit_
all_ boolprocesses - audit_
failed_ boollogin - audit_
os_ booluser_ activity - audit_
process_ boolcmdline - audit_
success_ boollogin - audit_
user_ boolaccount_ management - enabled bool
- audit
All BooleanNetwork - audit
All BooleanProcesses - audit
Failed BooleanLogin - audit
Os BooleanUser Activity - audit
Process BooleanCmdline - audit
Success BooleanLogin - audit
User BooleanAccount Management - enabled Boolean
FunctionRuntimePolicyBlacklistedOsUsers, FunctionRuntimePolicyBlacklistedOsUsersArgs
- Enabled bool
- Group
Black List<string>Lists - User
Black List<string>Lists
- Enabled bool
- Group
Black []stringLists - User
Black []stringLists
- enabled Boolean
- group
Black List<String>Lists - user
Black List<String>Lists
- enabled boolean
- group
Black string[]Lists - user
Black string[]Lists
- enabled bool
- group_
black_ Sequence[str]lists - user_
black_ Sequence[str]lists
- enabled Boolean
- group
Black List<String>Lists - user
Black List<String>Lists
FunctionRuntimePolicyBypassScope, FunctionRuntimePolicyBypassScopeArgs
- Enabled bool
- Whether bypassing the scope is enabled.
- Scopes
List<Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Bypass Scope Scope> - Scope configuration.
- Enabled bool
- Whether bypassing the scope is enabled.
- Scopes
[]Function
Runtime Policy Bypass Scope Scope - Scope configuration.
- enabled Boolean
- Whether bypassing the scope is enabled.
- scopes
List<Function
Runtime Policy Bypass Scope Scope> - Scope configuration.
- enabled boolean
- Whether bypassing the scope is enabled.
- scopes
Function
Runtime Policy Bypass Scope Scope[] - Scope configuration.
- enabled bool
- Whether bypassing the scope is enabled.
- scopes
Sequence[Function
Runtime Policy Bypass Scope Scope] - Scope configuration.
- enabled Boolean
- Whether bypassing the scope is enabled.
- scopes List<Property Map>
- Scope configuration.
FunctionRuntimePolicyBypassScopeScope, FunctionRuntimePolicyBypassScopeScopeArgs
- Expression string
- Scope expression.
- Variables
List<Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Bypass Scope Scope Variable> - List of variables in the scope.
- Expression string
- Scope expression.
- Variables
[]Function
Runtime Policy Bypass Scope Scope Variable - List of variables in the scope.
- expression String
- Scope expression.
- variables
List<Function
Runtime Policy Bypass Scope Scope Variable> - List of variables in the scope.
- expression string
- Scope expression.
- variables
Function
Runtime Policy Bypass Scope Scope Variable[] - List of variables in the scope.
- expression str
- Scope expression.
- variables
Sequence[Function
Runtime Policy Bypass Scope Scope Variable] - List of variables in the scope.
- expression String
- Scope expression.
- variables List<Property Map>
- List of variables in the scope.
FunctionRuntimePolicyBypassScopeScopeVariable, FunctionRuntimePolicyBypassScopeScopeVariableArgs
FunctionRuntimePolicyContainerExec, FunctionRuntimePolicyContainerExecArgs
- Block
Container boolExec - Container
Exec List<string>Proc White Lists - Enabled bool
- Reverse
Shell List<string>Ip White Lists
- Block
Container boolExec - Container
Exec []stringProc White Lists - Enabled bool
- Reverse
Shell []stringIp White Lists
- block
Container BooleanExec - container
Exec List<String>Proc White Lists - enabled Boolean
- reverse
Shell List<String>Ip White Lists
- block
Container booleanExec - container
Exec string[]Proc White Lists - enabled boolean
- reverse
Shell string[]Ip White Lists
- block_
container_ boolexec - container_
exec_ Sequence[str]proc_ white_ lists - enabled bool
- reverse_
shell_ Sequence[str]ip_ white_ lists
- block
Container BooleanExec - container
Exec List<String>Proc White Lists - enabled Boolean
- reverse
Shell List<String>Ip White Lists
FunctionRuntimePolicyDriftPrevention, FunctionRuntimePolicyDriftPreventionArgs
- Enabled bool
- Whether drift prevention is enabled.
- Exec
Lockdown bool - Whether to lockdown execution drift.
- Exec
Lockdown List<string>White Lists - List of items in the execution lockdown white list.
- Image
Lockdown bool - Whether to lockdown image drift.
- Enabled bool
- Whether drift prevention is enabled.
- Exec
Lockdown bool - Whether to lockdown execution drift.
- Exec
Lockdown []stringWhite Lists - List of items in the execution lockdown white list.
- Image
Lockdown bool - Whether to lockdown image drift.
- enabled Boolean
- Whether drift prevention is enabled.
- exec
Lockdown Boolean - Whether to lockdown execution drift.
- exec
Lockdown List<String>White Lists - List of items in the execution lockdown white list.
- image
Lockdown Boolean - Whether to lockdown image drift.
- enabled boolean
- Whether drift prevention is enabled.
- exec
Lockdown boolean - Whether to lockdown execution drift.
- exec
Lockdown string[]White Lists - List of items in the execution lockdown white list.
- image
Lockdown boolean - Whether to lockdown image drift.
- enabled bool
- Whether drift prevention is enabled.
- exec_
lockdown bool - Whether to lockdown execution drift.
- exec_
lockdown_ Sequence[str]white_ lists - List of items in the execution lockdown white list.
- image_
lockdown bool - Whether to lockdown image drift.
- enabled Boolean
- Whether drift prevention is enabled.
- exec
Lockdown Boolean - Whether to lockdown execution drift.
- exec
Lockdown List<String>White Lists - List of items in the execution lockdown white list.
- image
Lockdown Boolean - Whether to lockdown image drift.
FunctionRuntimePolicyExecutableBlacklist, FunctionRuntimePolicyExecutableBlacklistArgs
- Enabled bool
- Whether the executable blacklist is enabled.
- Executables List<string>
- List of blacklisted executables.
- Enabled bool
- Whether the executable blacklist is enabled.
- Executables []string
- List of blacklisted executables.
- enabled Boolean
- Whether the executable blacklist is enabled.
- executables List<String>
- List of blacklisted executables.
- enabled boolean
- Whether the executable blacklist is enabled.
- executables string[]
- List of blacklisted executables.
- enabled bool
- Whether the executable blacklist is enabled.
- executables Sequence[str]
- List of blacklisted executables.
- enabled Boolean
- Whether the executable blacklist is enabled.
- executables List<String>
- List of blacklisted executables.
FunctionRuntimePolicyFailedKubernetesChecks, FunctionRuntimePolicyFailedKubernetesChecksArgs
- Enabled bool
- Failed
Checks List<string>
- Enabled bool
- Failed
Checks []string
- enabled Boolean
- failed
Checks List<String>
- enabled boolean
- failed
Checks string[]
- enabled bool
- failed_
checks Sequence[str]
- enabled Boolean
- failed
Checks List<String>
FunctionRuntimePolicyFileBlock, FunctionRuntimePolicyFileBlockArgs
- Block
Files List<string>Processes - Block
Files List<string>Users - Enabled bool
- Exceptional
Block List<string>Files - Exceptional
Block List<string>Files Processes - Exceptional
Block List<string>Files Users - Filename
Block List<string>Lists
- Block
Files []stringProcesses - Block
Files []stringUsers - Enabled bool
- Exceptional
Block []stringFiles - Exceptional
Block []stringFiles Processes - Exceptional
Block []stringFiles Users - Filename
Block []stringLists
- block
Files List<String>Processes - block
Files List<String>Users - enabled Boolean
- exceptional
Block List<String>Files - exceptional
Block List<String>Files Processes - exceptional
Block List<String>Files Users - filename
Block List<String>Lists
- block
Files string[]Processes - block
Files string[]Users - enabled boolean
- exceptional
Block string[]Files - exceptional
Block string[]Files Processes - exceptional
Block string[]Files Users - filename
Block string[]Lists
- block_
files_ Sequence[str]processes - block_
files_ Sequence[str]users - enabled bool
- exceptional_
block_ Sequence[str]files - exceptional_
block_ Sequence[str]files_ processes - exceptional_
block_ Sequence[str]files_ users - filename_
block_ Sequence[str]lists
- block
Files List<String>Processes - block
Files List<String>Users - enabled Boolean
- exceptional
Block List<String>Files - exceptional
Block List<String>Files Processes - exceptional
Block List<String>Files Users - filename
Block List<String>Lists
FunctionRuntimePolicyFileIntegrityMonitoring, FunctionRuntimePolicyFileIntegrityMonitoringArgs
- Enabled bool
- If true, file integrity monitoring is enabled.
- Exceptional
Monitored List<string>Files - List of paths to be excluded from monitoring.
- Exceptional
Monitored List<string>Files Processes - List of processes to be excluded from monitoring.
- Exceptional
Monitored List<string>Files Users - List of users to be excluded from monitoring.
- Monitored
Files List<string> - List of paths to be monitored.
- Monitored
Files boolAttributes - Whether to monitor file attribute operations.
- Monitored
Files boolCreate - Whether to monitor file create operations.
- Monitored
Files boolDelete - Whether to monitor file delete operations.
- Monitored
Files boolModify - Whether to monitor file modify operations.
- Monitored
Files List<string>Processes - List of processes associated with monitored files.
- Monitored
Files boolRead - Whether to monitor file read operations.
- Monitored
Files List<string>Users - List of users associated with monitored files.
- Enabled bool
- If true, file integrity monitoring is enabled.
- Exceptional
Monitored []stringFiles - List of paths to be excluded from monitoring.
- Exceptional
Monitored []stringFiles Processes - List of processes to be excluded from monitoring.
- Exceptional
Monitored []stringFiles Users - List of users to be excluded from monitoring.
- Monitored
Files []string - List of paths to be monitored.
- Monitored
Files boolAttributes - Whether to monitor file attribute operations.
- Monitored
Files boolCreate - Whether to monitor file create operations.
- Monitored
Files boolDelete - Whether to monitor file delete operations.
- Monitored
Files boolModify - Whether to monitor file modify operations.
- Monitored
Files []stringProcesses - List of processes associated with monitored files.
- Monitored
Files boolRead - Whether to monitor file read operations.
- Monitored
Files []stringUsers - List of users associated with monitored files.
- enabled Boolean
- If true, file integrity monitoring is enabled.
- exceptional
Monitored List<String>Files - List of paths to be excluded from monitoring.
- exceptional
Monitored List<String>Files Processes - List of processes to be excluded from monitoring.
- exceptional
Monitored List<String>Files Users - List of users to be excluded from monitoring.
- monitored
Files List<String> - List of paths to be monitored.
- monitored
Files BooleanAttributes - Whether to monitor file attribute operations.
- monitored
Files BooleanCreate - Whether to monitor file create operations.
- monitored
Files BooleanDelete - Whether to monitor file delete operations.
- monitored
Files BooleanModify - Whether to monitor file modify operations.
- monitored
Files List<String>Processes - List of processes associated with monitored files.
- monitored
Files BooleanRead - Whether to monitor file read operations.
- monitored
Files List<String>Users - List of users associated with monitored files.
- enabled boolean
- If true, file integrity monitoring is enabled.
- exceptional
Monitored string[]Files - List of paths to be excluded from monitoring.
- exceptional
Monitored string[]Files Processes - List of processes to be excluded from monitoring.
- exceptional
Monitored string[]Files Users - List of users to be excluded from monitoring.
- monitored
Files string[] - List of paths to be monitored.
- monitored
Files booleanAttributes - Whether to monitor file attribute operations.
- monitored
Files booleanCreate - Whether to monitor file create operations.
- monitored
Files booleanDelete - Whether to monitor file delete operations.
- monitored
Files booleanModify - Whether to monitor file modify operations.
- monitored
Files string[]Processes - List of processes associated with monitored files.
- monitored
Files booleanRead - Whether to monitor file read operations.
- monitored
Files string[]Users - List of users associated with monitored files.
- enabled bool
- If true, file integrity monitoring is enabled.
- exceptional_
monitored_ Sequence[str]files - List of paths to be excluded from monitoring.
- exceptional_
monitored_ Sequence[str]files_ processes - List of processes to be excluded from monitoring.
- exceptional_
monitored_ Sequence[str]files_ users - List of users to be excluded from monitoring.
- monitored_
files Sequence[str] - List of paths to be monitored.
- monitored_
files_ boolattributes - Whether to monitor file attribute operations.
- monitored_
files_ boolcreate - Whether to monitor file create operations.
- monitored_
files_ booldelete - Whether to monitor file delete operations.
- monitored_
files_ boolmodify - Whether to monitor file modify operations.
- monitored_
files_ Sequence[str]processes - List of processes associated with monitored files.
- monitored_
files_ boolread - Whether to monitor file read operations.
- monitored_
files_ Sequence[str]users - List of users associated with monitored files.
- enabled Boolean
- If true, file integrity monitoring is enabled.
- exceptional
Monitored List<String>Files - List of paths to be excluded from monitoring.
- exceptional
Monitored List<String>Files Processes - List of processes to be excluded from monitoring.
- exceptional
Monitored List<String>Files Users - List of users to be excluded from monitoring.
- monitored
Files List<String> - List of paths to be monitored.
- monitored
Files BooleanAttributes - Whether to monitor file attribute operations.
- monitored
Files BooleanCreate - Whether to monitor file create operations.
- monitored
Files BooleanDelete - Whether to monitor file delete operations.
- monitored
Files BooleanModify - Whether to monitor file modify operations.
- monitored
Files List<String>Processes - List of processes associated with monitored files.
- monitored
Files BooleanRead - Whether to monitor file read operations.
- monitored
Files List<String>Users - List of users associated with monitored files.
FunctionRuntimePolicyLimitContainerPrivilege, FunctionRuntimePolicyLimitContainerPrivilegeArgs
- Block
Add boolCapabilities - Whether to block adding capabilities.
- Enabled bool
- Whether container privilege limitations are enabled.
- Ipcmode bool
- Whether to limit IPC-related capabilities.
- Netmode bool
- Whether to limit network-related capabilities.
- Pidmode bool
- Whether to limit process-related capabilities.
- Prevent
Low boolPort Binding - Whether to prevent low port binding.
- Prevent
Root boolUser - Whether to prevent the use of the root user.
- Privileged bool
- Whether the container is run in privileged mode.
- Use
Host boolUser - Whether to use the host user.
- Usermode bool
- Whether to limit user-related capabilities.
- Utsmode bool
- Whether to limit UTS-related capabilities.
- Block
Add boolCapabilities - Whether to block adding capabilities.
- Enabled bool
- Whether container privilege limitations are enabled.
- Ipcmode bool
- Whether to limit IPC-related capabilities.
- Netmode bool
- Whether to limit network-related capabilities.
- Pidmode bool
- Whether to limit process-related capabilities.
- Prevent
Low boolPort Binding - Whether to prevent low port binding.
- Prevent
Root boolUser - Whether to prevent the use of the root user.
- Privileged bool
- Whether the container is run in privileged mode.
- Use
Host boolUser - Whether to use the host user.
- Usermode bool
- Whether to limit user-related capabilities.
- Utsmode bool
- Whether to limit UTS-related capabilities.
- block
Add BooleanCapabilities - Whether to block adding capabilities.
- enabled Boolean
- Whether container privilege limitations are enabled.
- ipcmode Boolean
- Whether to limit IPC-related capabilities.
- netmode Boolean
- Whether to limit network-related capabilities.
- pidmode Boolean
- Whether to limit process-related capabilities.
- prevent
Low BooleanPort Binding - Whether to prevent low port binding.
- prevent
Root BooleanUser - Whether to prevent the use of the root user.
- privileged Boolean
- Whether the container is run in privileged mode.
- use
Host BooleanUser - Whether to use the host user.
- usermode Boolean
- Whether to limit user-related capabilities.
- utsmode Boolean
- Whether to limit UTS-related capabilities.
- block
Add booleanCapabilities - Whether to block adding capabilities.
- enabled boolean
- Whether container privilege limitations are enabled.
- ipcmode boolean
- Whether to limit IPC-related capabilities.
- netmode boolean
- Whether to limit network-related capabilities.
- pidmode boolean
- Whether to limit process-related capabilities.
- prevent
Low booleanPort Binding - Whether to prevent low port binding.
- prevent
Root booleanUser - Whether to prevent the use of the root user.
- privileged boolean
- Whether the container is run in privileged mode.
- use
Host booleanUser - Whether to use the host user.
- usermode boolean
- Whether to limit user-related capabilities.
- utsmode boolean
- Whether to limit UTS-related capabilities.
- block_
add_ boolcapabilities - Whether to block adding capabilities.
- enabled bool
- Whether container privilege limitations are enabled.
- ipcmode bool
- Whether to limit IPC-related capabilities.
- netmode bool
- Whether to limit network-related capabilities.
- pidmode bool
- Whether to limit process-related capabilities.
- prevent_
low_ boolport_ binding - Whether to prevent low port binding.
- prevent_
root_ booluser - Whether to prevent the use of the root user.
- privileged bool
- Whether the container is run in privileged mode.
- use_
host_ booluser - Whether to use the host user.
- usermode bool
- Whether to limit user-related capabilities.
- utsmode bool
- Whether to limit UTS-related capabilities.
- block
Add BooleanCapabilities - Whether to block adding capabilities.
- enabled Boolean
- Whether container privilege limitations are enabled.
- ipcmode Boolean
- Whether to limit IPC-related capabilities.
- netmode Boolean
- Whether to limit network-related capabilities.
- pidmode Boolean
- Whether to limit process-related capabilities.
- prevent
Low BooleanPort Binding - Whether to prevent low port binding.
- prevent
Root BooleanUser - Whether to prevent the use of the root user.
- privileged Boolean
- Whether the container is run in privileged mode.
- use
Host BooleanUser - Whether to use the host user.
- usermode Boolean
- Whether to limit user-related capabilities.
- utsmode Boolean
- Whether to limit UTS-related capabilities.
FunctionRuntimePolicyLinuxCapabilities, FunctionRuntimePolicyLinuxCapabilitiesArgs
- Enabled bool
- Remove
Linux List<string>Capabilities
- Enabled bool
- Remove
Linux []stringCapabilities
- enabled Boolean
- remove
Linux List<String>Capabilities
- enabled boolean
- remove
Linux string[]Capabilities
- enabled bool
- remove_
linux_ Sequence[str]capabilities
- enabled Boolean
- remove
Linux List<String>Capabilities
FunctionRuntimePolicyMalwareScanOptions, FunctionRuntimePolicyMalwareScanOptionsArgs
- Action string
- Set Action, Defaults to 'Alert' when empty
- Enabled bool
- Defines if enabled or not
- Exclude
Directories List<string> - List of registry paths to be excluded from being protected.
- Exclude
Processes List<string> - List of registry processes to be excluded from being protected.
- Include
Directories List<string> - List of registry paths to be excluded from being protected.
- Action string
- Set Action, Defaults to 'Alert' when empty
- Enabled bool
- Defines if enabled or not
- Exclude
Directories []string - List of registry paths to be excluded from being protected.
- Exclude
Processes []string - List of registry processes to be excluded from being protected.
- Include
Directories []string - List of registry paths to be excluded from being protected.
- action String
- Set Action, Defaults to 'Alert' when empty
- enabled Boolean
- Defines if enabled or not
- exclude
Directories List<String> - List of registry paths to be excluded from being protected.
- exclude
Processes List<String> - List of registry processes to be excluded from being protected.
- include
Directories List<String> - List of registry paths to be excluded from being protected.
- action string
- Set Action, Defaults to 'Alert' when empty
- enabled boolean
- Defines if enabled or not
- exclude
Directories string[] - List of registry paths to be excluded from being protected.
- exclude
Processes string[] - List of registry processes to be excluded from being protected.
- include
Directories string[] - List of registry paths to be excluded from being protected.
- action str
- Set Action, Defaults to 'Alert' when empty
- enabled bool
- Defines if enabled or not
- exclude_
directories Sequence[str] - List of registry paths to be excluded from being protected.
- exclude_
processes Sequence[str] - List of registry processes to be excluded from being protected.
- include_
directories Sequence[str] - List of registry paths to be excluded from being protected.
- action String
- Set Action, Defaults to 'Alert' when empty
- enabled Boolean
- Defines if enabled or not
- exclude
Directories List<String> - List of registry paths to be excluded from being protected.
- exclude
Processes List<String> - List of registry processes to be excluded from being protected.
- include
Directories List<String> - List of registry paths to be excluded from being protected.
FunctionRuntimePolicyPackageBlock, FunctionRuntimePolicyPackageBlockArgs
- Block
Packages List<string>Processes - Block
Packages List<string>Users - Enabled bool
- Exceptional
Block List<string>Packages Files - Exceptional
Block List<string>Packages Processes - Exceptional
Block List<string>Packages Users - Packages
Black List<string>Lists
- Block
Packages []stringProcesses - Block
Packages []stringUsers - Enabled bool
- Exceptional
Block []stringPackages Files - Exceptional
Block []stringPackages Processes - Exceptional
Block []stringPackages Users - Packages
Black []stringLists
- block
Packages List<String>Processes - block
Packages List<String>Users - enabled Boolean
- exceptional
Block List<String>Packages Files - exceptional
Block List<String>Packages Processes - exceptional
Block List<String>Packages Users - packages
Black List<String>Lists
- block
Packages string[]Processes - block
Packages string[]Users - enabled boolean
- exceptional
Block string[]Packages Files - exceptional
Block string[]Packages Processes - exceptional
Block string[]Packages Users - packages
Black string[]Lists
- block_
packages_ Sequence[str]processes - block_
packages_ Sequence[str]users - enabled bool
- exceptional_
block_ Sequence[str]packages_ files - exceptional_
block_ Sequence[str]packages_ processes - exceptional_
block_ Sequence[str]packages_ users - packages_
black_ Sequence[str]lists
- block
Packages List<String>Processes - block
Packages List<String>Users - enabled Boolean
- exceptional
Block List<String>Packages Files - exceptional
Block List<String>Packages Processes - exceptional
Block List<String>Packages Users - packages
Black List<String>Lists
FunctionRuntimePolicyPortBlock, FunctionRuntimePolicyPortBlockArgs
- Block
Inbound List<string>Ports - Block
Outbound List<string>Ports - Enabled bool
- Block
Inbound []stringPorts - Block
Outbound []stringPorts - Enabled bool
- block
Inbound List<String>Ports - block
Outbound List<String>Ports - enabled Boolean
- block
Inbound string[]Ports - block
Outbound string[]Ports - enabled boolean
- block_
inbound_ Sequence[str]ports - block_
outbound_ Sequence[str]ports - enabled bool
- block
Inbound List<String>Ports - block
Outbound List<String>Ports - enabled Boolean
FunctionRuntimePolicyReadonlyFiles, FunctionRuntimePolicyReadonlyFilesArgs
- Enabled bool
- Exceptional
Readonly List<string>Files - Exceptional
Readonly List<string>Files Processes - Exceptional
Readonly List<string>Files Users - Readonly
Files List<string> - Readonly
Files List<string>Processes - Readonly
Files List<string>Users
- Enabled bool
- Exceptional
Readonly []stringFiles - Exceptional
Readonly []stringFiles Processes - Exceptional
Readonly []stringFiles Users - Readonly
Files []string - Readonly
Files []stringProcesses - Readonly
Files []stringUsers
- enabled Boolean
- exceptional
Readonly List<String>Files - exceptional
Readonly List<String>Files Processes - exceptional
Readonly List<String>Files Users - readonly
Files List<String> - readonly
Files List<String>Processes - readonly
Files List<String>Users
- enabled boolean
- exceptional
Readonly string[]Files - exceptional
Readonly string[]Files Processes - exceptional
Readonly string[]Files Users - readonly
Files string[] - readonly
Files string[]Processes - readonly
Files string[]Users
- enabled bool
- exceptional_
readonly_ Sequence[str]files - exceptional_
readonly_ Sequence[str]files_ processes - exceptional_
readonly_ Sequence[str]files_ users - readonly_
files Sequence[str] - readonly_
files_ Sequence[str]processes - readonly_
files_ Sequence[str]users
- enabled Boolean
- exceptional
Readonly List<String>Files - exceptional
Readonly List<String>Files Processes - exceptional
Readonly List<String>Files Users - readonly
Files List<String> - readonly
Files List<String>Processes - readonly
Files List<String>Users
FunctionRuntimePolicyReadonlyRegistry, FunctionRuntimePolicyReadonlyRegistryArgs
- Enabled bool
- Exceptional
Readonly List<string>Registry Paths - Exceptional
Readonly List<string>Registry Processes - Exceptional
Readonly List<string>Registry Users - Readonly
Registry List<string>Paths - Readonly
Registry List<string>Processes - Readonly
Registry List<string>Users
- Enabled bool
- Exceptional
Readonly []stringRegistry Paths - Exceptional
Readonly []stringRegistry Processes - Exceptional
Readonly []stringRegistry Users - Readonly
Registry []stringPaths - Readonly
Registry []stringProcesses - Readonly
Registry []stringUsers
- enabled Boolean
- exceptional
Readonly List<String>Registry Paths - exceptional
Readonly List<String>Registry Processes - exceptional
Readonly List<String>Registry Users - readonly
Registry List<String>Paths - readonly
Registry List<String>Processes - readonly
Registry List<String>Users
- enabled boolean
- exceptional
Readonly string[]Registry Paths - exceptional
Readonly string[]Registry Processes - exceptional
Readonly string[]Registry Users - readonly
Registry string[]Paths - readonly
Registry string[]Processes - readonly
Registry string[]Users
- enabled bool
- exceptional_
readonly_ Sequence[str]registry_ paths - exceptional_
readonly_ Sequence[str]registry_ processes - exceptional_
readonly_ Sequence[str]registry_ users - readonly_
registry_ Sequence[str]paths - readonly_
registry_ Sequence[str]processes - readonly_
registry_ Sequence[str]users
- enabled Boolean
- exceptional
Readonly List<String>Registry Paths - exceptional
Readonly List<String>Registry Processes - exceptional
Readonly List<String>Registry Users - readonly
Registry List<String>Paths - readonly
Registry List<String>Processes - readonly
Registry List<String>Users
FunctionRuntimePolicyRegistryAccessMonitoring, FunctionRuntimePolicyRegistryAccessMonitoringArgs
- Enabled bool
- Exceptional
Monitored List<string>Registry Paths - Exceptional
Monitored List<string>Registry Processes - Exceptional
Monitored List<string>Registry Users - Monitored
Registry boolAttributes - Monitored
Registry boolCreate - Monitored
Registry boolDelete - Monitored
Registry boolModify - Monitored
Registry List<string>Paths - Monitored
Registry List<string>Processes - Monitored
Registry boolRead - Monitored
Registry List<string>Users
- Enabled bool
- Exceptional
Monitored []stringRegistry Paths - Exceptional
Monitored []stringRegistry Processes - Exceptional
Monitored []stringRegistry Users - Monitored
Registry boolAttributes - Monitored
Registry boolCreate - Monitored
Registry boolDelete - Monitored
Registry boolModify - Monitored
Registry []stringPaths - Monitored
Registry []stringProcesses - Monitored
Registry boolRead - Monitored
Registry []stringUsers
- enabled Boolean
- exceptional
Monitored List<String>Registry Paths - exceptional
Monitored List<String>Registry Processes - exceptional
Monitored List<String>Registry Users - monitored
Registry BooleanAttributes - monitored
Registry BooleanCreate - monitored
Registry BooleanDelete - monitored
Registry BooleanModify - monitored
Registry List<String>Paths - monitored
Registry List<String>Processes - monitored
Registry BooleanRead - monitored
Registry List<String>Users
- enabled boolean
- exceptional
Monitored string[]Registry Paths - exceptional
Monitored string[]Registry Processes - exceptional
Monitored string[]Registry Users - monitored
Registry booleanAttributes - monitored
Registry booleanCreate - monitored
Registry booleanDelete - monitored
Registry booleanModify - monitored
Registry string[]Paths - monitored
Registry string[]Processes - monitored
Registry booleanRead - monitored
Registry string[]Users
- enabled bool
- exceptional_
monitored_ Sequence[str]registry_ paths - exceptional_
monitored_ Sequence[str]registry_ processes - exceptional_
monitored_ Sequence[str]registry_ users - monitored_
registry_ boolattributes - monitored_
registry_ boolcreate - monitored_
registry_ booldelete - monitored_
registry_ boolmodify - monitored_
registry_ Sequence[str]paths - monitored_
registry_ Sequence[str]processes - monitored_
registry_ boolread - monitored_
registry_ Sequence[str]users
- enabled Boolean
- exceptional
Monitored List<String>Registry Paths - exceptional
Monitored List<String>Registry Processes - exceptional
Monitored List<String>Registry Users - monitored
Registry BooleanAttributes - monitored
Registry BooleanCreate - monitored
Registry BooleanDelete - monitored
Registry BooleanModify - monitored
Registry List<String>Paths - monitored
Registry List<String>Processes - monitored
Registry BooleanRead - monitored
Registry List<String>Users
FunctionRuntimePolicyRestrictedVolume, FunctionRuntimePolicyRestrictedVolumeArgs
FunctionRuntimePolicyReverseShell, FunctionRuntimePolicyReverseShellArgs
- Block
Reverse boolShell - Enabled bool
- Reverse
Shell List<string>Ip White Lists - Reverse
Shell List<string>Proc White Lists
- Block
Reverse boolShell - Enabled bool
- Reverse
Shell []stringIp White Lists - Reverse
Shell []stringProc White Lists
- block
Reverse BooleanShell - enabled Boolean
- reverse
Shell List<String>Ip White Lists - reverse
Shell List<String>Proc White Lists
- block
Reverse booleanShell - enabled boolean
- reverse
Shell string[]Ip White Lists - reverse
Shell string[]Proc White Lists
- block_
reverse_ boolshell - enabled bool
- reverse_
shell_ Sequence[str]ip_ white_ lists - reverse_
shell_ Sequence[str]proc_ white_ lists
- block
Reverse BooleanShell - enabled Boolean
- reverse
Shell List<String>Ip White Lists - reverse
Shell List<String>Proc White Lists
FunctionRuntimePolicyScope, FunctionRuntimePolicyScopeArgs
- Expression string
- Scope expression.
- Variables
List<Pulumiverse.
Aquasec. Inputs. Function Runtime Policy Scope Variable> - List of variables in the scope.
- Expression string
- Scope expression.
- Variables
[]Function
Runtime Policy Scope Variable - List of variables in the scope.
- expression String
- Scope expression.
- variables
List<Function
Runtime Policy Scope Variable> - List of variables in the scope.
- expression string
- Scope expression.
- variables
Function
Runtime Policy Scope Variable[] - List of variables in the scope.
- expression str
- Scope expression.
- variables
Sequence[Function
Runtime Policy Scope Variable] - List of variables in the scope.
- expression String
- Scope expression.
- variables List<Property Map>
- List of variables in the scope.
FunctionRuntimePolicyScopeVariable, FunctionRuntimePolicyScopeVariableArgs
FunctionRuntimePolicySystemIntegrityProtection, FunctionRuntimePolicySystemIntegrityProtectionArgs
- Audit
Systemtime boolChange - Enabled bool
- Monitor
Audit boolLog Integrity - Windows
Services boolMonitoring
- Audit
Systemtime boolChange - Enabled bool
- Monitor
Audit boolLog Integrity - Windows
Services boolMonitoring
- audit
Systemtime BooleanChange - enabled Boolean
- monitor
Audit BooleanLog Integrity - windows
Services BooleanMonitoring
- audit
Systemtime booleanChange - enabled boolean
- monitor
Audit booleanLog Integrity - windows
Services booleanMonitoring
- audit
Systemtime BooleanChange - enabled Boolean
- monitor
Audit BooleanLog Integrity - windows
Services BooleanMonitoring
FunctionRuntimePolicyTripwire, FunctionRuntimePolicyTripwireArgs
- Apply
Ons List<string> - Enabled bool
- Serverless
App string - User
Id string - User
Password string
- Apply
Ons []string - Enabled bool
- Serverless
App string - User
Id string - User
Password string
- apply
Ons List<String> - enabled Boolean
- serverless
App String - user
Id String - user
Password String
- apply
Ons string[] - enabled boolean
- serverless
App string - user
Id string - user
Password string
- apply_
ons Sequence[str] - enabled bool
- serverless_
app str - user_
id str - user_
password str
- apply
Ons List<String> - enabled Boolean
- serverless
App String - user
Id String - user
Password String
FunctionRuntimePolicyWhitelistedOsUsers, FunctionRuntimePolicyWhitelistedOsUsersArgs
- Enabled bool
- Group
White List<string>Lists - User
White List<string>Lists
- Enabled bool
- Group
White []stringLists - User
White []stringLists
- enabled Boolean
- group
White List<String>Lists - user
White List<String>Lists
- enabled boolean
- group
White string[]Lists - user
White string[]Lists
- enabled bool
- group_
white_ Sequence[str]lists - user_
white_ Sequence[str]lists
- enabled Boolean
- group
White List<String>Lists - user
White List<String>Lists
Package Details
- Repository
- aquasec pulumiverse/pulumi-aquasec
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aquasecTerraform Provider.