Aquasec

v0.2.2 published on Monday, Nov 14, 2022 by Pulumiverse

FunctionRuntimePolicy

Example Usage

using System.Collections.Generic;
using Pulumi;
using Aquasec = Pulumiverse.Aquasec;

return await Deployment.RunAsync(() => 
{
    var functionRuntimePolicy = new Aquasec.FunctionRuntimePolicy("functionRuntimePolicy", new()
    {
        ApplicationScopes = new[]
        {
            "Global",
        },
        BlockMaliciousExecutables = true,
        BlockMaliciousExecutablesAllowedProcesses = new[]
        {
            "proc1",
            "proc2",
        },
        BlockRunningExecutablesInTmpFolder = true,
        BlockedExecutables = new[]
        {
            "exe1",
            "exe2",
        },
        Description = "function_runtime_policy",
        Enabled = true,
        Enforce = false,
        ScopeVariables = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
            {
                Attribute = "kubernetes.cluster",
                Value = "default",
            },
            new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
            {
                Attribute = "kubernetes.label",
                Name = "app",
                Value = "aqua",
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := aquasec.NewFunctionRuntimePolicy(ctx, "functionRuntimePolicy", &aquasec.FunctionRuntimePolicyArgs{
			ApplicationScopes: pulumi.StringArray{
				pulumi.String("Global"),
			},
			BlockMaliciousExecutables: pulumi.Bool(true),
			BlockMaliciousExecutablesAllowedProcesses: pulumi.StringArray{
				pulumi.String("proc1"),
				pulumi.String("proc2"),
			},
			BlockRunningExecutablesInTmpFolder: pulumi.Bool(true),
			BlockedExecutables: pulumi.StringArray{
				pulumi.String("exe1"),
				pulumi.String("exe2"),
			},
			Description: pulumi.String("function_runtime_policy"),
			Enabled:     pulumi.Bool(true),
			Enforce:     pulumi.Bool(false),
			ScopeVariables: FunctionRuntimePolicyScopeVariableArray{
				&FunctionRuntimePolicyScopeVariableArgs{
					Attribute: pulumi.String("kubernetes.cluster"),
					Value:     pulumi.String("default"),
				},
				&FunctionRuntimePolicyScopeVariableArgs{
					Attribute: pulumi.String("kubernetes.label"),
					Name:      pulumi.String("app"),
					Value:     pulumi.String("aqua"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aquasec.FunctionRuntimePolicy;
import com.pulumi.aquasec.FunctionRuntimePolicyArgs;
import com.pulumi.aquasec.inputs.FunctionRuntimePolicyScopeVariableArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var functionRuntimePolicy = new FunctionRuntimePolicy("functionRuntimePolicy", FunctionRuntimePolicyArgs.builder()        
            .applicationScopes("Global")
            .blockMaliciousExecutables(true)
            .blockMaliciousExecutablesAllowedProcesses(            
                "proc1",
                "proc2")
            .blockRunningExecutablesInTmpFolder(true)
            .blockedExecutables(            
                "exe1",
                "exe2")
            .description("function_runtime_policy")
            .enabled(true)
            .enforce(false)
            .scopeVariables(            
                FunctionRuntimePolicyScopeVariableArgs.builder()
                    .attribute("kubernetes.cluster")
                    .value("default")
                    .build(),
                FunctionRuntimePolicyScopeVariableArgs.builder()
                    .attribute("kubernetes.label")
                    .name("app")
                    .value("aqua")
                    .build())
            .build());

    }
}
import pulumi
import pulumiverse_aquasec as aquasec

function_runtime_policy = aquasec.FunctionRuntimePolicy("functionRuntimePolicy",
    application_scopes=["Global"],
    block_malicious_executables=True,
    block_malicious_executables_allowed_processes=[
        "proc1",
        "proc2",
    ],
    block_running_executables_in_tmp_folder=True,
    blocked_executables=[
        "exe1",
        "exe2",
    ],
    description="function_runtime_policy",
    enabled=True,
    enforce=False,
    scope_variables=[
        aquasec.FunctionRuntimePolicyScopeVariableArgs(
            attribute="kubernetes.cluster",
            value="default",
        ),
        aquasec.FunctionRuntimePolicyScopeVariableArgs(
            attribute="kubernetes.label",
            name="app",
            value="aqua",
        ),
    ])
import * as pulumi from "@pulumi/pulumi";
import * as aquasec from "@pulumi/aquasec";

const functionRuntimePolicy = new aquasec.FunctionRuntimePolicy("function_runtime_policy", {
    applicationScopes: ["Global"],
    blockMaliciousExecutables: true,
    blockMaliciousExecutablesAllowedProcesses: [
        "proc1",
        "proc2",
    ],
    blockRunningExecutablesInTmpFolder: true,
    blockedExecutables: [
        "exe1",
        "exe2",
    ],
    description: "function_runtime_policy",
    enabled: true,
    enforce: false,
    scopeVariables: [
        {
            attribute: "kubernetes.cluster",
            value: "default",
        },
        {
            attribute: "kubernetes.label",
            name: "app",
            value: "aqua",
        },
    ],
});
resources:
  functionRuntimePolicy:
    type: aquasec:FunctionRuntimePolicy
    properties:
      applicationScopes:
        - Global
      blockMaliciousExecutables: true
      blockMaliciousExecutablesAllowedProcesses:
        - proc1
        - proc2
      blockRunningExecutablesInTmpFolder: true
      blockedExecutables:
        - exe1
        - exe2
      description: function_runtime_policy
      enabled: true
      enforce: false
      scopeVariables:
        - attribute: kubernetes.cluster
          value: default
        - attribute: kubernetes.label
          name: app
          value: aqua

Create FunctionRuntimePolicy Resource

new FunctionRuntimePolicy(name: string, args?: FunctionRuntimePolicyArgs, opts?: CustomResourceOptions);
@overload
def FunctionRuntimePolicy(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          application_scopes: Optional[Sequence[str]] = None,
                          block_malicious_executables: Optional[bool] = None,
                          block_malicious_executables_allowed_processes: Optional[Sequence[str]] = None,
                          block_running_executables_in_tmp_folder: Optional[bool] = None,
                          blocked_executables: Optional[Sequence[str]] = None,
                          description: Optional[str] = None,
                          enabled: Optional[bool] = None,
                          enforce: Optional[bool] = None,
                          honeypot_access_key: Optional[str] = None,
                          honeypot_apply_ons: Optional[Sequence[str]] = None,
                          honeypot_secret_key: Optional[str] = None,
                          honeypot_serverless_app_name: Optional[str] = None,
                          name: Optional[str] = None,
                          scope_expression: Optional[str] = None,
                          scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None)
@overload
def FunctionRuntimePolicy(resource_name: str,
                          args: Optional[FunctionRuntimePolicyArgs] = None,
                          opts: Optional[ResourceOptions] = None)
func NewFunctionRuntimePolicy(ctx *Context, name string, args *FunctionRuntimePolicyArgs, opts ...ResourceOption) (*FunctionRuntimePolicy, error)
public FunctionRuntimePolicy(string name, FunctionRuntimePolicyArgs? args = null, CustomResourceOptions? opts = null)
public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args)
public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args, CustomResourceOptions options)
type: aquasec:FunctionRuntimePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FunctionRuntimePolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FunctionRuntimePolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FunctionRuntimePolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FunctionRuntimePolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FunctionRuntimePolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

FunctionRuntimePolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FunctionRuntimePolicy resource accepts the following input properties:

ApplicationScopes List<string>

Indicates the application scope of the service.

BlockMaliciousExecutables bool

If true, prevent creation of malicious executables in functions during their runtime post invocation.

BlockMaliciousExecutablesAllowedProcesses List<string>

List of processes that will be allowed

BlockRunningExecutablesInTmpFolder bool

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

BlockedExecutables List<string>

List of executables that are prevented from running in containers.

Description string

The description of the function runtime policy

Enabled bool

Indicates if the runtime policy is enabled or not.

Enforce bool

Indicates that policy should effect container execution (not just for audit).

HoneypotAccessKey string

Honeypot User ID (Access Key)

HoneypotApplyOns List<string>

List of options to apply the honeypot on (Environment Vairable, Layer, File)

HoneypotSecretKey string

Honeypot User Password (Secret Key)

HoneypotServerlessAppName string

Serverless application name

Name string

Name of the function runtime policy

ScopeExpression string

Logical expression of how to compute the dependency of the scope variables.

ScopeVariables List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs>

List of scope attributes.

ApplicationScopes []string

Indicates the application scope of the service.

BlockMaliciousExecutables bool

If true, prevent creation of malicious executables in functions during their runtime post invocation.

BlockMaliciousExecutablesAllowedProcesses []string

List of processes that will be allowed

BlockRunningExecutablesInTmpFolder bool

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

BlockedExecutables []string

List of executables that are prevented from running in containers.

Description string

The description of the function runtime policy

Enabled bool

Indicates if the runtime policy is enabled or not.

Enforce bool

Indicates that policy should effect container execution (not just for audit).

HoneypotAccessKey string

Honeypot User ID (Access Key)

HoneypotApplyOns []string

List of options to apply the honeypot on (Environment Vairable, Layer, File)

HoneypotSecretKey string

Honeypot User Password (Secret Key)

HoneypotServerlessAppName string

Serverless application name

Name string

Name of the function runtime policy

ScopeExpression string

Logical expression of how to compute the dependency of the scope variables.

ScopeVariables []FunctionRuntimePolicyScopeVariableArgs

List of scope attributes.

applicationScopes List<String>

Indicates the application scope of the service.

blockMaliciousExecutables Boolean

If true, prevent creation of malicious executables in functions during their runtime post invocation.

blockMaliciousExecutablesAllowedProcesses List<String>

List of processes that will be allowed

blockRunningExecutablesInTmpFolder Boolean

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

blockedExecutables List<String>

List of executables that are prevented from running in containers.

description String

The description of the function runtime policy

enabled Boolean

Indicates if the runtime policy is enabled or not.

enforce Boolean

Indicates that policy should effect container execution (not just for audit).

honeypotAccessKey String

Honeypot User ID (Access Key)

honeypotApplyOns List<String>

List of options to apply the honeypot on (Environment Vairable, Layer, File)

honeypotSecretKey String

Honeypot User Password (Secret Key)

honeypotServerlessAppName String

Serverless application name

name String

Name of the function runtime policy

scopeExpression String

Logical expression of how to compute the dependency of the scope variables.

scopeVariables List<FunctionRuntimePolicyScopeVariableArgs>

List of scope attributes.

applicationScopes string[]

Indicates the application scope of the service.

blockMaliciousExecutables boolean

If true, prevent creation of malicious executables in functions during their runtime post invocation.

blockMaliciousExecutablesAllowedProcesses string[]

List of processes that will be allowed

blockRunningExecutablesInTmpFolder boolean

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

blockedExecutables string[]

List of executables that are prevented from running in containers.

description string

The description of the function runtime policy

enabled boolean

Indicates if the runtime policy is enabled or not.

enforce boolean

Indicates that policy should effect container execution (not just for audit).

honeypotAccessKey string

Honeypot User ID (Access Key)

honeypotApplyOns string[]

List of options to apply the honeypot on (Environment Vairable, Layer, File)

honeypotSecretKey string

Honeypot User Password (Secret Key)

honeypotServerlessAppName string

Serverless application name

name string

Name of the function runtime policy

scopeExpression string

Logical expression of how to compute the dependency of the scope variables.

scopeVariables FunctionRuntimePolicyScopeVariableArgs[]

List of scope attributes.

application_scopes Sequence[str]

Indicates the application scope of the service.

block_malicious_executables bool

If true, prevent creation of malicious executables in functions during their runtime post invocation.

block_malicious_executables_allowed_processes Sequence[str]

List of processes that will be allowed

block_running_executables_in_tmp_folder bool

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

blocked_executables Sequence[str]

List of executables that are prevented from running in containers.

description str

The description of the function runtime policy

enabled bool

Indicates if the runtime policy is enabled or not.

enforce bool

Indicates that policy should effect container execution (not just for audit).

honeypot_access_key str

Honeypot User ID (Access Key)

honeypot_apply_ons Sequence[str]

List of options to apply the honeypot on (Environment Vairable, Layer, File)

honeypot_secret_key str

Honeypot User Password (Secret Key)

honeypot_serverless_app_name str

Serverless application name

name str

Name of the function runtime policy

scope_expression str

Logical expression of how to compute the dependency of the scope variables.

scope_variables Sequence[FunctionRuntimePolicyScopeVariableArgs]

List of scope attributes.

applicationScopes List<String>

Indicates the application scope of the service.

blockMaliciousExecutables Boolean

If true, prevent creation of malicious executables in functions during their runtime post invocation.

blockMaliciousExecutablesAllowedProcesses List<String>

List of processes that will be allowed

blockRunningExecutablesInTmpFolder Boolean

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

blockedExecutables List<String>

List of executables that are prevented from running in containers.

description String

The description of the function runtime policy

enabled Boolean

Indicates if the runtime policy is enabled or not.

enforce Boolean

Indicates that policy should effect container execution (not just for audit).

honeypotAccessKey String

Honeypot User ID (Access Key)

honeypotApplyOns List<String>

List of options to apply the honeypot on (Environment Vairable, Layer, File)

honeypotSecretKey String

Honeypot User Password (Secret Key)

honeypotServerlessAppName String

Serverless application name

name String

Name of the function runtime policy

scopeExpression String

Logical expression of how to compute the dependency of the scope variables.

scopeVariables List<Property Map>

List of scope attributes.

Outputs

All input properties are implicitly available as output properties. Additionally, the FunctionRuntimePolicy resource produces the following output properties:

Author string

Username of the account that created the service.

Id string

The provider-assigned unique ID for this managed resource.

Author string

Username of the account that created the service.

Id string

The provider-assigned unique ID for this managed resource.

author String

Username of the account that created the service.

id String

The provider-assigned unique ID for this managed resource.

author string

Username of the account that created the service.

id string

The provider-assigned unique ID for this managed resource.

author str

Username of the account that created the service.

id str

The provider-assigned unique ID for this managed resource.

author String

Username of the account that created the service.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing FunctionRuntimePolicy Resource

Get an existing FunctionRuntimePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FunctionRuntimePolicyState, opts?: CustomResourceOptions): FunctionRuntimePolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        application_scopes: Optional[Sequence[str]] = None,
        author: Optional[str] = None,
        block_malicious_executables: Optional[bool] = None,
        block_malicious_executables_allowed_processes: Optional[Sequence[str]] = None,
        block_running_executables_in_tmp_folder: Optional[bool] = None,
        blocked_executables: Optional[Sequence[str]] = None,
        description: Optional[str] = None,
        enabled: Optional[bool] = None,
        enforce: Optional[bool] = None,
        honeypot_access_key: Optional[str] = None,
        honeypot_apply_ons: Optional[Sequence[str]] = None,
        honeypot_secret_key: Optional[str] = None,
        honeypot_serverless_app_name: Optional[str] = None,
        name: Optional[str] = None,
        scope_expression: Optional[str] = None,
        scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None) -> FunctionRuntimePolicy
func GetFunctionRuntimePolicy(ctx *Context, name string, id IDInput, state *FunctionRuntimePolicyState, opts ...ResourceOption) (*FunctionRuntimePolicy, error)
public static FunctionRuntimePolicy Get(string name, Input<string> id, FunctionRuntimePolicyState? state, CustomResourceOptions? opts = null)
public static FunctionRuntimePolicy get(String name, Output<String> id, FunctionRuntimePolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ApplicationScopes List<string>

Indicates the application scope of the service.

Author string

Username of the account that created the service.

BlockMaliciousExecutables bool

If true, prevent creation of malicious executables in functions during their runtime post invocation.

BlockMaliciousExecutablesAllowedProcesses List<string>

List of processes that will be allowed

BlockRunningExecutablesInTmpFolder bool

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

BlockedExecutables List<string>

List of executables that are prevented from running in containers.

Description string

The description of the function runtime policy

Enabled bool

Indicates if the runtime policy is enabled or not.

Enforce bool

Indicates that policy should effect container execution (not just for audit).

HoneypotAccessKey string

Honeypot User ID (Access Key)

HoneypotApplyOns List<string>

List of options to apply the honeypot on (Environment Vairable, Layer, File)

HoneypotSecretKey string

Honeypot User Password (Secret Key)

HoneypotServerlessAppName string

Serverless application name

Name string

Name of the function runtime policy

ScopeExpression string

Logical expression of how to compute the dependency of the scope variables.

ScopeVariables List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs>

List of scope attributes.

ApplicationScopes []string

Indicates the application scope of the service.

Author string

Username of the account that created the service.

BlockMaliciousExecutables bool

If true, prevent creation of malicious executables in functions during their runtime post invocation.

BlockMaliciousExecutablesAllowedProcesses []string

List of processes that will be allowed

BlockRunningExecutablesInTmpFolder bool

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

BlockedExecutables []string

List of executables that are prevented from running in containers.

Description string

The description of the function runtime policy

Enabled bool

Indicates if the runtime policy is enabled or not.

Enforce bool

Indicates that policy should effect container execution (not just for audit).

HoneypotAccessKey string

Honeypot User ID (Access Key)

HoneypotApplyOns []string

List of options to apply the honeypot on (Environment Vairable, Layer, File)

HoneypotSecretKey string

Honeypot User Password (Secret Key)

HoneypotServerlessAppName string

Serverless application name

Name string

Name of the function runtime policy

ScopeExpression string

Logical expression of how to compute the dependency of the scope variables.

ScopeVariables []FunctionRuntimePolicyScopeVariableArgs

List of scope attributes.

applicationScopes List<String>

Indicates the application scope of the service.

author String

Username of the account that created the service.

blockMaliciousExecutables Boolean

If true, prevent creation of malicious executables in functions during their runtime post invocation.

blockMaliciousExecutablesAllowedProcesses List<String>

List of processes that will be allowed

blockRunningExecutablesInTmpFolder Boolean

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

blockedExecutables List<String>

List of executables that are prevented from running in containers.

description String

The description of the function runtime policy

enabled Boolean

Indicates if the runtime policy is enabled or not.

enforce Boolean

Indicates that policy should effect container execution (not just for audit).

honeypotAccessKey String

Honeypot User ID (Access Key)

honeypotApplyOns List<String>

List of options to apply the honeypot on (Environment Vairable, Layer, File)

honeypotSecretKey String

Honeypot User Password (Secret Key)

honeypotServerlessAppName String

Serverless application name

name String

Name of the function runtime policy

scopeExpression String

Logical expression of how to compute the dependency of the scope variables.

scopeVariables List<FunctionRuntimePolicyScopeVariableArgs>

List of scope attributes.

applicationScopes string[]

Indicates the application scope of the service.

author string

Username of the account that created the service.

blockMaliciousExecutables boolean

If true, prevent creation of malicious executables in functions during their runtime post invocation.

blockMaliciousExecutablesAllowedProcesses string[]

List of processes that will be allowed

blockRunningExecutablesInTmpFolder boolean

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

blockedExecutables string[]

List of executables that are prevented from running in containers.

description string

The description of the function runtime policy

enabled boolean

Indicates if the runtime policy is enabled or not.

enforce boolean

Indicates that policy should effect container execution (not just for audit).

honeypotAccessKey string

Honeypot User ID (Access Key)

honeypotApplyOns string[]

List of options to apply the honeypot on (Environment Vairable, Layer, File)

honeypotSecretKey string

Honeypot User Password (Secret Key)

honeypotServerlessAppName string

Serverless application name

name string

Name of the function runtime policy

scopeExpression string

Logical expression of how to compute the dependency of the scope variables.

scopeVariables FunctionRuntimePolicyScopeVariableArgs[]

List of scope attributes.

application_scopes Sequence[str]

Indicates the application scope of the service.

author str

Username of the account that created the service.

block_malicious_executables bool

If true, prevent creation of malicious executables in functions during their runtime post invocation.

block_malicious_executables_allowed_processes Sequence[str]

List of processes that will be allowed

block_running_executables_in_tmp_folder bool

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

blocked_executables Sequence[str]

List of executables that are prevented from running in containers.

description str

The description of the function runtime policy

enabled bool

Indicates if the runtime policy is enabled or not.

enforce bool

Indicates that policy should effect container execution (not just for audit).

honeypot_access_key str

Honeypot User ID (Access Key)

honeypot_apply_ons Sequence[str]

List of options to apply the honeypot on (Environment Vairable, Layer, File)

honeypot_secret_key str

Honeypot User Password (Secret Key)

honeypot_serverless_app_name str

Serverless application name

name str

Name of the function runtime policy

scope_expression str

Logical expression of how to compute the dependency of the scope variables.

scope_variables Sequence[FunctionRuntimePolicyScopeVariableArgs]

List of scope attributes.

applicationScopes List<String>

Indicates the application scope of the service.

author String

Username of the account that created the service.

blockMaliciousExecutables Boolean

If true, prevent creation of malicious executables in functions during their runtime post invocation.

blockMaliciousExecutablesAllowedProcesses List<String>

List of processes that will be allowed

blockRunningExecutablesInTmpFolder Boolean

If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.

blockedExecutables List<String>

List of executables that are prevented from running in containers.

description String

The description of the function runtime policy

enabled Boolean

Indicates if the runtime policy is enabled or not.

enforce Boolean

Indicates that policy should effect container execution (not just for audit).

honeypotAccessKey String

Honeypot User ID (Access Key)

honeypotApplyOns List<String>

List of options to apply the honeypot on (Environment Vairable, Layer, File)

honeypotSecretKey String

Honeypot User Password (Secret Key)

honeypotServerlessAppName String

Serverless application name

name String

Name of the function runtime policy

scopeExpression String

Logical expression of how to compute the dependency of the scope variables.

scopeVariables List<Property Map>

List of scope attributes.

Supporting Types

FunctionRuntimePolicyScopeVariable

Attribute string

Class of supported scope.

Value string

Value assigned to the attribute.

Name string

Name assigned to the attribute.

Attribute string

Class of supported scope.

Value string

Value assigned to the attribute.

Name string

Name assigned to the attribute.

attribute String

Class of supported scope.

value String

Value assigned to the attribute.

name String

Name assigned to the attribute.

attribute string

Class of supported scope.

value string

Value assigned to the attribute.

name string

Name assigned to the attribute.

attribute str

Class of supported scope.

value str

Value assigned to the attribute.

name str

Name assigned to the attribute.

attribute String

Class of supported scope.

value String

Value assigned to the attribute.

name String

Name assigned to the attribute.

Package Details

Repository
https://github.com/pulumiverse/pulumi-aquasec
License
Apache-2.0
Notes

This Pulumi package is based on the aquasec Terraform Provider.