1. Packages
  2. Aquasec
  3. API Docs
  4. FunctionRuntimePolicy
Aquasec v0.8.25 published on Tuesday, Apr 25, 2023 by Pulumiverse

aquasec.FunctionRuntimePolicy

Explore with Pulumi AI

aquasec logo
Aquasec v0.8.25 published on Tuesday, Apr 25, 2023 by Pulumiverse

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aquasec = Pulumiverse.Aquasec;
    
    return await Deployment.RunAsync(() => 
    {
        var functionRuntimePolicy = new Aquasec.FunctionRuntimePolicy("functionRuntimePolicy", new()
        {
            ApplicationScopes = new[]
            {
                "Global",
            },
            BlockMaliciousExecutables = true,
            BlockMaliciousExecutablesAllowedProcesses = new[]
            {
                "proc1",
                "proc2",
            },
            BlockRunningExecutablesInTmpFolder = true,
            BlockedExecutables = new[]
            {
                "exe1",
                "exe2",
            },
            Description = "function_runtime_policy",
            Enabled = true,
            Enforce = false,
            ScopeVariables = new[]
            {
                new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
                {
                    Attribute = "kubernetes.cluster",
                    Value = "default",
                },
                new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
                {
                    Attribute = "kubernetes.label",
                    Name = "app",
                    Value = "aqua",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := aquasec.NewFunctionRuntimePolicy(ctx, "functionRuntimePolicy", &aquasec.FunctionRuntimePolicyArgs{
    			ApplicationScopes: pulumi.StringArray{
    				pulumi.String("Global"),
    			},
    			BlockMaliciousExecutables: pulumi.Bool(true),
    			BlockMaliciousExecutablesAllowedProcesses: pulumi.StringArray{
    				pulumi.String("proc1"),
    				pulumi.String("proc2"),
    			},
    			BlockRunningExecutablesInTmpFolder: pulumi.Bool(true),
    			BlockedExecutables: pulumi.StringArray{
    				pulumi.String("exe1"),
    				pulumi.String("exe2"),
    			},
    			Description: pulumi.String("function_runtime_policy"),
    			Enabled:     pulumi.Bool(true),
    			Enforce:     pulumi.Bool(false),
    			ScopeVariables: aquasec.FunctionRuntimePolicyScopeVariableArray{
    				&aquasec.FunctionRuntimePolicyScopeVariableArgs{
    					Attribute: pulumi.String("kubernetes.cluster"),
    					Value:     pulumi.String("default"),
    				},
    				&aquasec.FunctionRuntimePolicyScopeVariableArgs{
    					Attribute: pulumi.String("kubernetes.label"),
    					Name:      pulumi.String("app"),
    					Value:     pulumi.String("aqua"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aquasec.FunctionRuntimePolicy;
    import com.pulumi.aquasec.FunctionRuntimePolicyArgs;
    import com.pulumi.aquasec.inputs.FunctionRuntimePolicyScopeVariableArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var functionRuntimePolicy = new FunctionRuntimePolicy("functionRuntimePolicy", FunctionRuntimePolicyArgs.builder()        
                .applicationScopes("Global")
                .blockMaliciousExecutables(true)
                .blockMaliciousExecutablesAllowedProcesses(            
                    "proc1",
                    "proc2")
                .blockRunningExecutablesInTmpFolder(true)
                .blockedExecutables(            
                    "exe1",
                    "exe2")
                .description("function_runtime_policy")
                .enabled(true)
                .enforce(false)
                .scopeVariables(            
                    FunctionRuntimePolicyScopeVariableArgs.builder()
                        .attribute("kubernetes.cluster")
                        .value("default")
                        .build(),
                    FunctionRuntimePolicyScopeVariableArgs.builder()
                        .attribute("kubernetes.label")
                        .name("app")
                        .value("aqua")
                        .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumiverse_aquasec as aquasec
    
    function_runtime_policy = aquasec.FunctionRuntimePolicy("functionRuntimePolicy",
        application_scopes=["Global"],
        block_malicious_executables=True,
        block_malicious_executables_allowed_processes=[
            "proc1",
            "proc2",
        ],
        block_running_executables_in_tmp_folder=True,
        blocked_executables=[
            "exe1",
            "exe2",
        ],
        description="function_runtime_policy",
        enabled=True,
        enforce=False,
        scope_variables=[
            aquasec.FunctionRuntimePolicyScopeVariableArgs(
                attribute="kubernetes.cluster",
                value="default",
            ),
            aquasec.FunctionRuntimePolicyScopeVariableArgs(
                attribute="kubernetes.label",
                name="app",
                value="aqua",
            ),
        ])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aquasec from "@pulumiverse/aquasec";
    
    const functionRuntimePolicy = new aquasec.FunctionRuntimePolicy("functionRuntimePolicy", {
        applicationScopes: ["Global"],
        blockMaliciousExecutables: true,
        blockMaliciousExecutablesAllowedProcesses: [
            "proc1",
            "proc2",
        ],
        blockRunningExecutablesInTmpFolder: true,
        blockedExecutables: [
            "exe1",
            "exe2",
        ],
        description: "function_runtime_policy",
        enabled: true,
        enforce: false,
        scopeVariables: [
            {
                attribute: "kubernetes.cluster",
                value: "default",
            },
            {
                attribute: "kubernetes.label",
                name: "app",
                value: "aqua",
            },
        ],
    });
    
    resources:
      functionRuntimePolicy:
        type: aquasec:FunctionRuntimePolicy
        properties:
          applicationScopes:
            - Global
          blockMaliciousExecutables: true
          blockMaliciousExecutablesAllowedProcesses:
            - proc1
            - proc2
          blockRunningExecutablesInTmpFolder: true
          blockedExecutables:
            - exe1
            - exe2
          description: function_runtime_policy
          enabled: true
          enforce: false
          scopeVariables:
            - attribute: kubernetes.cluster
              value: default
            - attribute: kubernetes.label
              name: app
              value: aqua
    

    Create FunctionRuntimePolicy Resource

    new FunctionRuntimePolicy(name: string, args?: FunctionRuntimePolicyArgs, opts?: CustomResourceOptions);
    @overload
    def FunctionRuntimePolicy(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              application_scopes: Optional[Sequence[str]] = None,
                              block_malicious_executables: Optional[bool] = None,
                              block_malicious_executables_allowed_processes: Optional[Sequence[str]] = None,
                              block_running_executables_in_tmp_folder: Optional[bool] = None,
                              blocked_executables: Optional[Sequence[str]] = None,
                              description: Optional[str] = None,
                              enabled: Optional[bool] = None,
                              enforce: Optional[bool] = None,
                              honeypot_access_key: Optional[str] = None,
                              honeypot_apply_ons: Optional[Sequence[str]] = None,
                              honeypot_secret_key: Optional[str] = None,
                              honeypot_serverless_app_name: Optional[str] = None,
                              name: Optional[str] = None,
                              scope_expression: Optional[str] = None,
                              scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None)
    @overload
    def FunctionRuntimePolicy(resource_name: str,
                              args: Optional[FunctionRuntimePolicyArgs] = None,
                              opts: Optional[ResourceOptions] = None)
    func NewFunctionRuntimePolicy(ctx *Context, name string, args *FunctionRuntimePolicyArgs, opts ...ResourceOption) (*FunctionRuntimePolicy, error)
    public FunctionRuntimePolicy(string name, FunctionRuntimePolicyArgs? args = null, CustomResourceOptions? opts = null)
    public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args)
    public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args, CustomResourceOptions options)
    
    type: aquasec:FunctionRuntimePolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    FunctionRuntimePolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The FunctionRuntimePolicy resource accepts the following input properties:

    ApplicationScopes List<string>

    Indicates the application scope of the service.

    BlockMaliciousExecutables bool

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    BlockMaliciousExecutablesAllowedProcesses List<string>

    List of processes that will be allowed

    BlockRunningExecutablesInTmpFolder bool

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    BlockedExecutables List<string>

    List of executables that are prevented from running in containers.

    Description string

    The description of the function runtime policy

    Enabled bool

    Indicates if the runtime policy is enabled or not.

    Enforce bool

    Indicates that policy should effect container execution (not just for audit).

    HoneypotAccessKey string

    Honeypot User ID (Access Key)

    HoneypotApplyOns List<string>

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    HoneypotSecretKey string

    Honeypot User Password (Secret Key)

    HoneypotServerlessAppName string

    Serverless application name

    Name string

    Name of the function runtime policy

    ScopeExpression string

    Logical expression of how to compute the dependency of the scope variables.

    ScopeVariables List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyScopeVariable>

    List of scope attributes.

    ApplicationScopes []string

    Indicates the application scope of the service.

    BlockMaliciousExecutables bool

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    BlockMaliciousExecutablesAllowedProcesses []string

    List of processes that will be allowed

    BlockRunningExecutablesInTmpFolder bool

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    BlockedExecutables []string

    List of executables that are prevented from running in containers.

    Description string

    The description of the function runtime policy

    Enabled bool

    Indicates if the runtime policy is enabled or not.

    Enforce bool

    Indicates that policy should effect container execution (not just for audit).

    HoneypotAccessKey string

    Honeypot User ID (Access Key)

    HoneypotApplyOns []string

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    HoneypotSecretKey string

    Honeypot User Password (Secret Key)

    HoneypotServerlessAppName string

    Serverless application name

    Name string

    Name of the function runtime policy

    ScopeExpression string

    Logical expression of how to compute the dependency of the scope variables.

    ScopeVariables []FunctionRuntimePolicyScopeVariableArgs

    List of scope attributes.

    applicationScopes List<String>

    Indicates the application scope of the service.

    blockMaliciousExecutables Boolean

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    blockMaliciousExecutablesAllowedProcesses List<String>

    List of processes that will be allowed

    blockRunningExecutablesInTmpFolder Boolean

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    blockedExecutables List<String>

    List of executables that are prevented from running in containers.

    description String

    The description of the function runtime policy

    enabled Boolean

    Indicates if the runtime policy is enabled or not.

    enforce Boolean

    Indicates that policy should effect container execution (not just for audit).

    honeypotAccessKey String

    Honeypot User ID (Access Key)

    honeypotApplyOns List<String>

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    honeypotSecretKey String

    Honeypot User Password (Secret Key)

    honeypotServerlessAppName String

    Serverless application name

    name String

    Name of the function runtime policy

    scopeExpression String

    Logical expression of how to compute the dependency of the scope variables.

    scopeVariables List<FunctionRuntimePolicyScopeVariable>

    List of scope attributes.

    applicationScopes string[]

    Indicates the application scope of the service.

    blockMaliciousExecutables boolean

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    blockMaliciousExecutablesAllowedProcesses string[]

    List of processes that will be allowed

    blockRunningExecutablesInTmpFolder boolean

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    blockedExecutables string[]

    List of executables that are prevented from running in containers.

    description string

    The description of the function runtime policy

    enabled boolean

    Indicates if the runtime policy is enabled or not.

    enforce boolean

    Indicates that policy should effect container execution (not just for audit).

    honeypotAccessKey string

    Honeypot User ID (Access Key)

    honeypotApplyOns string[]

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    honeypotSecretKey string

    Honeypot User Password (Secret Key)

    honeypotServerlessAppName string

    Serverless application name

    name string

    Name of the function runtime policy

    scopeExpression string

    Logical expression of how to compute the dependency of the scope variables.

    scopeVariables FunctionRuntimePolicyScopeVariable[]

    List of scope attributes.

    application_scopes Sequence[str]

    Indicates the application scope of the service.

    block_malicious_executables bool

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    block_malicious_executables_allowed_processes Sequence[str]

    List of processes that will be allowed

    block_running_executables_in_tmp_folder bool

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    blocked_executables Sequence[str]

    List of executables that are prevented from running in containers.

    description str

    The description of the function runtime policy

    enabled bool

    Indicates if the runtime policy is enabled or not.

    enforce bool

    Indicates that policy should effect container execution (not just for audit).

    honeypot_access_key str

    Honeypot User ID (Access Key)

    honeypot_apply_ons Sequence[str]

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    honeypot_secret_key str

    Honeypot User Password (Secret Key)

    honeypot_serverless_app_name str

    Serverless application name

    name str

    Name of the function runtime policy

    scope_expression str

    Logical expression of how to compute the dependency of the scope variables.

    scope_variables Sequence[FunctionRuntimePolicyScopeVariableArgs]

    List of scope attributes.

    applicationScopes List<String>

    Indicates the application scope of the service.

    blockMaliciousExecutables Boolean

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    blockMaliciousExecutablesAllowedProcesses List<String>

    List of processes that will be allowed

    blockRunningExecutablesInTmpFolder Boolean

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    blockedExecutables List<String>

    List of executables that are prevented from running in containers.

    description String

    The description of the function runtime policy

    enabled Boolean

    Indicates if the runtime policy is enabled or not.

    enforce Boolean

    Indicates that policy should effect container execution (not just for audit).

    honeypotAccessKey String

    Honeypot User ID (Access Key)

    honeypotApplyOns List<String>

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    honeypotSecretKey String

    Honeypot User Password (Secret Key)

    honeypotServerlessAppName String

    Serverless application name

    name String

    Name of the function runtime policy

    scopeExpression String

    Logical expression of how to compute the dependency of the scope variables.

    scopeVariables List<Property Map>

    List of scope attributes.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FunctionRuntimePolicy resource produces the following output properties:

    Author string

    Username of the account that created the service.

    Id string

    The provider-assigned unique ID for this managed resource.

    Author string

    Username of the account that created the service.

    Id string

    The provider-assigned unique ID for this managed resource.

    author String

    Username of the account that created the service.

    id String

    The provider-assigned unique ID for this managed resource.

    author string

    Username of the account that created the service.

    id string

    The provider-assigned unique ID for this managed resource.

    author str

    Username of the account that created the service.

    id str

    The provider-assigned unique ID for this managed resource.

    author String

    Username of the account that created the service.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing FunctionRuntimePolicy Resource

    Get an existing FunctionRuntimePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FunctionRuntimePolicyState, opts?: CustomResourceOptions): FunctionRuntimePolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            application_scopes: Optional[Sequence[str]] = None,
            author: Optional[str] = None,
            block_malicious_executables: Optional[bool] = None,
            block_malicious_executables_allowed_processes: Optional[Sequence[str]] = None,
            block_running_executables_in_tmp_folder: Optional[bool] = None,
            blocked_executables: Optional[Sequence[str]] = None,
            description: Optional[str] = None,
            enabled: Optional[bool] = None,
            enforce: Optional[bool] = None,
            honeypot_access_key: Optional[str] = None,
            honeypot_apply_ons: Optional[Sequence[str]] = None,
            honeypot_secret_key: Optional[str] = None,
            honeypot_serverless_app_name: Optional[str] = None,
            name: Optional[str] = None,
            scope_expression: Optional[str] = None,
            scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None) -> FunctionRuntimePolicy
    func GetFunctionRuntimePolicy(ctx *Context, name string, id IDInput, state *FunctionRuntimePolicyState, opts ...ResourceOption) (*FunctionRuntimePolicy, error)
    public static FunctionRuntimePolicy Get(string name, Input<string> id, FunctionRuntimePolicyState? state, CustomResourceOptions? opts = null)
    public static FunctionRuntimePolicy get(String name, Output<String> id, FunctionRuntimePolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApplicationScopes List<string>

    Indicates the application scope of the service.

    Author string

    Username of the account that created the service.

    BlockMaliciousExecutables bool

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    BlockMaliciousExecutablesAllowedProcesses List<string>

    List of processes that will be allowed

    BlockRunningExecutablesInTmpFolder bool

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    BlockedExecutables List<string>

    List of executables that are prevented from running in containers.

    Description string

    The description of the function runtime policy

    Enabled bool

    Indicates if the runtime policy is enabled or not.

    Enforce bool

    Indicates that policy should effect container execution (not just for audit).

    HoneypotAccessKey string

    Honeypot User ID (Access Key)

    HoneypotApplyOns List<string>

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    HoneypotSecretKey string

    Honeypot User Password (Secret Key)

    HoneypotServerlessAppName string

    Serverless application name

    Name string

    Name of the function runtime policy

    ScopeExpression string

    Logical expression of how to compute the dependency of the scope variables.

    ScopeVariables List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyScopeVariable>

    List of scope attributes.

    ApplicationScopes []string

    Indicates the application scope of the service.

    Author string

    Username of the account that created the service.

    BlockMaliciousExecutables bool

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    BlockMaliciousExecutablesAllowedProcesses []string

    List of processes that will be allowed

    BlockRunningExecutablesInTmpFolder bool

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    BlockedExecutables []string

    List of executables that are prevented from running in containers.

    Description string

    The description of the function runtime policy

    Enabled bool

    Indicates if the runtime policy is enabled or not.

    Enforce bool

    Indicates that policy should effect container execution (not just for audit).

    HoneypotAccessKey string

    Honeypot User ID (Access Key)

    HoneypotApplyOns []string

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    HoneypotSecretKey string

    Honeypot User Password (Secret Key)

    HoneypotServerlessAppName string

    Serverless application name

    Name string

    Name of the function runtime policy

    ScopeExpression string

    Logical expression of how to compute the dependency of the scope variables.

    ScopeVariables []FunctionRuntimePolicyScopeVariableArgs

    List of scope attributes.

    applicationScopes List<String>

    Indicates the application scope of the service.

    author String

    Username of the account that created the service.

    blockMaliciousExecutables Boolean

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    blockMaliciousExecutablesAllowedProcesses List<String>

    List of processes that will be allowed

    blockRunningExecutablesInTmpFolder Boolean

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    blockedExecutables List<String>

    List of executables that are prevented from running in containers.

    description String

    The description of the function runtime policy

    enabled Boolean

    Indicates if the runtime policy is enabled or not.

    enforce Boolean

    Indicates that policy should effect container execution (not just for audit).

    honeypotAccessKey String

    Honeypot User ID (Access Key)

    honeypotApplyOns List<String>

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    honeypotSecretKey String

    Honeypot User Password (Secret Key)

    honeypotServerlessAppName String

    Serverless application name

    name String

    Name of the function runtime policy

    scopeExpression String

    Logical expression of how to compute the dependency of the scope variables.

    scopeVariables List<FunctionRuntimePolicyScopeVariable>

    List of scope attributes.

    applicationScopes string[]

    Indicates the application scope of the service.

    author string

    Username of the account that created the service.

    blockMaliciousExecutables boolean

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    blockMaliciousExecutablesAllowedProcesses string[]

    List of processes that will be allowed

    blockRunningExecutablesInTmpFolder boolean

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    blockedExecutables string[]

    List of executables that are prevented from running in containers.

    description string

    The description of the function runtime policy

    enabled boolean

    Indicates if the runtime policy is enabled or not.

    enforce boolean

    Indicates that policy should effect container execution (not just for audit).

    honeypotAccessKey string

    Honeypot User ID (Access Key)

    honeypotApplyOns string[]

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    honeypotSecretKey string

    Honeypot User Password (Secret Key)

    honeypotServerlessAppName string

    Serverless application name

    name string

    Name of the function runtime policy

    scopeExpression string

    Logical expression of how to compute the dependency of the scope variables.

    scopeVariables FunctionRuntimePolicyScopeVariable[]

    List of scope attributes.

    application_scopes Sequence[str]

    Indicates the application scope of the service.

    author str

    Username of the account that created the service.

    block_malicious_executables bool

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    block_malicious_executables_allowed_processes Sequence[str]

    List of processes that will be allowed

    block_running_executables_in_tmp_folder bool

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    blocked_executables Sequence[str]

    List of executables that are prevented from running in containers.

    description str

    The description of the function runtime policy

    enabled bool

    Indicates if the runtime policy is enabled or not.

    enforce bool

    Indicates that policy should effect container execution (not just for audit).

    honeypot_access_key str

    Honeypot User ID (Access Key)

    honeypot_apply_ons Sequence[str]

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    honeypot_secret_key str

    Honeypot User Password (Secret Key)

    honeypot_serverless_app_name str

    Serverless application name

    name str

    Name of the function runtime policy

    scope_expression str

    Logical expression of how to compute the dependency of the scope variables.

    scope_variables Sequence[FunctionRuntimePolicyScopeVariableArgs]

    List of scope attributes.

    applicationScopes List<String>

    Indicates the application scope of the service.

    author String

    Username of the account that created the service.

    blockMaliciousExecutables Boolean

    If true, prevent creation of malicious executables in functions during their runtime post invocation.

    blockMaliciousExecutablesAllowedProcesses List<String>

    List of processes that will be allowed

    blockRunningExecutablesInTmpFolder Boolean

    If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

    blockedExecutables List<String>

    List of executables that are prevented from running in containers.

    description String

    The description of the function runtime policy

    enabled Boolean

    Indicates if the runtime policy is enabled or not.

    enforce Boolean

    Indicates that policy should effect container execution (not just for audit).

    honeypotAccessKey String

    Honeypot User ID (Access Key)

    honeypotApplyOns List<String>

    List of options to apply the honeypot on (Environment Vairable, Layer, File)

    honeypotSecretKey String

    Honeypot User Password (Secret Key)

    honeypotServerlessAppName String

    Serverless application name

    name String

    Name of the function runtime policy

    scopeExpression String

    Logical expression of how to compute the dependency of the scope variables.

    scopeVariables List<Property Map>

    List of scope attributes.

    Supporting Types

    FunctionRuntimePolicyScopeVariable, FunctionRuntimePolicyScopeVariableArgs

    Attribute string

    Class of supported scope.

    Value string

    Value assigned to the attribute.

    Name string

    Name assigned to the attribute.

    Attribute string

    Class of supported scope.

    Value string

    Value assigned to the attribute.

    Name string

    Name assigned to the attribute.

    attribute String

    Class of supported scope.

    value String

    Value assigned to the attribute.

    name String

    Name assigned to the attribute.

    attribute string

    Class of supported scope.

    value string

    Value assigned to the attribute.

    name string

    Name assigned to the attribute.

    attribute str

    Class of supported scope.

    value str

    Value assigned to the attribute.

    name str

    Name assigned to the attribute.

    attribute String

    Class of supported scope.

    value String

    Value assigned to the attribute.

    name String

    Name assigned to the attribute.

    Package Details

    Repository
    aquasec pulumiverse/pulumi-aquasec
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aquasec Terraform Provider.

    aquasec logo
    Aquasec v0.8.25 published on Tuesday, Apr 25, 2023 by Pulumiverse