Docs
Packagesaquasec.FunctionRuntimePolicy
Explore with Pulumi AI
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aquasec = Pulumiverse.Aquasec;
return await Deployment.RunAsync(() =>
{
var functionRuntimePolicy = new Aquasec.FunctionRuntimePolicy("functionRuntimePolicy", new()
{
ApplicationScopes = new[]
{
"Global",
},
BlockMaliciousExecutables = true,
BlockMaliciousExecutablesAllowedProcesses = new[]
{
"proc1",
"proc2",
},
BlockRunningExecutablesInTmpFolder = true,
BlockedExecutables = new[]
{
"exe1",
"exe2",
},
Description = "function_runtime_policy",
Enabled = true,
Enforce = false,
ScopeVariables = new[]
{
new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
{
Attribute = "kubernetes.cluster",
Value = "default",
},
new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
{
Attribute = "kubernetes.label",
Name = "app",
Value = "aqua",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := aquasec.NewFunctionRuntimePolicy(ctx, "functionRuntimePolicy", &aquasec.FunctionRuntimePolicyArgs{
ApplicationScopes: pulumi.StringArray{
pulumi.String("Global"),
},
BlockMaliciousExecutables: pulumi.Bool(true),
BlockMaliciousExecutablesAllowedProcesses: pulumi.StringArray{
pulumi.String("proc1"),
pulumi.String("proc2"),
},
BlockRunningExecutablesInTmpFolder: pulumi.Bool(true),
BlockedExecutables: pulumi.StringArray{
pulumi.String("exe1"),
pulumi.String("exe2"),
},
Description: pulumi.String("function_runtime_policy"),
Enabled: pulumi.Bool(true),
Enforce: pulumi.Bool(false),
ScopeVariables: aquasec.FunctionRuntimePolicyScopeVariableArray{
&aquasec.FunctionRuntimePolicyScopeVariableArgs{
Attribute: pulumi.String("kubernetes.cluster"),
Value: pulumi.String("default"),
},
&aquasec.FunctionRuntimePolicyScopeVariableArgs{
Attribute: pulumi.String("kubernetes.label"),
Name: pulumi.String("app"),
Value: pulumi.String("aqua"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aquasec.FunctionRuntimePolicy;
import com.pulumi.aquasec.FunctionRuntimePolicyArgs;
import com.pulumi.aquasec.inputs.FunctionRuntimePolicyScopeVariableArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var functionRuntimePolicy = new FunctionRuntimePolicy("functionRuntimePolicy", FunctionRuntimePolicyArgs.builder()
.applicationScopes("Global")
.blockMaliciousExecutables(true)
.blockMaliciousExecutablesAllowedProcesses(
"proc1",
"proc2")
.blockRunningExecutablesInTmpFolder(true)
.blockedExecutables(
"exe1",
"exe2")
.description("function_runtime_policy")
.enabled(true)
.enforce(false)
.scopeVariables(
FunctionRuntimePolicyScopeVariableArgs.builder()
.attribute("kubernetes.cluster")
.value("default")
.build(),
FunctionRuntimePolicyScopeVariableArgs.builder()
.attribute("kubernetes.label")
.name("app")
.value("aqua")
.build())
.build());
}
}
import pulumi
import pulumiverse_aquasec as aquasec
function_runtime_policy = aquasec.FunctionRuntimePolicy("functionRuntimePolicy",
application_scopes=["Global"],
block_malicious_executables=True,
block_malicious_executables_allowed_processes=[
"proc1",
"proc2",
],
block_running_executables_in_tmp_folder=True,
blocked_executables=[
"exe1",
"exe2",
],
description="function_runtime_policy",
enabled=True,
enforce=False,
scope_variables=[
aquasec.FunctionRuntimePolicyScopeVariableArgs(
attribute="kubernetes.cluster",
value="default",
),
aquasec.FunctionRuntimePolicyScopeVariableArgs(
attribute="kubernetes.label",
name="app",
value="aqua",
),
])
import * as pulumi from "@pulumi/pulumi";
import * as aquasec from "@pulumiverse/aquasec";
const functionRuntimePolicy = new aquasec.FunctionRuntimePolicy("functionRuntimePolicy", {
applicationScopes: ["Global"],
blockMaliciousExecutables: true,
blockMaliciousExecutablesAllowedProcesses: [
"proc1",
"proc2",
],
blockRunningExecutablesInTmpFolder: true,
blockedExecutables: [
"exe1",
"exe2",
],
description: "function_runtime_policy",
enabled: true,
enforce: false,
scopeVariables: [
{
attribute: "kubernetes.cluster",
value: "default",
},
{
attribute: "kubernetes.label",
name: "app",
value: "aqua",
},
],
});
resources:
functionRuntimePolicy:
type: aquasec:FunctionRuntimePolicy
properties:
applicationScopes:
- Global
blockMaliciousExecutables: true
blockMaliciousExecutablesAllowedProcesses:
- proc1
- proc2
blockRunningExecutablesInTmpFolder: true
blockedExecutables:
- exe1
- exe2
description: function_runtime_policy
enabled: true
enforce: false
scopeVariables:
- attribute: kubernetes.cluster
value: default
- attribute: kubernetes.label
name: app
value: aqua
Create FunctionRuntimePolicy Resource
new FunctionRuntimePolicy(name: string, args?: FunctionRuntimePolicyArgs, opts?: CustomResourceOptions);@overload
def FunctionRuntimePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
application_scopes: Optional[Sequence[str]] = None,
block_malicious_executables: Optional[bool] = None,
block_malicious_executables_allowed_processes: Optional[Sequence[str]] = None,
block_running_executables_in_tmp_folder: Optional[bool] = None,
blocked_executables: Optional[Sequence[str]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
enforce: Optional[bool] = None,
honeypot_access_key: Optional[str] = None,
honeypot_apply_ons: Optional[Sequence[str]] = None,
honeypot_secret_key: Optional[str] = None,
honeypot_serverless_app_name: Optional[str] = None,
name: Optional[str] = None,
scope_expression: Optional[str] = None,
scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None)
@overload
def FunctionRuntimePolicy(resource_name: str,
args: Optional[FunctionRuntimePolicyArgs] = None,
opts: Optional[ResourceOptions] = None)func NewFunctionRuntimePolicy(ctx *Context, name string, args *FunctionRuntimePolicyArgs, opts ...ResourceOption) (*FunctionRuntimePolicy, error)public FunctionRuntimePolicy(string name, FunctionRuntimePolicyArgs? args = null, CustomResourceOptions? opts = null)
public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args)
public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args, CustomResourceOptions options)
type: aquasec:FunctionRuntimePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FunctionRuntimePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
FunctionRuntimePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FunctionRuntimePolicy resource accepts the following input properties:
- Application
Scopes List<string> Indicates the application scope of the service.
- Block
Malicious boolExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- Block
Malicious List<string>Executables Allowed Processes List of processes that will be allowed
- Block
Running boolExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- Blocked
Executables List<string> List of executables that are prevented from running in containers.
- Description string
The description of the function runtime policy
- Enabled bool
Indicates if the runtime policy is enabled or not.
- Enforce bool
Indicates that policy should effect container execution (not just for audit).
- Honeypot
Access stringKey Honeypot User ID (Access Key)
- Honeypot
Apply List<string>Ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- Honeypot
Secret stringKey Honeypot User Password (Secret Key)
- Honeypot
Serverless stringApp Name Serverless application name
- Name string
Name of the function runtime policy
- Scope
Expression string Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Scope Variable> List of scope attributes.
- Application
Scopes []string Indicates the application scope of the service.
- Block
Malicious boolExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- Block
Malicious []stringExecutables Allowed Processes List of processes that will be allowed
- Block
Running boolExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- Blocked
Executables []string List of executables that are prevented from running in containers.
- Description string
The description of the function runtime policy
- Enabled bool
Indicates if the runtime policy is enabled or not.
- Enforce bool
Indicates that policy should effect container execution (not just for audit).
- Honeypot
Access stringKey Honeypot User ID (Access Key)
- Honeypot
Apply []stringOns List of options to apply the honeypot on (Environment Vairable, Layer, File)
- Honeypot
Secret stringKey Honeypot User Password (Secret Key)
- Honeypot
Serverless stringApp Name Serverless application name
- Name string
Name of the function runtime policy
- Scope
Expression string Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables []FunctionRuntime Policy Scope Variable Args List of scope attributes.
- application
Scopes List<String> Indicates the application scope of the service.
- block
Malicious BooleanExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- block
Malicious List<String>Executables Allowed Processes List of processes that will be allowed
- block
Running BooleanExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- blocked
Executables List<String> List of executables that are prevented from running in containers.
- description String
The description of the function runtime policy
- enabled Boolean
Indicates if the runtime policy is enabled or not.
- enforce Boolean
Indicates that policy should effect container execution (not just for audit).
- honeypot
Access StringKey Honeypot User ID (Access Key)
- honeypot
Apply List<String>Ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret StringKey Honeypot User Password (Secret Key)
- honeypot
Serverless StringApp Name Serverless application name
- name String
Name of the function runtime policy
- scope
Expression String Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<FunctionRuntime Policy Scope Variable> List of scope attributes.
- application
Scopes string[] Indicates the application scope of the service.
- block
Malicious booleanExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- block
Malicious string[]Executables Allowed Processes List of processes that will be allowed
- block
Running booleanExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- blocked
Executables string[] List of executables that are prevented from running in containers.
- description string
The description of the function runtime policy
- enabled boolean
Indicates if the runtime policy is enabled or not.
- enforce boolean
Indicates that policy should effect container execution (not just for audit).
- honeypot
Access stringKey Honeypot User ID (Access Key)
- honeypot
Apply string[]Ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret stringKey Honeypot User Password (Secret Key)
- honeypot
Serverless stringApp Name Serverless application name
- name string
Name of the function runtime policy
- scope
Expression string Logical expression of how to compute the dependency of the scope variables.
- scope
Variables FunctionRuntime Policy Scope Variable[] List of scope attributes.
- application_
scopes Sequence[str] Indicates the application scope of the service.
- block_
malicious_ boolexecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- block_
malicious_ Sequence[str]executables_ allowed_ processes List of processes that will be allowed
- block_
running_ boolexecutables_ in_ tmp_ folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- blocked_
executables Sequence[str] List of executables that are prevented from running in containers.
- description str
The description of the function runtime policy
- enabled bool
Indicates if the runtime policy is enabled or not.
- enforce bool
Indicates that policy should effect container execution (not just for audit).
- honeypot_
access_ strkey Honeypot User ID (Access Key)
- honeypot_
apply_ Sequence[str]ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot_
secret_ strkey Honeypot User Password (Secret Key)
- honeypot_
serverless_ strapp_ name Serverless application name
- name str
Name of the function runtime policy
- scope_
expression str Logical expression of how to compute the dependency of the scope variables.
- scope_
variables Sequence[FunctionRuntime Policy Scope Variable Args] List of scope attributes.
- application
Scopes List<String> Indicates the application scope of the service.
- block
Malicious BooleanExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- block
Malicious List<String>Executables Allowed Processes List of processes that will be allowed
- block
Running BooleanExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- blocked
Executables List<String> List of executables that are prevented from running in containers.
- description String
The description of the function runtime policy
- enabled Boolean
Indicates if the runtime policy is enabled or not.
- enforce Boolean
Indicates that policy should effect container execution (not just for audit).
- honeypot
Access StringKey Honeypot User ID (Access Key)
- honeypot
Apply List<String>Ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret StringKey Honeypot User Password (Secret Key)
- honeypot
Serverless StringApp Name Serverless application name
- name String
Name of the function runtime policy
- scope
Expression String Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<Property Map> List of scope attributes.
Outputs
All input properties are implicitly available as output properties. Additionally, the FunctionRuntimePolicy resource produces the following output properties:
- string
Username of the account that created the service.
- Id string
The provider-assigned unique ID for this managed resource.
- string
Username of the account that created the service.
- Id string
The provider-assigned unique ID for this managed resource.
- String
Username of the account that created the service.
- id String
The provider-assigned unique ID for this managed resource.
- string
Username of the account that created the service.
- id string
The provider-assigned unique ID for this managed resource.
- str
Username of the account that created the service.
- id str
The provider-assigned unique ID for this managed resource.
- String
Username of the account that created the service.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing FunctionRuntimePolicy Resource
Get an existing FunctionRuntimePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FunctionRuntimePolicyState, opts?: CustomResourceOptions): FunctionRuntimePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_scopes: Optional[Sequence[str]] = None,
author: Optional[str] = None,
block_malicious_executables: Optional[bool] = None,
block_malicious_executables_allowed_processes: Optional[Sequence[str]] = None,
block_running_executables_in_tmp_folder: Optional[bool] = None,
blocked_executables: Optional[Sequence[str]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
enforce: Optional[bool] = None,
honeypot_access_key: Optional[str] = None,
honeypot_apply_ons: Optional[Sequence[str]] = None,
honeypot_secret_key: Optional[str] = None,
honeypot_serverless_app_name: Optional[str] = None,
name: Optional[str] = None,
scope_expression: Optional[str] = None,
scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None) -> FunctionRuntimePolicyfunc GetFunctionRuntimePolicy(ctx *Context, name string, id IDInput, state *FunctionRuntimePolicyState, opts ...ResourceOption) (*FunctionRuntimePolicy, error)public static FunctionRuntimePolicy Get(string name, Input<string> id, FunctionRuntimePolicyState? state, CustomResourceOptions? opts = null)public static FunctionRuntimePolicy get(String name, Output<String> id, FunctionRuntimePolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Scopes List<string> Indicates the application scope of the service.
- string
Username of the account that created the service.
- Block
Malicious boolExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- Block
Malicious List<string>Executables Allowed Processes List of processes that will be allowed
- Block
Running boolExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- Blocked
Executables List<string> List of executables that are prevented from running in containers.
- Description string
The description of the function runtime policy
- Enabled bool
Indicates if the runtime policy is enabled or not.
- Enforce bool
Indicates that policy should effect container execution (not just for audit).
- Honeypot
Access stringKey Honeypot User ID (Access Key)
- Honeypot
Apply List<string>Ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- Honeypot
Secret stringKey Honeypot User Password (Secret Key)
- Honeypot
Serverless stringApp Name Serverless application name
- Name string
Name of the function runtime policy
- Scope
Expression string Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables List<Pulumiverse.Aquasec. Inputs. Function Runtime Policy Scope Variable> List of scope attributes.
- Application
Scopes []string Indicates the application scope of the service.
- string
Username of the account that created the service.
- Block
Malicious boolExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- Block
Malicious []stringExecutables Allowed Processes List of processes that will be allowed
- Block
Running boolExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- Blocked
Executables []string List of executables that are prevented from running in containers.
- Description string
The description of the function runtime policy
- Enabled bool
Indicates if the runtime policy is enabled or not.
- Enforce bool
Indicates that policy should effect container execution (not just for audit).
- Honeypot
Access stringKey Honeypot User ID (Access Key)
- Honeypot
Apply []stringOns List of options to apply the honeypot on (Environment Vairable, Layer, File)
- Honeypot
Secret stringKey Honeypot User Password (Secret Key)
- Honeypot
Serverless stringApp Name Serverless application name
- Name string
Name of the function runtime policy
- Scope
Expression string Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables []FunctionRuntime Policy Scope Variable Args List of scope attributes.
- application
Scopes List<String> Indicates the application scope of the service.
- String
Username of the account that created the service.
- block
Malicious BooleanExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- block
Malicious List<String>Executables Allowed Processes List of processes that will be allowed
- block
Running BooleanExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- blocked
Executables List<String> List of executables that are prevented from running in containers.
- description String
The description of the function runtime policy
- enabled Boolean
Indicates if the runtime policy is enabled or not.
- enforce Boolean
Indicates that policy should effect container execution (not just for audit).
- honeypot
Access StringKey Honeypot User ID (Access Key)
- honeypot
Apply List<String>Ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret StringKey Honeypot User Password (Secret Key)
- honeypot
Serverless StringApp Name Serverless application name
- name String
Name of the function runtime policy
- scope
Expression String Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<FunctionRuntime Policy Scope Variable> List of scope attributes.
- application
Scopes string[] Indicates the application scope of the service.
- string
Username of the account that created the service.
- block
Malicious booleanExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- block
Malicious string[]Executables Allowed Processes List of processes that will be allowed
- block
Running booleanExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- blocked
Executables string[] List of executables that are prevented from running in containers.
- description string
The description of the function runtime policy
- enabled boolean
Indicates if the runtime policy is enabled or not.
- enforce boolean
Indicates that policy should effect container execution (not just for audit).
- honeypot
Access stringKey Honeypot User ID (Access Key)
- honeypot
Apply string[]Ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret stringKey Honeypot User Password (Secret Key)
- honeypot
Serverless stringApp Name Serverless application name
- name string
Name of the function runtime policy
- scope
Expression string Logical expression of how to compute the dependency of the scope variables.
- scope
Variables FunctionRuntime Policy Scope Variable[] List of scope attributes.
- application_
scopes Sequence[str] Indicates the application scope of the service.
- str
Username of the account that created the service.
- block_
malicious_ boolexecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- block_
malicious_ Sequence[str]executables_ allowed_ processes List of processes that will be allowed
- block_
running_ boolexecutables_ in_ tmp_ folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- blocked_
executables Sequence[str] List of executables that are prevented from running in containers.
- description str
The description of the function runtime policy
- enabled bool
Indicates if the runtime policy is enabled or not.
- enforce bool
Indicates that policy should effect container execution (not just for audit).
- honeypot_
access_ strkey Honeypot User ID (Access Key)
- honeypot_
apply_ Sequence[str]ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot_
secret_ strkey Honeypot User Password (Secret Key)
- honeypot_
serverless_ strapp_ name Serverless application name
- name str
Name of the function runtime policy
- scope_
expression str Logical expression of how to compute the dependency of the scope variables.
- scope_
variables Sequence[FunctionRuntime Policy Scope Variable Args] List of scope attributes.
- application
Scopes List<String> Indicates the application scope of the service.
- String
Username of the account that created the service.
- block
Malicious BooleanExecutables If true, prevent creation of malicious executables in functions during their runtime post invocation.
- block
Malicious List<String>Executables Allowed Processes List of processes that will be allowed
- block
Running BooleanExecutables In Tmp Folder If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.
- blocked
Executables List<String> List of executables that are prevented from running in containers.
- description String
The description of the function runtime policy
- enabled Boolean
Indicates if the runtime policy is enabled or not.
- enforce Boolean
Indicates that policy should effect container execution (not just for audit).
- honeypot
Access StringKey Honeypot User ID (Access Key)
- honeypot
Apply List<String>Ons List of options to apply the honeypot on (Environment Vairable, Layer, File)
- honeypot
Secret StringKey Honeypot User Password (Secret Key)
- honeypot
Serverless StringApp Name Serverless application name
- name String
Name of the function runtime policy
- scope
Expression String Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<Property Map> List of scope attributes.
Supporting Types
FunctionRuntimePolicyScopeVariable, FunctionRuntimePolicyScopeVariableArgs
Package Details
- Repository
- aquasec pulumiverse/pulumi-aquasec
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aquasecTerraform Provider.