Docs Home
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework
lacework.Policy
Explore with Pulumi AI
Lacework provides a highly scalable platform for creating, customizing, and managing custom policies against any datasource that is exposed via the Lacework Query Language (LQL).
For more information, see the Policy Overview Documentation.
Example Usage
Create a Lacework Policy to check for a change of password from an RDS cluster.
import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";
const aWSCTAAuroraPasswordChange = new lacework.Query("aWSCTAAuroraPasswordChange", {
queryId: "TF_AWS_CTA_AuroraPasswordChange",
query: ` {
source {
CloudTrailRawEvents
}
filter {
EVENT_SOURCE = 'rds.amazonaws.com'
and EVENT_NAME = 'ModifyDBCluster'
and value_exists(EVENT:requestParameters.masterUserPassword)
and EVENT:requestParameters.applyImmediately = true
and ERROR_CODE is null
}
return distinct {
INSERT_ID,
INSERT_TIME,
EVENT_TIME,
EVENT
}
}
`,
});
const example = new lacework.Policy("example", {
title: "Aurora Password Change",
description: "Password for an Aurora RDS cluster was changed",
remediation: "Check that the password change was expected and ensure only specified users can modify the RDS cluster",
queryId: aWSCTAAuroraPasswordChange.laceworkQueryId,
severity: "High",
type: "Violation",
evaluation: "Hourly",
tags: [
"cloud_AWS",
"custom",
],
enabled: false,
alerting: {
enabled: false,
profile: "LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource",
},
});
import pulumi
import pulumi_lacework as lacework
a_wscta_aurora_password_change = lacework.Query("aWSCTAAuroraPasswordChange",
query_id="TF_AWS_CTA_AuroraPasswordChange",
query=""" {
source {
CloudTrailRawEvents
}
filter {
EVENT_SOURCE = 'rds.amazonaws.com'
and EVENT_NAME = 'ModifyDBCluster'
and value_exists(EVENT:requestParameters.masterUserPassword)
and EVENT:requestParameters.applyImmediately = true
and ERROR_CODE is null
}
return distinct {
INSERT_ID,
INSERT_TIME,
EVENT_TIME,
EVENT
}
}
""")
example = lacework.Policy("example",
title="Aurora Password Change",
description="Password for an Aurora RDS cluster was changed",
remediation="Check that the password change was expected and ensure only specified users can modify the RDS cluster",
query_id=a_wscta_aurora_password_change.lacework_query_id,
severity="High",
type="Violation",
evaluation="Hourly",
tags=[
"cloud_AWS",
"custom",
],
enabled=False,
alerting={
"enabled": False,
"profile": "LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
aWSCTAAuroraPasswordChange, err := lacework.NewQuery(ctx, "aWSCTAAuroraPasswordChange", &lacework.QueryArgs{
QueryId: pulumi.String("TF_AWS_CTA_AuroraPasswordChange"),
Query: pulumi.String(` {
source {
CloudTrailRawEvents
}
filter {
EVENT_SOURCE = 'rds.amazonaws.com'
and EVENT_NAME = 'ModifyDBCluster'
and value_exists(EVENT:requestParameters.masterUserPassword)
and EVENT:requestParameters.applyImmediately = true
and ERROR_CODE is null
}
return distinct {
INSERT_ID,
INSERT_TIME,
EVENT_TIME,
EVENT
}
}
`),
})
if err != nil {
return err
}
_, err = lacework.NewPolicy(ctx, "example", &lacework.PolicyArgs{
Title: pulumi.String("Aurora Password Change"),
Description: pulumi.String("Password for an Aurora RDS cluster was changed"),
Remediation: pulumi.String("Check that the password change was expected and ensure only specified users can modify the RDS cluster"),
QueryId: aWSCTAAuroraPasswordChange.LaceworkQueryId,
Severity: pulumi.String("High"),
Type: pulumi.String("Violation"),
Evaluation: pulumi.String("Hourly"),
Tags: pulumi.StringArray{
pulumi.String("cloud_AWS"),
pulumi.String("custom"),
},
Enabled: pulumi.Bool(false),
Alerting: &lacework.PolicyAlertingArgs{
Enabled: pulumi.Bool(false),
Profile: pulumi.String("LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;
return await Deployment.RunAsync(() =>
{
var aWSCTAAuroraPasswordChange = new Lacework.Query("aWSCTAAuroraPasswordChange", new()
{
QueryId = "TF_AWS_CTA_AuroraPasswordChange",
Query = @" {
source {
CloudTrailRawEvents
}
filter {
EVENT_SOURCE = 'rds.amazonaws.com'
and EVENT_NAME = 'ModifyDBCluster'
and value_exists(EVENT:requestParameters.masterUserPassword)
and EVENT:requestParameters.applyImmediately = true
and ERROR_CODE is null
}
return distinct {
INSERT_ID,
INSERT_TIME,
EVENT_TIME,
EVENT
}
}
",
});
var example = new Lacework.Policy("example", new()
{
Title = "Aurora Password Change",
Description = "Password for an Aurora RDS cluster was changed",
Remediation = "Check that the password change was expected and ensure only specified users can modify the RDS cluster",
QueryId = aWSCTAAuroraPasswordChange.LaceworkQueryId,
Severity = "High",
Type = "Violation",
Evaluation = "Hourly",
Tags = new[]
{
"cloud_AWS",
"custom",
},
Enabled = false,
Alerting = new Lacework.Inputs.PolicyAlertingArgs
{
Enabled = false,
Profile = "LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.Query;
import com.pulumi.lacework.QueryArgs;
import com.pulumi.lacework.Policy;
import com.pulumi.lacework.PolicyArgs;
import com.pulumi.lacework.inputs.PolicyAlertingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var aWSCTAAuroraPasswordChange = new Query("aWSCTAAuroraPasswordChange", QueryArgs.builder()
.queryId("TF_AWS_CTA_AuroraPasswordChange")
.query("""
{
source {
CloudTrailRawEvents
}
filter {
EVENT_SOURCE = 'rds.amazonaws.com'
and EVENT_NAME = 'ModifyDBCluster'
and value_exists(EVENT:requestParameters.masterUserPassword)
and EVENT:requestParameters.applyImmediately = true
and ERROR_CODE is null
}
return distinct {
INSERT_ID,
INSERT_TIME,
EVENT_TIME,
EVENT
}
}
""")
.build());
var example = new Policy("example", PolicyArgs.builder()
.title("Aurora Password Change")
.description("Password for an Aurora RDS cluster was changed")
.remediation("Check that the password change was expected and ensure only specified users can modify the RDS cluster")
.queryId(aWSCTAAuroraPasswordChange.laceworkQueryId())
.severity("High")
.type("Violation")
.evaluation("Hourly")
.tags(
"cloud_AWS",
"custom")
.enabled(false)
.alerting(PolicyAlertingArgs.builder()
.enabled(false)
.profile("LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource")
.build())
.build());
}
}
resources:
aWSCTAAuroraPasswordChange:
type: lacework:Query
properties:
queryId: TF_AWS_CTA_AuroraPasswordChange
query: |2
{
source {
CloudTrailRawEvents
}
filter {
EVENT_SOURCE = 'rds.amazonaws.com'
and EVENT_NAME = 'ModifyDBCluster'
and value_exists(EVENT:requestParameters.masterUserPassword)
and EVENT:requestParameters.applyImmediately = true
and ERROR_CODE is null
}
return distinct {
INSERT_ID,
INSERT_TIME,
EVENT_TIME,
EVENT
}
}
example:
type: lacework:Policy
properties:
title: Aurora Password Change
description: Password for an Aurora RDS cluster was changed
remediation: Check that the password change was expected and ensure only specified users can modify the RDS cluster
queryId: ${aWSCTAAuroraPasswordChange.laceworkQueryId}
severity: High
type: Violation
evaluation: Hourly
tags:
- cloud_AWS
- custom
enabled: false
alerting:
enabled: false
profile: LW_CloudTrail_Alerts.CloudTrailDefaultAlert_AwsResource
Note: Lacework automatically generates a policy id when you create a policy, which is the recommended workflow. Optionally, you can define your own policy id using the
policy_id_suffix, this suffix must be all lowercase letters, optionally followed by-and numbers, for example,abcd-1234. When you define your own policy id, Lacework prepends the account name. The final policy id would then belwaccountname-abcd-1234.
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);@overload
def Policy(resource_name: str,
args: PolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
query_id: Optional[str] = None,
remediation: Optional[str] = None,
severity: Optional[str] = None,
title: Optional[str] = None,
type: Optional[str] = None,
alerting: Optional[PolicyAlertingArgs] = None,
enabled: Optional[bool] = None,
evaluation: Optional[str] = None,
limit: Optional[float] = None,
policy_id_suffix: Optional[str] = None,
tags: Optional[Sequence[str]] = None)func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: lacework:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyResource = new Lacework.Policy("policyResource", new()
{
Description = "string",
QueryId = "string",
Remediation = "string",
Severity = "string",
Title = "string",
Type = "string",
Alerting = new Lacework.Inputs.PolicyAlertingArgs
{
Profile = "string",
Enabled = false,
},
Enabled = false,
Evaluation = "string",
Limit = 0,
PolicyIdSuffix = "string",
Tags = new[]
{
"string",
},
});
example, err := lacework.NewPolicy(ctx, "policyResource", &lacework.PolicyArgs{
Description: pulumi.String("string"),
QueryId: pulumi.String("string"),
Remediation: pulumi.String("string"),
Severity: pulumi.String("string"),
Title: pulumi.String("string"),
Type: pulumi.String("string"),
Alerting: &lacework.PolicyAlertingArgs{
Profile: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
Enabled: pulumi.Bool(false),
Evaluation: pulumi.String("string"),
Limit: pulumi.Float64(0),
PolicyIdSuffix: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})
var policyResource = new Policy("policyResource", PolicyArgs.builder()
.description("string")
.queryId("string")
.remediation("string")
.severity("string")
.title("string")
.type("string")
.alerting(PolicyAlertingArgs.builder()
.profile("string")
.enabled(false)
.build())
.enabled(false)
.evaluation("string")
.limit(0)
.policyIdSuffix("string")
.tags("string")
.build());
policy_resource = lacework.Policy("policyResource",
description="string",
query_id="string",
remediation="string",
severity="string",
title="string",
type="string",
alerting={
"profile": "string",
"enabled": False,
},
enabled=False,
evaluation="string",
limit=0,
policy_id_suffix="string",
tags=["string"])
const policyResource = new lacework.Policy("policyResource", {
description: "string",
queryId: "string",
remediation: "string",
severity: "string",
title: "string",
type: "string",
alerting: {
profile: "string",
enabled: false,
},
enabled: false,
evaluation: "string",
limit: 0,
policyIdSuffix: "string",
tags: ["string"],
});
type: lacework:Policy
properties:
alerting:
enabled: false
profile: string
description: string
enabled: false
evaluation: string
limit: 0
policyIdSuffix: string
queryId: string
remediation: string
severity: string
tags:
- string
title: string
type: string
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- Description string
- The description of the policy.
- Query
Id string - The query id.
- Remediation string
- The remediation message to display.
- Severity string
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - Title string
- The policy title.
- Type string
- The policy type must be
Violation. - Alerting
Policy
Alerting - Alerting. See Alerting below for details.
- Enabled bool
- Whether the policy is enabled or disabled. Defaults to
true. - Evaluation string
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - Limit double
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - Policy
Id stringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - List<string>
- A list of policy tags.
- Description string
- The description of the policy.
- Query
Id string - The query id.
- Remediation string
- The remediation message to display.
- Severity string
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - Title string
- The policy title.
- Type string
- The policy type must be
Violation. - Alerting
Policy
Alerting Args - Alerting. See Alerting below for details.
- Enabled bool
- Whether the policy is enabled or disabled. Defaults to
true. - Evaluation string
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - Limit float64
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - Policy
Id stringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - []string
- A list of policy tags.
- description String
- The description of the policy.
- query
Id String - The query id.
- remediation String
- The remediation message to display.
- severity String
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - title String
- The policy title.
- type String
- The policy type must be
Violation. - alerting
Policy
Alerting - Alerting. See Alerting below for details.
- enabled Boolean
- Whether the policy is enabled or disabled. Defaults to
true. - evaluation String
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - limit Double
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - policy
Id StringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - List<String>
- A list of policy tags.
- description string
- The description of the policy.
- query
Id string - The query id.
- remediation string
- The remediation message to display.
- severity string
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - title string
- The policy title.
- type string
- The policy type must be
Violation. - alerting
Policy
Alerting - Alerting. See Alerting below for details.
- enabled boolean
- Whether the policy is enabled or disabled. Defaults to
true. - evaluation string
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - limit number
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - policy
Id stringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - string[]
- A list of policy tags.
- description str
- The description of the policy.
- query_
id str - The query id.
- remediation str
- The remediation message to display.
- severity str
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - title str
- The policy title.
- type str
- The policy type must be
Violation. - alerting
Policy
Alerting Args - Alerting. See Alerting below for details.
- enabled bool
- Whether the policy is enabled or disabled. Defaults to
true. - evaluation str
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - limit float
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - policy_
id_ strsuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - Sequence[str]
- A list of policy tags.
- description String
- The description of the policy.
- query
Id String - The query id.
- remediation String
- The remediation message to display.
- severity String
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - title String
- The policy title.
- type String
- The policy type must be
Violation. - alerting Property Map
- Alerting. See Alerting below for details.
- enabled Boolean
- Whether the policy is enabled or disabled. Defaults to
true. - evaluation String
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - limit Number
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - policy
Id StringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - List<String>
- A list of policy tags.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- string
- All policy tags, server generated and user specified tags
- Id string
- The provider-assigned unique ID for this managed resource.
- Owner string
- Updated
By string - Updated
Time string
- string
- All policy tags, server generated and user specified tags
- Id string
- The provider-assigned unique ID for this managed resource.
- Owner string
- Updated
By string - Updated
Time string
- String
- All policy tags, server generated and user specified tags
- id String
- The provider-assigned unique ID for this managed resource.
- owner String
- updated
By String - updated
Time String
- string
- All policy tags, server generated and user specified tags
- id string
- The provider-assigned unique ID for this managed resource.
- owner string
- updated
By string - updated
Time string
- str
- All policy tags, server generated and user specified tags
- id str
- The provider-assigned unique ID for this managed resource.
- owner str
- updated_
by str - updated_
time str
- String
- All policy tags, server generated and user specified tags
- id String
- The provider-assigned unique ID for this managed resource.
- owner String
- updated
By String - updated
Time String
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alerting: Optional[PolicyAlertingArgs] = None,
computed_tags: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
evaluation: Optional[str] = None,
limit: Optional[float] = None,
owner: Optional[str] = None,
policy_id_suffix: Optional[str] = None,
query_id: Optional[str] = None,
remediation: Optional[str] = None,
severity: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
title: Optional[str] = None,
type: Optional[str] = None,
updated_by: Optional[str] = None,
updated_time: Optional[str] = None) -> Policyfunc GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)resources: _: type: lacework:Policy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alerting
Policy
Alerting - Alerting. See Alerting below for details.
- string
- All policy tags, server generated and user specified tags
- Description string
- The description of the policy.
- Enabled bool
- Whether the policy is enabled or disabled. Defaults to
true. - Evaluation string
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - Limit double
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - Owner string
- Policy
Id stringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - Query
Id string - The query id.
- Remediation string
- The remediation message to display.
- Severity string
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - List<string>
- A list of policy tags.
- Title string
- The policy title.
- Type string
- The policy type must be
Violation. - Updated
By string - Updated
Time string
- Alerting
Policy
Alerting Args - Alerting. See Alerting below for details.
- string
- All policy tags, server generated and user specified tags
- Description string
- The description of the policy.
- Enabled bool
- Whether the policy is enabled or disabled. Defaults to
true. - Evaluation string
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - Limit float64
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - Owner string
- Policy
Id stringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - Query
Id string - The query id.
- Remediation string
- The remediation message to display.
- Severity string
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - []string
- A list of policy tags.
- Title string
- The policy title.
- Type string
- The policy type must be
Violation. - Updated
By string - Updated
Time string
- alerting
Policy
Alerting - Alerting. See Alerting below for details.
- String
- All policy tags, server generated and user specified tags
- description String
- The description of the policy.
- enabled Boolean
- Whether the policy is enabled or disabled. Defaults to
true. - evaluation String
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - limit Double
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - owner String
- policy
Id StringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - query
Id String - The query id.
- remediation String
- The remediation message to display.
- severity String
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - List<String>
- A list of policy tags.
- title String
- The policy title.
- type String
- The policy type must be
Violation. - updated
By String - updated
Time String
- alerting
Policy
Alerting - Alerting. See Alerting below for details.
- string
- All policy tags, server generated and user specified tags
- description string
- The description of the policy.
- enabled boolean
- Whether the policy is enabled or disabled. Defaults to
true. - evaluation string
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - limit number
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - owner string
- policy
Id stringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - query
Id string - The query id.
- remediation string
- The remediation message to display.
- severity string
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - string[]
- A list of policy tags.
- title string
- The policy title.
- type string
- The policy type must be
Violation. - updated
By string - updated
Time string
- alerting
Policy
Alerting Args - Alerting. See Alerting below for details.
- str
- All policy tags, server generated and user specified tags
- description str
- The description of the policy.
- enabled bool
- Whether the policy is enabled or disabled. Defaults to
true. - evaluation str
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - limit float
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - owner str
- policy_
id_ strsuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - query_
id str - The query id.
- remediation str
- The remediation message to display.
- severity str
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - Sequence[str]
- A list of policy tags.
- title str
- The policy title.
- type str
- The policy type must be
Violation. - updated_
by str - updated_
time str
- alerting Property Map
- Alerting. See Alerting below for details.
- String
- All policy tags, server generated and user specified tags
- description String
- The description of the policy.
- enabled Boolean
- Whether the policy is enabled or disabled. Defaults to
true. - evaluation String
- The evaluation frequency at which the policy will be evaluated. Valid values are
HourlyorDaily. Defaults toHourly. - limit Number
- Set the maximum number of records returned by the policy.
Maximum value is
5000. Defaults to1000 - owner String
- policy
Id StringSuffix - The string appended to the end of the policy id. If specified,
the policy id will be
<tenant name>-<policy_id_suffix>. Supported format is<policy identifier>all lowercase up to 16 characters, followed by optional-<numeric identifier>up to 8 digits. For example:abcd-1234will make policy idtenantname-abcd-1234. - query
Id String - The query id.
- remediation String
- The remediation message to display.
- severity String
- The list of the severities. Valid severities include:
Critical,High,Medium,LowandInfo. - List<String>
- A list of policy tags.
- title String
- The policy title.
- type String
- The policy type must be
Violation. - updated
By String - updated
Time String
Supporting Types
PolicyAlerting, PolicyAlertingArgs
Import
A Lacework policy can be imported using a POLICY_ID, e.g.
$ pulumi import lacework:index/policy:Policy example YourLQLPolicyID
-> Note: To retrieve the POLICY_ID from existing policies in your account, use the
Lacework CLI command lacework policy list. To install this tool follow
this documentation.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- lacework lacework/terraform-provider-lacework
- License
- Notes
- This Pulumi package is based on the
laceworkTerraform Provider.