1. Packages
  2. Aquasec
  3. API Docs
  4. FunctionRuntimePolicy
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

aquasec.FunctionRuntimePolicy

Explore with Pulumi AI

aquasec logo
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

    Example Usage

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    resources:
      functionRuntimePolicy:
        type: aquasec:FunctionRuntimePolicy
        properties:
          applicationScopes:
            - Global
          blockMaliciousExecutables: true
          blockMaliciousExecutablesAllowedProcesses:
            - proc1
            - proc2
          blockRunningExecutablesInTmpFolder: true
          blockedExecutables:
            - exe1
            - exe2
          description: function_runtime_policy
          enabled: true
          enforce: false
          scopeVariables:
            - attribute: kubernetes.cluster
              value: default
            - attribute: kubernetes.label
              name: app
              value: aqua
    

    Create FunctionRuntimePolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FunctionRuntimePolicy(name: string, args?: FunctionRuntimePolicyArgs, opts?: CustomResourceOptions);
    @overload
    def FunctionRuntimePolicy(resource_name: str,
                              args: Optional[FunctionRuntimePolicyArgs] = None,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def FunctionRuntimePolicy(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              allowed_executables: Optional[Sequence[FunctionRuntimePolicyAllowedExecutableArgs]] = None,
                              allowed_registries: Optional[Sequence[FunctionRuntimePolicyAllowedRegistryArgs]] = None,
                              application_scopes: Optional[Sequence[str]] = None,
                              audit_brute_force_login: Optional[bool] = None,
                              auditing: Optional[FunctionRuntimePolicyAuditingArgs] = None,
                              author: Optional[str] = None,
                              blacklisted_os_users: Optional[FunctionRuntimePolicyBlacklistedOsUsersArgs] = None,
                              block_container_exec: Optional[bool] = None,
                              block_disallowed_images: Optional[bool] = None,
                              block_fileless_exec: Optional[bool] = None,
                              block_non_compliant_workloads: Optional[bool] = None,
                              block_non_k8s_containers: Optional[bool] = None,
                              bypass_scopes: Optional[Sequence[FunctionRuntimePolicyBypassScopeArgs]] = None,
                              container_exec: Optional[FunctionRuntimePolicyContainerExecArgs] = None,
                              created: Optional[str] = None,
                              cve: Optional[str] = None,
                              default_security_profile: Optional[str] = None,
                              description: Optional[str] = None,
                              digest: Optional[str] = None,
                              drift_preventions: Optional[Sequence[FunctionRuntimePolicyDriftPreventionArgs]] = None,
                              enable_crypto_mining_dns: Optional[bool] = None,
                              enable_fork_guard: Optional[bool] = None,
                              enable_ip_reputation: Optional[bool] = None,
                              enable_port_scan_protection: Optional[bool] = None,
                              enabled: Optional[bool] = None,
                              enforce: Optional[bool] = None,
                              enforce_after_days: Optional[int] = None,
                              enforce_scheduler_added_on: Optional[int] = None,
                              exclude_application_scopes: Optional[Sequence[str]] = None,
                              executable_blacklists: Optional[Sequence[FunctionRuntimePolicyExecutableBlacklistArgs]] = None,
                              failed_kubernetes_checks: Optional[FunctionRuntimePolicyFailedKubernetesChecksArgs] = None,
                              file_block: Optional[FunctionRuntimePolicyFileBlockArgs] = None,
                              file_integrity_monitorings: Optional[Sequence[FunctionRuntimePolicyFileIntegrityMonitoringArgs]] = None,
                              fork_guard_process_limit: Optional[int] = None,
                              honeypot_access_key: Optional[str] = None,
                              honeypot_apply_ons: Optional[Sequence[str]] = None,
                              honeypot_secret_key: Optional[str] = None,
                              honeypot_serverless_app_name: Optional[str] = None,
                              image_name: Optional[str] = None,
                              is_audit_checked: Optional[bool] = None,
                              is_auto_generated: Optional[bool] = None,
                              is_ootb_policy: Optional[bool] = None,
                              lastupdate: Optional[int] = None,
                              limit_container_privileges: Optional[Sequence[FunctionRuntimePolicyLimitContainerPrivilegeArgs]] = None,
                              linux_capabilities: Optional[FunctionRuntimePolicyLinuxCapabilitiesArgs] = None,
                              malware_scan_options: Optional[FunctionRuntimePolicyMalwareScanOptionsArgs] = None,
                              name: Optional[str] = None,
                              no_new_privileges: Optional[bool] = None,
                              only_registered_images: Optional[bool] = None,
                              package_block: Optional[FunctionRuntimePolicyPackageBlockArgs] = None,
                              permission: Optional[str] = None,
                              port_block: Optional[FunctionRuntimePolicyPortBlockArgs] = None,
                              readonly_files: Optional[FunctionRuntimePolicyReadonlyFilesArgs] = None,
                              readonly_registry: Optional[FunctionRuntimePolicyReadonlyRegistryArgs] = None,
                              registry: Optional[str] = None,
                              registry_access_monitoring: Optional[FunctionRuntimePolicyRegistryAccessMonitoringArgs] = None,
                              repo_name: Optional[str] = None,
                              resource_name_: Optional[str] = None,
                              resource_type: Optional[str] = None,
                              restricted_volumes: Optional[Sequence[FunctionRuntimePolicyRestrictedVolumeArgs]] = None,
                              reverse_shell: Optional[FunctionRuntimePolicyReverseShellArgs] = None,
                              runtime_mode: Optional[int] = None,
                              runtime_type: Optional[str] = None,
                              scope_expression: Optional[str] = None,
                              scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None,
                              scopes: Optional[Sequence[FunctionRuntimePolicyScopeArgs]] = None,
                              system_integrity_protection: Optional[FunctionRuntimePolicySystemIntegrityProtectionArgs] = None,
                              tripwire: Optional[FunctionRuntimePolicyTripwireArgs] = None,
                              type: Optional[str] = None,
                              updated: Optional[str] = None,
                              version: Optional[str] = None,
                              vpatch_version: Optional[str] = None,
                              whitelisted_os_users: Optional[FunctionRuntimePolicyWhitelistedOsUsersArgs] = None)
    func NewFunctionRuntimePolicy(ctx *Context, name string, args *FunctionRuntimePolicyArgs, opts ...ResourceOption) (*FunctionRuntimePolicy, error)
    public FunctionRuntimePolicy(string name, FunctionRuntimePolicyArgs? args = null, CustomResourceOptions? opts = null)
    public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args)
    public FunctionRuntimePolicy(String name, FunctionRuntimePolicyArgs args, CustomResourceOptions options)
    
    type: aquasec:FunctionRuntimePolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FunctionRuntimePolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var functionRuntimePolicyResource = new Aquasec.FunctionRuntimePolicy("functionRuntimePolicyResource", new()
    {
        AllowedExecutables = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyAllowedExecutableArgs
            {
                AllowExecutables = new[]
                {
                    "string",
                },
                AllowRootExecutables = new[]
                {
                    "string",
                },
                Enabled = false,
                SeparateExecutables = false,
            },
        },
        AllowedRegistries = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyAllowedRegistryArgs
            {
                AllowedRegistries = new[]
                {
                    "string",
                },
                Enabled = false,
            },
        },
        ApplicationScopes = new[]
        {
            "string",
        },
        AuditBruteForceLogin = false,
        Auditing = new Aquasec.Inputs.FunctionRuntimePolicyAuditingArgs
        {
            AuditAllNetwork = false,
            AuditAllProcesses = false,
            AuditFailedLogin = false,
            AuditOsUserActivity = false,
            AuditProcessCmdline = false,
            AuditSuccessLogin = false,
            AuditUserAccountManagement = false,
            Enabled = false,
        },
        Author = "string",
        BlacklistedOsUsers = new Aquasec.Inputs.FunctionRuntimePolicyBlacklistedOsUsersArgs
        {
            Enabled = false,
            GroupBlackLists = new[]
            {
                "string",
            },
            UserBlackLists = new[]
            {
                "string",
            },
        },
        BlockContainerExec = false,
        BlockDisallowedImages = false,
        BlockFilelessExec = false,
        BlockNonCompliantWorkloads = false,
        BlockNonK8sContainers = false,
        BypassScopes = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyBypassScopeArgs
            {
                Enabled = false,
                Scopes = new[]
                {
                    new Aquasec.Inputs.FunctionRuntimePolicyBypassScopeScopeArgs
                    {
                        Expression = "string",
                        Variables = new[]
                        {
                            new Aquasec.Inputs.FunctionRuntimePolicyBypassScopeScopeVariableArgs
                            {
                                Attribute = "string",
                                Value = "string",
                            },
                        },
                    },
                },
            },
        },
        ContainerExec = new Aquasec.Inputs.FunctionRuntimePolicyContainerExecArgs
        {
            BlockContainerExec = false,
            ContainerExecProcWhiteLists = new[]
            {
                "string",
            },
            Enabled = false,
            ReverseShellIpWhiteLists = new[]
            {
                "string",
            },
        },
        Created = "string",
        Cve = "string",
        DefaultSecurityProfile = "string",
        Description = "string",
        Digest = "string",
        DriftPreventions = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyDriftPreventionArgs
            {
                Enabled = false,
                ExecLockdown = false,
                ExecLockdownWhiteLists = new[]
                {
                    "string",
                },
                ImageLockdown = false,
            },
        },
        EnableCryptoMiningDns = false,
        EnableForkGuard = false,
        EnableIpReputation = false,
        EnablePortScanProtection = false,
        Enabled = false,
        Enforce = false,
        EnforceAfterDays = 0,
        EnforceSchedulerAddedOn = 0,
        ExcludeApplicationScopes = new[]
        {
            "string",
        },
        ExecutableBlacklists = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyExecutableBlacklistArgs
            {
                Enabled = false,
                Executables = new[]
                {
                    "string",
                },
            },
        },
        FailedKubernetesChecks = new Aquasec.Inputs.FunctionRuntimePolicyFailedKubernetesChecksArgs
        {
            Enabled = false,
            FailedChecks = new[]
            {
                "string",
            },
        },
        FileBlock = new Aquasec.Inputs.FunctionRuntimePolicyFileBlockArgs
        {
            BlockFilesProcesses = new[]
            {
                "string",
            },
            BlockFilesUsers = new[]
            {
                "string",
            },
            Enabled = false,
            ExceptionalBlockFiles = new[]
            {
                "string",
            },
            ExceptionalBlockFilesProcesses = new[]
            {
                "string",
            },
            ExceptionalBlockFilesUsers = new[]
            {
                "string",
            },
            FilenameBlockLists = new[]
            {
                "string",
            },
        },
        FileIntegrityMonitorings = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyFileIntegrityMonitoringArgs
            {
                Enabled = false,
                ExceptionalMonitoredFiles = new[]
                {
                    "string",
                },
                ExceptionalMonitoredFilesProcesses = new[]
                {
                    "string",
                },
                ExceptionalMonitoredFilesUsers = new[]
                {
                    "string",
                },
                MonitoredFiles = new[]
                {
                    "string",
                },
                MonitoredFilesAttributes = false,
                MonitoredFilesCreate = false,
                MonitoredFilesDelete = false,
                MonitoredFilesModify = false,
                MonitoredFilesProcesses = new[]
                {
                    "string",
                },
                MonitoredFilesRead = false,
                MonitoredFilesUsers = new[]
                {
                    "string",
                },
            },
        },
        ForkGuardProcessLimit = 0,
        HoneypotAccessKey = "string",
        HoneypotApplyOns = new[]
        {
            "string",
        },
        HoneypotSecretKey = "string",
        HoneypotServerlessAppName = "string",
        ImageName = "string",
        IsAuditChecked = false,
        IsAutoGenerated = false,
        IsOotbPolicy = false,
        Lastupdate = 0,
        LimitContainerPrivileges = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyLimitContainerPrivilegeArgs
            {
                BlockAddCapabilities = false,
                Enabled = false,
                Ipcmode = false,
                Netmode = false,
                Pidmode = false,
                PreventLowPortBinding = false,
                PreventRootUser = false,
                Privileged = false,
                UseHostUser = false,
                Usermode = false,
                Utsmode = false,
            },
        },
        LinuxCapabilities = new Aquasec.Inputs.FunctionRuntimePolicyLinuxCapabilitiesArgs
        {
            Enabled = false,
            RemoveLinuxCapabilities = new[]
            {
                "string",
            },
        },
        MalwareScanOptions = new Aquasec.Inputs.FunctionRuntimePolicyMalwareScanOptionsArgs
        {
            Action = "string",
            Enabled = false,
            ExcludeDirectories = new[]
            {
                "string",
            },
            ExcludeProcesses = new[]
            {
                "string",
            },
            IncludeDirectories = new[]
            {
                "string",
            },
        },
        Name = "string",
        NoNewPrivileges = false,
        OnlyRegisteredImages = false,
        PackageBlock = new Aquasec.Inputs.FunctionRuntimePolicyPackageBlockArgs
        {
            BlockPackagesProcesses = new[]
            {
                "string",
            },
            BlockPackagesUsers = new[]
            {
                "string",
            },
            Enabled = false,
            ExceptionalBlockPackagesFiles = new[]
            {
                "string",
            },
            ExceptionalBlockPackagesProcesses = new[]
            {
                "string",
            },
            ExceptionalBlockPackagesUsers = new[]
            {
                "string",
            },
            PackagesBlackLists = new[]
            {
                "string",
            },
        },
        Permission = "string",
        PortBlock = new Aquasec.Inputs.FunctionRuntimePolicyPortBlockArgs
        {
            BlockInboundPorts = new[]
            {
                "string",
            },
            BlockOutboundPorts = new[]
            {
                "string",
            },
            Enabled = false,
        },
        ReadonlyFiles = new Aquasec.Inputs.FunctionRuntimePolicyReadonlyFilesArgs
        {
            Enabled = false,
            ExceptionalReadonlyFiles = new[]
            {
                "string",
            },
            ExceptionalReadonlyFilesProcesses = new[]
            {
                "string",
            },
            ExceptionalReadonlyFilesUsers = new[]
            {
                "string",
            },
            ReadonlyFiles = new[]
            {
                "string",
            },
            ReadonlyFilesProcesses = new[]
            {
                "string",
            },
            ReadonlyFilesUsers = new[]
            {
                "string",
            },
        },
        ReadonlyRegistry = new Aquasec.Inputs.FunctionRuntimePolicyReadonlyRegistryArgs
        {
            Enabled = false,
            ExceptionalReadonlyRegistryPaths = new[]
            {
                "string",
            },
            ExceptionalReadonlyRegistryProcesses = new[]
            {
                "string",
            },
            ExceptionalReadonlyRegistryUsers = new[]
            {
                "string",
            },
            ReadonlyRegistryPaths = new[]
            {
                "string",
            },
            ReadonlyRegistryProcesses = new[]
            {
                "string",
            },
            ReadonlyRegistryUsers = new[]
            {
                "string",
            },
        },
        Registry = "string",
        RegistryAccessMonitoring = new Aquasec.Inputs.FunctionRuntimePolicyRegistryAccessMonitoringArgs
        {
            Enabled = false,
            ExceptionalMonitoredRegistryPaths = new[]
            {
                "string",
            },
            ExceptionalMonitoredRegistryProcesses = new[]
            {
                "string",
            },
            ExceptionalMonitoredRegistryUsers = new[]
            {
                "string",
            },
            MonitoredRegistryAttributes = false,
            MonitoredRegistryCreate = false,
            MonitoredRegistryDelete = false,
            MonitoredRegistryModify = false,
            MonitoredRegistryPaths = new[]
            {
                "string",
            },
            MonitoredRegistryProcesses = new[]
            {
                "string",
            },
            MonitoredRegistryRead = false,
            MonitoredRegistryUsers = new[]
            {
                "string",
            },
        },
        RepoName = "string",
        ResourceName = "string",
        ResourceType = "string",
        RestrictedVolumes = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyRestrictedVolumeArgs
            {
                Enabled = false,
                Volumes = new[]
                {
                    "string",
                },
            },
        },
        ReverseShell = new Aquasec.Inputs.FunctionRuntimePolicyReverseShellArgs
        {
            BlockReverseShell = false,
            Enabled = false,
            ReverseShellIpWhiteLists = new[]
            {
                "string",
            },
            ReverseShellProcWhiteLists = new[]
            {
                "string",
            },
        },
        RuntimeMode = 0,
        RuntimeType = "string",
        ScopeExpression = "string",
        ScopeVariables = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
            {
                Attribute = "string",
                Value = "string",
                Name = "string",
            },
        },
        Scopes = new[]
        {
            new Aquasec.Inputs.FunctionRuntimePolicyScopeArgs
            {
                Expression = "string",
                Variables = new[]
                {
                    new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs
                    {
                        Attribute = "string",
                        Value = "string",
                        Name = "string",
                    },
                },
            },
        },
        SystemIntegrityProtection = new Aquasec.Inputs.FunctionRuntimePolicySystemIntegrityProtectionArgs
        {
            AuditSystemtimeChange = false,
            Enabled = false,
            MonitorAuditLogIntegrity = false,
            WindowsServicesMonitoring = false,
        },
        Tripwire = new Aquasec.Inputs.FunctionRuntimePolicyTripwireArgs
        {
            ApplyOns = new[]
            {
                "string",
            },
            Enabled = false,
            ServerlessApp = "string",
            UserId = "string",
            UserPassword = "string",
        },
        Type = "string",
        Updated = "string",
        Version = "string",
        VpatchVersion = "string",
        WhitelistedOsUsers = new Aquasec.Inputs.FunctionRuntimePolicyWhitelistedOsUsersArgs
        {
            Enabled = false,
            GroupWhiteLists = new[]
            {
                "string",
            },
            UserWhiteLists = new[]
            {
                "string",
            },
        },
    });
    
    example, err := aquasec.NewFunctionRuntimePolicy(ctx, "functionRuntimePolicyResource", &aquasec.FunctionRuntimePolicyArgs{
    	AllowedExecutables: aquasec.FunctionRuntimePolicyAllowedExecutableArray{
    		&aquasec.FunctionRuntimePolicyAllowedExecutableArgs{
    			AllowExecutables: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			AllowRootExecutables: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Enabled:             pulumi.Bool(false),
    			SeparateExecutables: pulumi.Bool(false),
    		},
    	},
    	AllowedRegistries: aquasec.FunctionRuntimePolicyAllowedRegistryArray{
    		&aquasec.FunctionRuntimePolicyAllowedRegistryArgs{
    			AllowedRegistries: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Enabled: pulumi.Bool(false),
    		},
    	},
    	ApplicationScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AuditBruteForceLogin: pulumi.Bool(false),
    	Auditing: &aquasec.FunctionRuntimePolicyAuditingArgs{
    		AuditAllNetwork:            pulumi.Bool(false),
    		AuditAllProcesses:          pulumi.Bool(false),
    		AuditFailedLogin:           pulumi.Bool(false),
    		AuditOsUserActivity:        pulumi.Bool(false),
    		AuditProcessCmdline:        pulumi.Bool(false),
    		AuditSuccessLogin:          pulumi.Bool(false),
    		AuditUserAccountManagement: pulumi.Bool(false),
    		Enabled:                    pulumi.Bool(false),
    	},
    	Author: pulumi.String("string"),
    	BlacklistedOsUsers: &aquasec.FunctionRuntimePolicyBlacklistedOsUsersArgs{
    		Enabled: pulumi.Bool(false),
    		GroupBlackLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		UserBlackLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	BlockContainerExec:         pulumi.Bool(false),
    	BlockDisallowedImages:      pulumi.Bool(false),
    	BlockFilelessExec:          pulumi.Bool(false),
    	BlockNonCompliantWorkloads: pulumi.Bool(false),
    	BlockNonK8sContainers:      pulumi.Bool(false),
    	BypassScopes: aquasec.FunctionRuntimePolicyBypassScopeArray{
    		&aquasec.FunctionRuntimePolicyBypassScopeArgs{
    			Enabled: pulumi.Bool(false),
    			Scopes: aquasec.FunctionRuntimePolicyBypassScopeScopeArray{
    				&aquasec.FunctionRuntimePolicyBypassScopeScopeArgs{
    					Expression: pulumi.String("string"),
    					Variables: aquasec.FunctionRuntimePolicyBypassScopeScopeVariableArray{
    						&aquasec.FunctionRuntimePolicyBypassScopeScopeVariableArgs{
    							Attribute: pulumi.String("string"),
    							Value:     pulumi.String("string"),
    						},
    					},
    				},
    			},
    		},
    	},
    	ContainerExec: &aquasec.FunctionRuntimePolicyContainerExecArgs{
    		BlockContainerExec: pulumi.Bool(false),
    		ContainerExecProcWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    		ReverseShellIpWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Created:                pulumi.String("string"),
    	Cve:                    pulumi.String("string"),
    	DefaultSecurityProfile: pulumi.String("string"),
    	Description:            pulumi.String("string"),
    	Digest:                 pulumi.String("string"),
    	DriftPreventions: aquasec.FunctionRuntimePolicyDriftPreventionArray{
    		&aquasec.FunctionRuntimePolicyDriftPreventionArgs{
    			Enabled:      pulumi.Bool(false),
    			ExecLockdown: pulumi.Bool(false),
    			ExecLockdownWhiteLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ImageLockdown: pulumi.Bool(false),
    		},
    	},
    	EnableCryptoMiningDns:    pulumi.Bool(false),
    	EnableForkGuard:          pulumi.Bool(false),
    	EnableIpReputation:       pulumi.Bool(false),
    	EnablePortScanProtection: pulumi.Bool(false),
    	Enabled:                  pulumi.Bool(false),
    	Enforce:                  pulumi.Bool(false),
    	EnforceAfterDays:         pulumi.Int(0),
    	EnforceSchedulerAddedOn:  pulumi.Int(0),
    	ExcludeApplicationScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ExecutableBlacklists: aquasec.FunctionRuntimePolicyExecutableBlacklistArray{
    		&aquasec.FunctionRuntimePolicyExecutableBlacklistArgs{
    			Enabled: pulumi.Bool(false),
    			Executables: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	FailedKubernetesChecks: &aquasec.FunctionRuntimePolicyFailedKubernetesChecksArgs{
    		Enabled: pulumi.Bool(false),
    		FailedChecks: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	FileBlock: &aquasec.FunctionRuntimePolicyFileBlockArgs{
    		BlockFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		BlockFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    		ExceptionalBlockFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalBlockFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalBlockFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		FilenameBlockLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	FileIntegrityMonitorings: aquasec.FunctionRuntimePolicyFileIntegrityMonitoringArray{
    		&aquasec.FunctionRuntimePolicyFileIntegrityMonitoringArgs{
    			Enabled: pulumi.Bool(false),
    			ExceptionalMonitoredFiles: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ExceptionalMonitoredFilesProcesses: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ExceptionalMonitoredFilesUsers: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			MonitoredFiles: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			MonitoredFilesAttributes: pulumi.Bool(false),
    			MonitoredFilesCreate:     pulumi.Bool(false),
    			MonitoredFilesDelete:     pulumi.Bool(false),
    			MonitoredFilesModify:     pulumi.Bool(false),
    			MonitoredFilesProcesses: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			MonitoredFilesRead: pulumi.Bool(false),
    			MonitoredFilesUsers: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	ForkGuardProcessLimit: pulumi.Int(0),
    	HoneypotAccessKey:     pulumi.String("string"),
    	HoneypotApplyOns: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	HoneypotSecretKey:         pulumi.String("string"),
    	HoneypotServerlessAppName: pulumi.String("string"),
    	ImageName:                 pulumi.String("string"),
    	IsAuditChecked:            pulumi.Bool(false),
    	IsAutoGenerated:           pulumi.Bool(false),
    	IsOotbPolicy:              pulumi.Bool(false),
    	Lastupdate:                pulumi.Int(0),
    	LimitContainerPrivileges: aquasec.FunctionRuntimePolicyLimitContainerPrivilegeArray{
    		&aquasec.FunctionRuntimePolicyLimitContainerPrivilegeArgs{
    			BlockAddCapabilities:  pulumi.Bool(false),
    			Enabled:               pulumi.Bool(false),
    			Ipcmode:               pulumi.Bool(false),
    			Netmode:               pulumi.Bool(false),
    			Pidmode:               pulumi.Bool(false),
    			PreventLowPortBinding: pulumi.Bool(false),
    			PreventRootUser:       pulumi.Bool(false),
    			Privileged:            pulumi.Bool(false),
    			UseHostUser:           pulumi.Bool(false),
    			Usermode:              pulumi.Bool(false),
    			Utsmode:               pulumi.Bool(false),
    		},
    	},
    	LinuxCapabilities: &aquasec.FunctionRuntimePolicyLinuxCapabilitiesArgs{
    		Enabled: pulumi.Bool(false),
    		RemoveLinuxCapabilities: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	MalwareScanOptions: &aquasec.FunctionRuntimePolicyMalwareScanOptionsArgs{
    		Action:  pulumi.String("string"),
    		Enabled: pulumi.Bool(false),
    		ExcludeDirectories: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExcludeProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		IncludeDirectories: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Name:                 pulumi.String("string"),
    	NoNewPrivileges:      pulumi.Bool(false),
    	OnlyRegisteredImages: pulumi.Bool(false),
    	PackageBlock: &aquasec.FunctionRuntimePolicyPackageBlockArgs{
    		BlockPackagesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		BlockPackagesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    		ExceptionalBlockPackagesFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalBlockPackagesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalBlockPackagesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		PackagesBlackLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Permission: pulumi.String("string"),
    	PortBlock: &aquasec.FunctionRuntimePolicyPortBlockArgs{
    		BlockInboundPorts: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		BlockOutboundPorts: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    	},
    	ReadonlyFiles: &aquasec.FunctionRuntimePolicyReadonlyFilesArgs{
    		Enabled: pulumi.Bool(false),
    		ExceptionalReadonlyFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalReadonlyFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalReadonlyFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	ReadonlyRegistry: &aquasec.FunctionRuntimePolicyReadonlyRegistryArgs{
    		Enabled: pulumi.Bool(false),
    		ExceptionalReadonlyRegistryPaths: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalReadonlyRegistryProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalReadonlyRegistryUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyRegistryPaths: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyRegistryProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyRegistryUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Registry: pulumi.String("string"),
    	RegistryAccessMonitoring: &aquasec.FunctionRuntimePolicyRegistryAccessMonitoringArgs{
    		Enabled: pulumi.Bool(false),
    		ExceptionalMonitoredRegistryPaths: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalMonitoredRegistryProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalMonitoredRegistryUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredRegistryAttributes: pulumi.Bool(false),
    		MonitoredRegistryCreate:     pulumi.Bool(false),
    		MonitoredRegistryDelete:     pulumi.Bool(false),
    		MonitoredRegistryModify:     pulumi.Bool(false),
    		MonitoredRegistryPaths: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredRegistryProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredRegistryRead: pulumi.Bool(false),
    		MonitoredRegistryUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	RepoName:     pulumi.String("string"),
    	ResourceName: pulumi.String("string"),
    	ResourceType: pulumi.String("string"),
    	RestrictedVolumes: aquasec.FunctionRuntimePolicyRestrictedVolumeArray{
    		&aquasec.FunctionRuntimePolicyRestrictedVolumeArgs{
    			Enabled: pulumi.Bool(false),
    			Volumes: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	ReverseShell: &aquasec.FunctionRuntimePolicyReverseShellArgs{
    		BlockReverseShell: pulumi.Bool(false),
    		Enabled:           pulumi.Bool(false),
    		ReverseShellIpWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReverseShellProcWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	RuntimeMode:     pulumi.Int(0),
    	RuntimeType:     pulumi.String("string"),
    	ScopeExpression: pulumi.String("string"),
    	ScopeVariables: aquasec.FunctionRuntimePolicyScopeVariableArray{
    		&aquasec.FunctionRuntimePolicyScopeVariableArgs{
    			Attribute: pulumi.String("string"),
    			Value:     pulumi.String("string"),
    			Name:      pulumi.String("string"),
    		},
    	},
    	Scopes: aquasec.FunctionRuntimePolicyScopeArray{
    		&aquasec.FunctionRuntimePolicyScopeArgs{
    			Expression: pulumi.String("string"),
    			Variables: aquasec.FunctionRuntimePolicyScopeVariableArray{
    				&aquasec.FunctionRuntimePolicyScopeVariableArgs{
    					Attribute: pulumi.String("string"),
    					Value:     pulumi.String("string"),
    					Name:      pulumi.String("string"),
    				},
    			},
    		},
    	},
    	SystemIntegrityProtection: &aquasec.FunctionRuntimePolicySystemIntegrityProtectionArgs{
    		AuditSystemtimeChange:     pulumi.Bool(false),
    		Enabled:                   pulumi.Bool(false),
    		MonitorAuditLogIntegrity:  pulumi.Bool(false),
    		WindowsServicesMonitoring: pulumi.Bool(false),
    	},
    	Tripwire: &aquasec.FunctionRuntimePolicyTripwireArgs{
    		ApplyOns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled:       pulumi.Bool(false),
    		ServerlessApp: pulumi.String("string"),
    		UserId:        pulumi.String("string"),
    		UserPassword:  pulumi.String("string"),
    	},
    	Type:          pulumi.String("string"),
    	Updated:       pulumi.String("string"),
    	Version:       pulumi.String("string"),
    	VpatchVersion: pulumi.String("string"),
    	WhitelistedOsUsers: &aquasec.FunctionRuntimePolicyWhitelistedOsUsersArgs{
    		Enabled: pulumi.Bool(false),
    		GroupWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		UserWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    })
    
    var functionRuntimePolicyResource = new FunctionRuntimePolicy("functionRuntimePolicyResource", FunctionRuntimePolicyArgs.builder()
        .allowedExecutables(FunctionRuntimePolicyAllowedExecutableArgs.builder()
            .allowExecutables("string")
            .allowRootExecutables("string")
            .enabled(false)
            .separateExecutables(false)
            .build())
        .allowedRegistries(FunctionRuntimePolicyAllowedRegistryArgs.builder()
            .allowedRegistries("string")
            .enabled(false)
            .build())
        .applicationScopes("string")
        .auditBruteForceLogin(false)
        .auditing(FunctionRuntimePolicyAuditingArgs.builder()
            .auditAllNetwork(false)
            .auditAllProcesses(false)
            .auditFailedLogin(false)
            .auditOsUserActivity(false)
            .auditProcessCmdline(false)
            .auditSuccessLogin(false)
            .auditUserAccountManagement(false)
            .enabled(false)
            .build())
        .author("string")
        .blacklistedOsUsers(FunctionRuntimePolicyBlacklistedOsUsersArgs.builder()
            .enabled(false)
            .groupBlackLists("string")
            .userBlackLists("string")
            .build())
        .blockContainerExec(false)
        .blockDisallowedImages(false)
        .blockFilelessExec(false)
        .blockNonCompliantWorkloads(false)
        .blockNonK8sContainers(false)
        .bypassScopes(FunctionRuntimePolicyBypassScopeArgs.builder()
            .enabled(false)
            .scopes(FunctionRuntimePolicyBypassScopeScopeArgs.builder()
                .expression("string")
                .variables(FunctionRuntimePolicyBypassScopeScopeVariableArgs.builder()
                    .attribute("string")
                    .value("string")
                    .build())
                .build())
            .build())
        .containerExec(FunctionRuntimePolicyContainerExecArgs.builder()
            .blockContainerExec(false)
            .containerExecProcWhiteLists("string")
            .enabled(false)
            .reverseShellIpWhiteLists("string")
            .build())
        .created("string")
        .cve("string")
        .defaultSecurityProfile("string")
        .description("string")
        .digest("string")
        .driftPreventions(FunctionRuntimePolicyDriftPreventionArgs.builder()
            .enabled(false)
            .execLockdown(false)
            .execLockdownWhiteLists("string")
            .imageLockdown(false)
            .build())
        .enableCryptoMiningDns(false)
        .enableForkGuard(false)
        .enableIpReputation(false)
        .enablePortScanProtection(false)
        .enabled(false)
        .enforce(false)
        .enforceAfterDays(0)
        .enforceSchedulerAddedOn(0)
        .excludeApplicationScopes("string")
        .executableBlacklists(FunctionRuntimePolicyExecutableBlacklistArgs.builder()
            .enabled(false)
            .executables("string")
            .build())
        .failedKubernetesChecks(FunctionRuntimePolicyFailedKubernetesChecksArgs.builder()
            .enabled(false)
            .failedChecks("string")
            .build())
        .fileBlock(FunctionRuntimePolicyFileBlockArgs.builder()
            .blockFilesProcesses("string")
            .blockFilesUsers("string")
            .enabled(false)
            .exceptionalBlockFiles("string")
            .exceptionalBlockFilesProcesses("string")
            .exceptionalBlockFilesUsers("string")
            .filenameBlockLists("string")
            .build())
        .fileIntegrityMonitorings(FunctionRuntimePolicyFileIntegrityMonitoringArgs.builder()
            .enabled(false)
            .exceptionalMonitoredFiles("string")
            .exceptionalMonitoredFilesProcesses("string")
            .exceptionalMonitoredFilesUsers("string")
            .monitoredFiles("string")
            .monitoredFilesAttributes(false)
            .monitoredFilesCreate(false)
            .monitoredFilesDelete(false)
            .monitoredFilesModify(false)
            .monitoredFilesProcesses("string")
            .monitoredFilesRead(false)
            .monitoredFilesUsers("string")
            .build())
        .forkGuardProcessLimit(0)
        .honeypotAccessKey("string")
        .honeypotApplyOns("string")
        .honeypotSecretKey("string")
        .honeypotServerlessAppName("string")
        .imageName("string")
        .isAuditChecked(false)
        .isAutoGenerated(false)
        .isOotbPolicy(false)
        .lastupdate(0)
        .limitContainerPrivileges(FunctionRuntimePolicyLimitContainerPrivilegeArgs.builder()
            .blockAddCapabilities(false)
            .enabled(false)
            .ipcmode(false)
            .netmode(false)
            .pidmode(false)
            .preventLowPortBinding(false)
            .preventRootUser(false)
            .privileged(false)
            .useHostUser(false)
            .usermode(false)
            .utsmode(false)
            .build())
        .linuxCapabilities(FunctionRuntimePolicyLinuxCapabilitiesArgs.builder()
            .enabled(false)
            .removeLinuxCapabilities("string")
            .build())
        .malwareScanOptions(FunctionRuntimePolicyMalwareScanOptionsArgs.builder()
            .action("string")
            .enabled(false)
            .excludeDirectories("string")
            .excludeProcesses("string")
            .includeDirectories("string")
            .build())
        .name("string")
        .noNewPrivileges(false)
        .onlyRegisteredImages(false)
        .packageBlock(FunctionRuntimePolicyPackageBlockArgs.builder()
            .blockPackagesProcesses("string")
            .blockPackagesUsers("string")
            .enabled(false)
            .exceptionalBlockPackagesFiles("string")
            .exceptionalBlockPackagesProcesses("string")
            .exceptionalBlockPackagesUsers("string")
            .packagesBlackLists("string")
            .build())
        .permission("string")
        .portBlock(FunctionRuntimePolicyPortBlockArgs.builder()
            .blockInboundPorts("string")
            .blockOutboundPorts("string")
            .enabled(false)
            .build())
        .readonlyFiles(FunctionRuntimePolicyReadonlyFilesArgs.builder()
            .enabled(false)
            .exceptionalReadonlyFiles("string")
            .exceptionalReadonlyFilesProcesses("string")
            .exceptionalReadonlyFilesUsers("string")
            .readonlyFiles("string")
            .readonlyFilesProcesses("string")
            .readonlyFilesUsers("string")
            .build())
        .readonlyRegistry(FunctionRuntimePolicyReadonlyRegistryArgs.builder()
            .enabled(false)
            .exceptionalReadonlyRegistryPaths("string")
            .exceptionalReadonlyRegistryProcesses("string")
            .exceptionalReadonlyRegistryUsers("string")
            .readonlyRegistryPaths("string")
            .readonlyRegistryProcesses("string")
            .readonlyRegistryUsers("string")
            .build())
        .registry("string")
        .registryAccessMonitoring(FunctionRuntimePolicyRegistryAccessMonitoringArgs.builder()
            .enabled(false)
            .exceptionalMonitoredRegistryPaths("string")
            .exceptionalMonitoredRegistryProcesses("string")
            .exceptionalMonitoredRegistryUsers("string")
            .monitoredRegistryAttributes(false)
            .monitoredRegistryCreate(false)
            .monitoredRegistryDelete(false)
            .monitoredRegistryModify(false)
            .monitoredRegistryPaths("string")
            .monitoredRegistryProcesses("string")
            .monitoredRegistryRead(false)
            .monitoredRegistryUsers("string")
            .build())
        .repoName("string")
        .resourceName("string")
        .resourceType("string")
        .restrictedVolumes(FunctionRuntimePolicyRestrictedVolumeArgs.builder()
            .enabled(false)
            .volumes("string")
            .build())
        .reverseShell(FunctionRuntimePolicyReverseShellArgs.builder()
            .blockReverseShell(false)
            .enabled(false)
            .reverseShellIpWhiteLists("string")
            .reverseShellProcWhiteLists("string")
            .build())
        .runtimeMode(0)
        .runtimeType("string")
        .scopeExpression("string")
        .scopeVariables(FunctionRuntimePolicyScopeVariableArgs.builder()
            .attribute("string")
            .value("string")
            .name("string")
            .build())
        .scopes(FunctionRuntimePolicyScopeArgs.builder()
            .expression("string")
            .variables(FunctionRuntimePolicyScopeVariableArgs.builder()
                .attribute("string")
                .value("string")
                .name("string")
                .build())
            .build())
        .systemIntegrityProtection(FunctionRuntimePolicySystemIntegrityProtectionArgs.builder()
            .auditSystemtimeChange(false)
            .enabled(false)
            .monitorAuditLogIntegrity(false)
            .windowsServicesMonitoring(false)
            .build())
        .tripwire(FunctionRuntimePolicyTripwireArgs.builder()
            .applyOns("string")
            .enabled(false)
            .serverlessApp("string")
            .userId("string")
            .userPassword("string")
            .build())
        .type("string")
        .updated("string")
        .version("string")
        .vpatchVersion("string")
        .whitelistedOsUsers(FunctionRuntimePolicyWhitelistedOsUsersArgs.builder()
            .enabled(false)
            .groupWhiteLists("string")
            .userWhiteLists("string")
            .build())
        .build());
    
    function_runtime_policy_resource = aquasec.FunctionRuntimePolicy("functionRuntimePolicyResource",
        allowed_executables=[{
            "allow_executables": ["string"],
            "allow_root_executables": ["string"],
            "enabled": False,
            "separate_executables": False,
        }],
        allowed_registries=[{
            "allowed_registries": ["string"],
            "enabled": False,
        }],
        application_scopes=["string"],
        audit_brute_force_login=False,
        auditing={
            "audit_all_network": False,
            "audit_all_processes": False,
            "audit_failed_login": False,
            "audit_os_user_activity": False,
            "audit_process_cmdline": False,
            "audit_success_login": False,
            "audit_user_account_management": False,
            "enabled": False,
        },
        author="string",
        blacklisted_os_users={
            "enabled": False,
            "group_black_lists": ["string"],
            "user_black_lists": ["string"],
        },
        block_container_exec=False,
        block_disallowed_images=False,
        block_fileless_exec=False,
        block_non_compliant_workloads=False,
        block_non_k8s_containers=False,
        bypass_scopes=[{
            "enabled": False,
            "scopes": [{
                "expression": "string",
                "variables": [{
                    "attribute": "string",
                    "value": "string",
                }],
            }],
        }],
        container_exec={
            "block_container_exec": False,
            "container_exec_proc_white_lists": ["string"],
            "enabled": False,
            "reverse_shell_ip_white_lists": ["string"],
        },
        created="string",
        cve="string",
        default_security_profile="string",
        description="string",
        digest="string",
        drift_preventions=[{
            "enabled": False,
            "exec_lockdown": False,
            "exec_lockdown_white_lists": ["string"],
            "image_lockdown": False,
        }],
        enable_crypto_mining_dns=False,
        enable_fork_guard=False,
        enable_ip_reputation=False,
        enable_port_scan_protection=False,
        enabled=False,
        enforce=False,
        enforce_after_days=0,
        enforce_scheduler_added_on=0,
        exclude_application_scopes=["string"],
        executable_blacklists=[{
            "enabled": False,
            "executables": ["string"],
        }],
        failed_kubernetes_checks={
            "enabled": False,
            "failed_checks": ["string"],
        },
        file_block={
            "block_files_processes": ["string"],
            "block_files_users": ["string"],
            "enabled": False,
            "exceptional_block_files": ["string"],
            "exceptional_block_files_processes": ["string"],
            "exceptional_block_files_users": ["string"],
            "filename_block_lists": ["string"],
        },
        file_integrity_monitorings=[{
            "enabled": False,
            "exceptional_monitored_files": ["string"],
            "exceptional_monitored_files_processes": ["string"],
            "exceptional_monitored_files_users": ["string"],
            "monitored_files": ["string"],
            "monitored_files_attributes": False,
            "monitored_files_create": False,
            "monitored_files_delete": False,
            "monitored_files_modify": False,
            "monitored_files_processes": ["string"],
            "monitored_files_read": False,
            "monitored_files_users": ["string"],
        }],
        fork_guard_process_limit=0,
        honeypot_access_key="string",
        honeypot_apply_ons=["string"],
        honeypot_secret_key="string",
        honeypot_serverless_app_name="string",
        image_name="string",
        is_audit_checked=False,
        is_auto_generated=False,
        is_ootb_policy=False,
        lastupdate=0,
        limit_container_privileges=[{
            "block_add_capabilities": False,
            "enabled": False,
            "ipcmode": False,
            "netmode": False,
            "pidmode": False,
            "prevent_low_port_binding": False,
            "prevent_root_user": False,
            "privileged": False,
            "use_host_user": False,
            "usermode": False,
            "utsmode": False,
        }],
        linux_capabilities={
            "enabled": False,
            "remove_linux_capabilities": ["string"],
        },
        malware_scan_options={
            "action": "string",
            "enabled": False,
            "exclude_directories": ["string"],
            "exclude_processes": ["string"],
            "include_directories": ["string"],
        },
        name="string",
        no_new_privileges=False,
        only_registered_images=False,
        package_block={
            "block_packages_processes": ["string"],
            "block_packages_users": ["string"],
            "enabled": False,
            "exceptional_block_packages_files": ["string"],
            "exceptional_block_packages_processes": ["string"],
            "exceptional_block_packages_users": ["string"],
            "packages_black_lists": ["string"],
        },
        permission="string",
        port_block={
            "block_inbound_ports": ["string"],
            "block_outbound_ports": ["string"],
            "enabled": False,
        },
        readonly_files={
            "enabled": False,
            "exceptional_readonly_files": ["string"],
            "exceptional_readonly_files_processes": ["string"],
            "exceptional_readonly_files_users": ["string"],
            "readonly_files": ["string"],
            "readonly_files_processes": ["string"],
            "readonly_files_users": ["string"],
        },
        readonly_registry={
            "enabled": False,
            "exceptional_readonly_registry_paths": ["string"],
            "exceptional_readonly_registry_processes": ["string"],
            "exceptional_readonly_registry_users": ["string"],
            "readonly_registry_paths": ["string"],
            "readonly_registry_processes": ["string"],
            "readonly_registry_users": ["string"],
        },
        registry="string",
        registry_access_monitoring={
            "enabled": False,
            "exceptional_monitored_registry_paths": ["string"],
            "exceptional_monitored_registry_processes": ["string"],
            "exceptional_monitored_registry_users": ["string"],
            "monitored_registry_attributes": False,
            "monitored_registry_create": False,
            "monitored_registry_delete": False,
            "monitored_registry_modify": False,
            "monitored_registry_paths": ["string"],
            "monitored_registry_processes": ["string"],
            "monitored_registry_read": False,
            "monitored_registry_users": ["string"],
        },
        repo_name="string",
        resource_name_="string",
        resource_type="string",
        restricted_volumes=[{
            "enabled": False,
            "volumes": ["string"],
        }],
        reverse_shell={
            "block_reverse_shell": False,
            "enabled": False,
            "reverse_shell_ip_white_lists": ["string"],
            "reverse_shell_proc_white_lists": ["string"],
        },
        runtime_mode=0,
        runtime_type="string",
        scope_expression="string",
        scope_variables=[{
            "attribute": "string",
            "value": "string",
            "name": "string",
        }],
        scopes=[{
            "expression": "string",
            "variables": [{
                "attribute": "string",
                "value": "string",
                "name": "string",
            }],
        }],
        system_integrity_protection={
            "audit_systemtime_change": False,
            "enabled": False,
            "monitor_audit_log_integrity": False,
            "windows_services_monitoring": False,
        },
        tripwire={
            "apply_ons": ["string"],
            "enabled": False,
            "serverless_app": "string",
            "user_id": "string",
            "user_password": "string",
        },
        type="string",
        updated="string",
        version="string",
        vpatch_version="string",
        whitelisted_os_users={
            "enabled": False,
            "group_white_lists": ["string"],
            "user_white_lists": ["string"],
        })
    
    const functionRuntimePolicyResource = new aquasec.FunctionRuntimePolicy("functionRuntimePolicyResource", {
        allowedExecutables: [{
            allowExecutables: ["string"],
            allowRootExecutables: ["string"],
            enabled: false,
            separateExecutables: false,
        }],
        allowedRegistries: [{
            allowedRegistries: ["string"],
            enabled: false,
        }],
        applicationScopes: ["string"],
        auditBruteForceLogin: false,
        auditing: {
            auditAllNetwork: false,
            auditAllProcesses: false,
            auditFailedLogin: false,
            auditOsUserActivity: false,
            auditProcessCmdline: false,
            auditSuccessLogin: false,
            auditUserAccountManagement: false,
            enabled: false,
        },
        author: "string",
        blacklistedOsUsers: {
            enabled: false,
            groupBlackLists: ["string"],
            userBlackLists: ["string"],
        },
        blockContainerExec: false,
        blockDisallowedImages: false,
        blockFilelessExec: false,
        blockNonCompliantWorkloads: false,
        blockNonK8sContainers: false,
        bypassScopes: [{
            enabled: false,
            scopes: [{
                expression: "string",
                variables: [{
                    attribute: "string",
                    value: "string",
                }],
            }],
        }],
        containerExec: {
            blockContainerExec: false,
            containerExecProcWhiteLists: ["string"],
            enabled: false,
            reverseShellIpWhiteLists: ["string"],
        },
        created: "string",
        cve: "string",
        defaultSecurityProfile: "string",
        description: "string",
        digest: "string",
        driftPreventions: [{
            enabled: false,
            execLockdown: false,
            execLockdownWhiteLists: ["string"],
            imageLockdown: false,
        }],
        enableCryptoMiningDns: false,
        enableForkGuard: false,
        enableIpReputation: false,
        enablePortScanProtection: false,
        enabled: false,
        enforce: false,
        enforceAfterDays: 0,
        enforceSchedulerAddedOn: 0,
        excludeApplicationScopes: ["string"],
        executableBlacklists: [{
            enabled: false,
            executables: ["string"],
        }],
        failedKubernetesChecks: {
            enabled: false,
            failedChecks: ["string"],
        },
        fileBlock: {
            blockFilesProcesses: ["string"],
            blockFilesUsers: ["string"],
            enabled: false,
            exceptionalBlockFiles: ["string"],
            exceptionalBlockFilesProcesses: ["string"],
            exceptionalBlockFilesUsers: ["string"],
            filenameBlockLists: ["string"],
        },
        fileIntegrityMonitorings: [{
            enabled: false,
            exceptionalMonitoredFiles: ["string"],
            exceptionalMonitoredFilesProcesses: ["string"],
            exceptionalMonitoredFilesUsers: ["string"],
            monitoredFiles: ["string"],
            monitoredFilesAttributes: false,
            monitoredFilesCreate: false,
            monitoredFilesDelete: false,
            monitoredFilesModify: false,
            monitoredFilesProcesses: ["string"],
            monitoredFilesRead: false,
            monitoredFilesUsers: ["string"],
        }],
        forkGuardProcessLimit: 0,
        honeypotAccessKey: "string",
        honeypotApplyOns: ["string"],
        honeypotSecretKey: "string",
        honeypotServerlessAppName: "string",
        imageName: "string",
        isAuditChecked: false,
        isAutoGenerated: false,
        isOotbPolicy: false,
        lastupdate: 0,
        limitContainerPrivileges: [{
            blockAddCapabilities: false,
            enabled: false,
            ipcmode: false,
            netmode: false,
            pidmode: false,
            preventLowPortBinding: false,
            preventRootUser: false,
            privileged: false,
            useHostUser: false,
            usermode: false,
            utsmode: false,
        }],
        linuxCapabilities: {
            enabled: false,
            removeLinuxCapabilities: ["string"],
        },
        malwareScanOptions: {
            action: "string",
            enabled: false,
            excludeDirectories: ["string"],
            excludeProcesses: ["string"],
            includeDirectories: ["string"],
        },
        name: "string",
        noNewPrivileges: false,
        onlyRegisteredImages: false,
        packageBlock: {
            blockPackagesProcesses: ["string"],
            blockPackagesUsers: ["string"],
            enabled: false,
            exceptionalBlockPackagesFiles: ["string"],
            exceptionalBlockPackagesProcesses: ["string"],
            exceptionalBlockPackagesUsers: ["string"],
            packagesBlackLists: ["string"],
        },
        permission: "string",
        portBlock: {
            blockInboundPorts: ["string"],
            blockOutboundPorts: ["string"],
            enabled: false,
        },
        readonlyFiles: {
            enabled: false,
            exceptionalReadonlyFiles: ["string"],
            exceptionalReadonlyFilesProcesses: ["string"],
            exceptionalReadonlyFilesUsers: ["string"],
            readonlyFiles: ["string"],
            readonlyFilesProcesses: ["string"],
            readonlyFilesUsers: ["string"],
        },
        readonlyRegistry: {
            enabled: false,
            exceptionalReadonlyRegistryPaths: ["string"],
            exceptionalReadonlyRegistryProcesses: ["string"],
            exceptionalReadonlyRegistryUsers: ["string"],
            readonlyRegistryPaths: ["string"],
            readonlyRegistryProcesses: ["string"],
            readonlyRegistryUsers: ["string"],
        },
        registry: "string",
        registryAccessMonitoring: {
            enabled: false,
            exceptionalMonitoredRegistryPaths: ["string"],
            exceptionalMonitoredRegistryProcesses: ["string"],
            exceptionalMonitoredRegistryUsers: ["string"],
            monitoredRegistryAttributes: false,
            monitoredRegistryCreate: false,
            monitoredRegistryDelete: false,
            monitoredRegistryModify: false,
            monitoredRegistryPaths: ["string"],
            monitoredRegistryProcesses: ["string"],
            monitoredRegistryRead: false,
            monitoredRegistryUsers: ["string"],
        },
        repoName: "string",
        resourceName: "string",
        resourceType: "string",
        restrictedVolumes: [{
            enabled: false,
            volumes: ["string"],
        }],
        reverseShell: {
            blockReverseShell: false,
            enabled: false,
            reverseShellIpWhiteLists: ["string"],
            reverseShellProcWhiteLists: ["string"],
        },
        runtimeMode: 0,
        runtimeType: "string",
        scopeExpression: "string",
        scopeVariables: [{
            attribute: "string",
            value: "string",
            name: "string",
        }],
        scopes: [{
            expression: "string",
            variables: [{
                attribute: "string",
                value: "string",
                name: "string",
            }],
        }],
        systemIntegrityProtection: {
            auditSystemtimeChange: false,
            enabled: false,
            monitorAuditLogIntegrity: false,
            windowsServicesMonitoring: false,
        },
        tripwire: {
            applyOns: ["string"],
            enabled: false,
            serverlessApp: "string",
            userId: "string",
            userPassword: "string",
        },
        type: "string",
        updated: "string",
        version: "string",
        vpatchVersion: "string",
        whitelistedOsUsers: {
            enabled: false,
            groupWhiteLists: ["string"],
            userWhiteLists: ["string"],
        },
    });
    
    type: aquasec:FunctionRuntimePolicy
    properties:
        allowedExecutables:
            - allowExecutables:
                - string
              allowRootExecutables:
                - string
              enabled: false
              separateExecutables: false
        allowedRegistries:
            - allowedRegistries:
                - string
              enabled: false
        applicationScopes:
            - string
        auditBruteForceLogin: false
        auditing:
            auditAllNetwork: false
            auditAllProcesses: false
            auditFailedLogin: false
            auditOsUserActivity: false
            auditProcessCmdline: false
            auditSuccessLogin: false
            auditUserAccountManagement: false
            enabled: false
        author: string
        blacklistedOsUsers:
            enabled: false
            groupBlackLists:
                - string
            userBlackLists:
                - string
        blockContainerExec: false
        blockDisallowedImages: false
        blockFilelessExec: false
        blockNonCompliantWorkloads: false
        blockNonK8sContainers: false
        bypassScopes:
            - enabled: false
              scopes:
                - expression: string
                  variables:
                    - attribute: string
                      value: string
        containerExec:
            blockContainerExec: false
            containerExecProcWhiteLists:
                - string
            enabled: false
            reverseShellIpWhiteLists:
                - string
        created: string
        cve: string
        defaultSecurityProfile: string
        description: string
        digest: string
        driftPreventions:
            - enabled: false
              execLockdown: false
              execLockdownWhiteLists:
                - string
              imageLockdown: false
        enableCryptoMiningDns: false
        enableForkGuard: false
        enableIpReputation: false
        enablePortScanProtection: false
        enabled: false
        enforce: false
        enforceAfterDays: 0
        enforceSchedulerAddedOn: 0
        excludeApplicationScopes:
            - string
        executableBlacklists:
            - enabled: false
              executables:
                - string
        failedKubernetesChecks:
            enabled: false
            failedChecks:
                - string
        fileBlock:
            blockFilesProcesses:
                - string
            blockFilesUsers:
                - string
            enabled: false
            exceptionalBlockFiles:
                - string
            exceptionalBlockFilesProcesses:
                - string
            exceptionalBlockFilesUsers:
                - string
            filenameBlockLists:
                - string
        fileIntegrityMonitorings:
            - enabled: false
              exceptionalMonitoredFiles:
                - string
              exceptionalMonitoredFilesProcesses:
                - string
              exceptionalMonitoredFilesUsers:
                - string
              monitoredFiles:
                - string
              monitoredFilesAttributes: false
              monitoredFilesCreate: false
              monitoredFilesDelete: false
              monitoredFilesModify: false
              monitoredFilesProcesses:
                - string
              monitoredFilesRead: false
              monitoredFilesUsers:
                - string
        forkGuardProcessLimit: 0
        honeypotAccessKey: string
        honeypotApplyOns:
            - string
        honeypotSecretKey: string
        honeypotServerlessAppName: string
        imageName: string
        isAuditChecked: false
        isAutoGenerated: false
        isOotbPolicy: false
        lastupdate: 0
        limitContainerPrivileges:
            - blockAddCapabilities: false
              enabled: false
              ipcmode: false
              netmode: false
              pidmode: false
              preventLowPortBinding: false
              preventRootUser: false
              privileged: false
              useHostUser: false
              usermode: false
              utsmode: false
        linuxCapabilities:
            enabled: false
            removeLinuxCapabilities:
                - string
        malwareScanOptions:
            action: string
            enabled: false
            excludeDirectories:
                - string
            excludeProcesses:
                - string
            includeDirectories:
                - string
        name: string
        noNewPrivileges: false
        onlyRegisteredImages: false
        packageBlock:
            blockPackagesProcesses:
                - string
            blockPackagesUsers:
                - string
            enabled: false
            exceptionalBlockPackagesFiles:
                - string
            exceptionalBlockPackagesProcesses:
                - string
            exceptionalBlockPackagesUsers:
                - string
            packagesBlackLists:
                - string
        permission: string
        portBlock:
            blockInboundPorts:
                - string
            blockOutboundPorts:
                - string
            enabled: false
        readonlyFiles:
            enabled: false
            exceptionalReadonlyFiles:
                - string
            exceptionalReadonlyFilesProcesses:
                - string
            exceptionalReadonlyFilesUsers:
                - string
            readonlyFiles:
                - string
            readonlyFilesProcesses:
                - string
            readonlyFilesUsers:
                - string
        readonlyRegistry:
            enabled: false
            exceptionalReadonlyRegistryPaths:
                - string
            exceptionalReadonlyRegistryProcesses:
                - string
            exceptionalReadonlyRegistryUsers:
                - string
            readonlyRegistryPaths:
                - string
            readonlyRegistryProcesses:
                - string
            readonlyRegistryUsers:
                - string
        registry: string
        registryAccessMonitoring:
            enabled: false
            exceptionalMonitoredRegistryPaths:
                - string
            exceptionalMonitoredRegistryProcesses:
                - string
            exceptionalMonitoredRegistryUsers:
                - string
            monitoredRegistryAttributes: false
            monitoredRegistryCreate: false
            monitoredRegistryDelete: false
            monitoredRegistryModify: false
            monitoredRegistryPaths:
                - string
            monitoredRegistryProcesses:
                - string
            monitoredRegistryRead: false
            monitoredRegistryUsers:
                - string
        repoName: string
        resourceName: string
        resourceType: string
        restrictedVolumes:
            - enabled: false
              volumes:
                - string
        reverseShell:
            blockReverseShell: false
            enabled: false
            reverseShellIpWhiteLists:
                - string
            reverseShellProcWhiteLists:
                - string
        runtimeMode: 0
        runtimeType: string
        scopeExpression: string
        scopeVariables:
            - attribute: string
              name: string
              value: string
        scopes:
            - expression: string
              variables:
                - attribute: string
                  name: string
                  value: string
        systemIntegrityProtection:
            auditSystemtimeChange: false
            enabled: false
            monitorAuditLogIntegrity: false
            windowsServicesMonitoring: false
        tripwire:
            applyOns:
                - string
            enabled: false
            serverlessApp: string
            userId: string
            userPassword: string
        type: string
        updated: string
        version: string
        vpatchVersion: string
        whitelistedOsUsers:
            enabled: false
            groupWhiteLists:
                - string
            userWhiteLists:
                - string
    

    FunctionRuntimePolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FunctionRuntimePolicy resource accepts the following input properties:

    AllowedExecutables List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    AllowedRegistries List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyAllowedRegistry>
    Allowed registries configuration.
    ApplicationScopes List<string>
    Indicates the application scope of the service.
    AuditBruteForceLogin bool
    Detects brute force login attempts
    Auditing Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyAuditing
    Author string
    Username of the account that created the service.
    BlacklistedOsUsers Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyBlacklistedOsUsers
    BlockContainerExec bool
    BlockDisallowedImages bool
    BlockFilelessExec bool
    BlockNonCompliantWorkloads bool
    BlockNonK8sContainers bool
    BypassScopes List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyBypassScope>
    Bypass scope configuration.
    ContainerExec Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyContainerExec
    Created string
    Cve string
    DefaultSecurityProfile string
    Description string
    The description of the function runtime policy
    Digest string
    DriftPreventions List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyDriftPrevention>
    Drift prevention configuration.
    EnableCryptoMiningDns bool
    EnableForkGuard bool
    EnableIpReputation bool
    EnablePortScanProtection bool
    Enabled bool
    Indicates if the runtime policy is enabled or not.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    EnforceSchedulerAddedOn int
    ExcludeApplicationScopes List<string>
    List of excluded application scopes.
    ExecutableBlacklists List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyExecutableBlacklist>
    Executable blacklist configuration.
    FailedKubernetesChecks Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyFailedKubernetesChecks
    FileBlock Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyFileBlock
    FileIntegrityMonitorings List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyFileIntegrityMonitoring>
    Configuration for file integrity monitoring.
    ForkGuardProcessLimit int
    HoneypotAccessKey string
    Honeypot User ID (Access Key)
    HoneypotApplyOns List<string>
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    HoneypotSecretKey string
    Honeypot User Password (Secret Key)
    HoneypotServerlessAppName string
    Serverless application name
    ImageName string
    IsAuditChecked bool
    IsAutoGenerated bool
    IsOotbPolicy bool
    Lastupdate int
    LimitContainerPrivileges List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    LinuxCapabilities Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyLinuxCapabilities
    MalwareScanOptions Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    Name string
    Name of the function runtime policy
    NoNewPrivileges bool
    OnlyRegisteredImages bool
    PackageBlock Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyPackageBlock
    Permission string
    PortBlock Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyPortBlock
    ReadonlyFiles Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyReadonlyFiles
    ReadonlyRegistry Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyReadonlyRegistry
    Registry string
    RegistryAccessMonitoring Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyRegistryAccessMonitoring
    RepoName string
    ResourceName string
    ResourceType string
    RestrictedVolumes List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    ReverseShell Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyReverseShell
    RuntimeMode int
    RuntimeType string
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyScopeVariable>
    List of scope attributes.
    Scopes List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyScope>
    Scope configuration.
    SystemIntegrityProtection Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicySystemIntegrityProtection
    Tripwire Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyTripwire
    Type string
    Updated string
    Version string
    VpatchVersion string
    WhitelistedOsUsers Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyWhitelistedOsUsers
    AllowedExecutables []FunctionRuntimePolicyAllowedExecutableArgs
    Allowed executables configuration.
    AllowedRegistries []FunctionRuntimePolicyAllowedRegistryArgs
    Allowed registries configuration.
    ApplicationScopes []string
    Indicates the application scope of the service.
    AuditBruteForceLogin bool
    Detects brute force login attempts
    Auditing FunctionRuntimePolicyAuditingArgs
    Author string
    Username of the account that created the service.
    BlacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsersArgs
    BlockContainerExec bool
    BlockDisallowedImages bool
    BlockFilelessExec bool
    BlockNonCompliantWorkloads bool
    BlockNonK8sContainers bool
    BypassScopes []FunctionRuntimePolicyBypassScopeArgs
    Bypass scope configuration.
    ContainerExec FunctionRuntimePolicyContainerExecArgs
    Created string
    Cve string
    DefaultSecurityProfile string
    Description string
    The description of the function runtime policy
    Digest string
    DriftPreventions []FunctionRuntimePolicyDriftPreventionArgs
    Drift prevention configuration.
    EnableCryptoMiningDns bool
    EnableForkGuard bool
    EnableIpReputation bool
    EnablePortScanProtection bool
    Enabled bool
    Indicates if the runtime policy is enabled or not.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    EnforceSchedulerAddedOn int
    ExcludeApplicationScopes []string
    List of excluded application scopes.
    ExecutableBlacklists []FunctionRuntimePolicyExecutableBlacklistArgs
    Executable blacklist configuration.
    FailedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecksArgs
    FileBlock FunctionRuntimePolicyFileBlockArgs
    FileIntegrityMonitorings []FunctionRuntimePolicyFileIntegrityMonitoringArgs
    Configuration for file integrity monitoring.
    ForkGuardProcessLimit int
    HoneypotAccessKey string
    Honeypot User ID (Access Key)
    HoneypotApplyOns []string
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    HoneypotSecretKey string
    Honeypot User Password (Secret Key)
    HoneypotServerlessAppName string
    Serverless application name
    ImageName string
    IsAuditChecked bool
    IsAutoGenerated bool
    IsOotbPolicy bool
    Lastupdate int
    LimitContainerPrivileges []FunctionRuntimePolicyLimitContainerPrivilegeArgs
    Container privileges configuration.
    LinuxCapabilities FunctionRuntimePolicyLinuxCapabilitiesArgs
    MalwareScanOptions FunctionRuntimePolicyMalwareScanOptionsArgs
    Configuration for Real-Time Malware Protection.
    Name string
    Name of the function runtime policy
    NoNewPrivileges bool
    OnlyRegisteredImages bool
    PackageBlock FunctionRuntimePolicyPackageBlockArgs
    Permission string
    PortBlock FunctionRuntimePolicyPortBlockArgs
    ReadonlyFiles FunctionRuntimePolicyReadonlyFilesArgs
    ReadonlyRegistry FunctionRuntimePolicyReadonlyRegistryArgs
    Registry string
    RegistryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoringArgs
    RepoName string
    ResourceName string
    ResourceType string
    RestrictedVolumes []FunctionRuntimePolicyRestrictedVolumeArgs
    Restricted volumes configuration.
    ReverseShell FunctionRuntimePolicyReverseShellArgs
    RuntimeMode int
    RuntimeType string
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables []FunctionRuntimePolicyScopeVariableArgs
    List of scope attributes.
    Scopes []FunctionRuntimePolicyScopeArgs
    Scope configuration.
    SystemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtectionArgs
    Tripwire FunctionRuntimePolicyTripwireArgs
    Type string
    Updated string
    Version string
    VpatchVersion string
    WhitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsersArgs
    allowedExecutables List<FunctionRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    allowedRegistries List<FunctionRuntimePolicyAllowedRegistry>
    Allowed registries configuration.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditBruteForceLogin Boolean
    Detects brute force login attempts
    auditing FunctionRuntimePolicyAuditing
    author String
    Username of the account that created the service.
    blacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsers
    blockContainerExec Boolean
    blockDisallowedImages Boolean
    blockFilelessExec Boolean
    blockNonCompliantWorkloads Boolean
    blockNonK8sContainers Boolean
    bypassScopes List<FunctionRuntimePolicyBypassScope>
    Bypass scope configuration.
    containerExec FunctionRuntimePolicyContainerExec
    created String
    cve String
    defaultSecurityProfile String
    description String
    The description of the function runtime policy
    digest String
    driftPreventions List<FunctionRuntimePolicyDriftPrevention>
    Drift prevention configuration.
    enableCryptoMiningDns Boolean
    enableForkGuard Boolean
    enableIpReputation Boolean
    enablePortScanProtection Boolean
    enabled Boolean
    Indicates if the runtime policy is enabled or not.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Integer
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn Integer
    excludeApplicationScopes List<String>
    List of excluded application scopes.
    executableBlacklists List<FunctionRuntimePolicyExecutableBlacklist>
    Executable blacklist configuration.
    failedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecks
    fileBlock FunctionRuntimePolicyFileBlock
    fileIntegrityMonitorings List<FunctionRuntimePolicyFileIntegrityMonitoring>
    Configuration for file integrity monitoring.
    forkGuardProcessLimit Integer
    honeypotAccessKey String
    Honeypot User ID (Access Key)
    honeypotApplyOns List<String>
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    honeypotSecretKey String
    Honeypot User Password (Secret Key)
    honeypotServerlessAppName String
    Serverless application name
    imageName String
    isAuditChecked Boolean
    isAutoGenerated Boolean
    isOotbPolicy Boolean
    lastupdate Integer
    limitContainerPrivileges List<FunctionRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    linuxCapabilities FunctionRuntimePolicyLinuxCapabilities
    malwareScanOptions FunctionRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    name String
    Name of the function runtime policy
    noNewPrivileges Boolean
    onlyRegisteredImages Boolean
    packageBlock FunctionRuntimePolicyPackageBlock
    permission String
    portBlock FunctionRuntimePolicyPortBlock
    readonlyFiles FunctionRuntimePolicyReadonlyFiles
    readonlyRegistry FunctionRuntimePolicyReadonlyRegistry
    registry String
    registryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoring
    repoName String
    resourceName String
    resourceType String
    restrictedVolumes List<FunctionRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    reverseShell FunctionRuntimePolicyReverseShell
    runtimeMode Integer
    runtimeType String
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<FunctionRuntimePolicyScopeVariable>
    List of scope attributes.
    scopes List<FunctionRuntimePolicyScope>
    Scope configuration.
    systemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtection
    tripwire FunctionRuntimePolicyTripwire
    type String
    updated String
    version String
    vpatchVersion String
    whitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsers
    allowedExecutables FunctionRuntimePolicyAllowedExecutable[]
    Allowed executables configuration.
    allowedRegistries FunctionRuntimePolicyAllowedRegistry[]
    Allowed registries configuration.
    applicationScopes string[]
    Indicates the application scope of the service.
    auditBruteForceLogin boolean
    Detects brute force login attempts
    auditing FunctionRuntimePolicyAuditing
    author string
    Username of the account that created the service.
    blacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsers
    blockContainerExec boolean
    blockDisallowedImages boolean
    blockFilelessExec boolean
    blockNonCompliantWorkloads boolean
    blockNonK8sContainers boolean
    bypassScopes FunctionRuntimePolicyBypassScope[]
    Bypass scope configuration.
    containerExec FunctionRuntimePolicyContainerExec
    created string
    cve string
    defaultSecurityProfile string
    description string
    The description of the function runtime policy
    digest string
    driftPreventions FunctionRuntimePolicyDriftPrevention[]
    Drift prevention configuration.
    enableCryptoMiningDns boolean
    enableForkGuard boolean
    enableIpReputation boolean
    enablePortScanProtection boolean
    enabled boolean
    Indicates if the runtime policy is enabled or not.
    enforce boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn number
    excludeApplicationScopes string[]
    List of excluded application scopes.
    executableBlacklists FunctionRuntimePolicyExecutableBlacklist[]
    Executable blacklist configuration.
    failedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecks
    fileBlock FunctionRuntimePolicyFileBlock
    fileIntegrityMonitorings FunctionRuntimePolicyFileIntegrityMonitoring[]
    Configuration for file integrity monitoring.
    forkGuardProcessLimit number
    honeypotAccessKey string
    Honeypot User ID (Access Key)
    honeypotApplyOns string[]
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    honeypotSecretKey string
    Honeypot User Password (Secret Key)
    honeypotServerlessAppName string
    Serverless application name
    imageName string
    isAuditChecked boolean
    isAutoGenerated boolean
    isOotbPolicy boolean
    lastupdate number
    limitContainerPrivileges FunctionRuntimePolicyLimitContainerPrivilege[]
    Container privileges configuration.
    linuxCapabilities FunctionRuntimePolicyLinuxCapabilities
    malwareScanOptions FunctionRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    name string
    Name of the function runtime policy
    noNewPrivileges boolean
    onlyRegisteredImages boolean
    packageBlock FunctionRuntimePolicyPackageBlock
    permission string
    portBlock FunctionRuntimePolicyPortBlock
    readonlyFiles FunctionRuntimePolicyReadonlyFiles
    readonlyRegistry FunctionRuntimePolicyReadonlyRegistry
    registry string
    registryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoring
    repoName string
    resourceName string
    resourceType string
    restrictedVolumes FunctionRuntimePolicyRestrictedVolume[]
    Restricted volumes configuration.
    reverseShell FunctionRuntimePolicyReverseShell
    runtimeMode number
    runtimeType string
    scopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables FunctionRuntimePolicyScopeVariable[]
    List of scope attributes.
    scopes FunctionRuntimePolicyScope[]
    Scope configuration.
    systemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtection
    tripwire FunctionRuntimePolicyTripwire
    type string
    updated string
    version string
    vpatchVersion string
    whitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsers
    allowed_executables Sequence[FunctionRuntimePolicyAllowedExecutableArgs]
    Allowed executables configuration.
    allowed_registries Sequence[FunctionRuntimePolicyAllowedRegistryArgs]
    Allowed registries configuration.
    application_scopes Sequence[str]
    Indicates the application scope of the service.
    audit_brute_force_login bool
    Detects brute force login attempts
    auditing FunctionRuntimePolicyAuditingArgs
    author str
    Username of the account that created the service.
    blacklisted_os_users FunctionRuntimePolicyBlacklistedOsUsersArgs
    block_container_exec bool
    block_disallowed_images bool
    block_fileless_exec bool
    block_non_compliant_workloads bool
    block_non_k8s_containers bool
    bypass_scopes Sequence[FunctionRuntimePolicyBypassScopeArgs]
    Bypass scope configuration.
    container_exec FunctionRuntimePolicyContainerExecArgs
    created str
    cve str
    default_security_profile str
    description str
    The description of the function runtime policy
    digest str
    drift_preventions Sequence[FunctionRuntimePolicyDriftPreventionArgs]
    Drift prevention configuration.
    enable_crypto_mining_dns bool
    enable_fork_guard bool
    enable_ip_reputation bool
    enable_port_scan_protection bool
    enabled bool
    Indicates if the runtime policy is enabled or not.
    enforce bool
    Indicates that policy should effect container execution (not just for audit).
    enforce_after_days int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforce_scheduler_added_on int
    exclude_application_scopes Sequence[str]
    List of excluded application scopes.
    executable_blacklists Sequence[FunctionRuntimePolicyExecutableBlacklistArgs]
    Executable blacklist configuration.
    failed_kubernetes_checks FunctionRuntimePolicyFailedKubernetesChecksArgs
    file_block FunctionRuntimePolicyFileBlockArgs
    file_integrity_monitorings Sequence[FunctionRuntimePolicyFileIntegrityMonitoringArgs]
    Configuration for file integrity monitoring.
    fork_guard_process_limit int
    honeypot_access_key str
    Honeypot User ID (Access Key)
    honeypot_apply_ons Sequence[str]
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    honeypot_secret_key str
    Honeypot User Password (Secret Key)
    honeypot_serverless_app_name str
    Serverless application name
    image_name str
    is_audit_checked bool
    is_auto_generated bool
    is_ootb_policy bool
    lastupdate int
    limit_container_privileges Sequence[FunctionRuntimePolicyLimitContainerPrivilegeArgs]
    Container privileges configuration.
    linux_capabilities FunctionRuntimePolicyLinuxCapabilitiesArgs
    malware_scan_options FunctionRuntimePolicyMalwareScanOptionsArgs
    Configuration for Real-Time Malware Protection.
    name str
    Name of the function runtime policy
    no_new_privileges bool
    only_registered_images bool
    package_block FunctionRuntimePolicyPackageBlockArgs
    permission str
    port_block FunctionRuntimePolicyPortBlockArgs
    readonly_files FunctionRuntimePolicyReadonlyFilesArgs
    readonly_registry FunctionRuntimePolicyReadonlyRegistryArgs
    registry str
    registry_access_monitoring FunctionRuntimePolicyRegistryAccessMonitoringArgs
    repo_name str
    resource_name str
    resource_type str
    restricted_volumes Sequence[FunctionRuntimePolicyRestrictedVolumeArgs]
    Restricted volumes configuration.
    reverse_shell FunctionRuntimePolicyReverseShellArgs
    runtime_mode int
    runtime_type str
    scope_expression str
    Logical expression of how to compute the dependency of the scope variables.
    scope_variables Sequence[FunctionRuntimePolicyScopeVariableArgs]
    List of scope attributes.
    scopes Sequence[FunctionRuntimePolicyScopeArgs]
    Scope configuration.
    system_integrity_protection FunctionRuntimePolicySystemIntegrityProtectionArgs
    tripwire FunctionRuntimePolicyTripwireArgs
    type str
    updated str
    version str
    vpatch_version str
    whitelisted_os_users FunctionRuntimePolicyWhitelistedOsUsersArgs
    allowedExecutables List<Property Map>
    Allowed executables configuration.
    allowedRegistries List<Property Map>
    Allowed registries configuration.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditBruteForceLogin Boolean
    Detects brute force login attempts
    auditing Property Map
    author String
    Username of the account that created the service.
    blacklistedOsUsers Property Map
    blockContainerExec Boolean
    blockDisallowedImages Boolean
    blockFilelessExec Boolean
    blockNonCompliantWorkloads Boolean
    blockNonK8sContainers Boolean
    bypassScopes List<Property Map>
    Bypass scope configuration.
    containerExec Property Map
    created String
    cve String
    defaultSecurityProfile String
    description String
    The description of the function runtime policy
    digest String
    driftPreventions List<Property Map>
    Drift prevention configuration.
    enableCryptoMiningDns Boolean
    enableForkGuard Boolean
    enableIpReputation Boolean
    enablePortScanProtection Boolean
    enabled Boolean
    Indicates if the runtime policy is enabled or not.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn Number
    excludeApplicationScopes List<String>
    List of excluded application scopes.
    executableBlacklists List<Property Map>
    Executable blacklist configuration.
    failedKubernetesChecks Property Map
    fileBlock Property Map
    fileIntegrityMonitorings List<Property Map>
    Configuration for file integrity monitoring.
    forkGuardProcessLimit Number
    honeypotAccessKey String
    Honeypot User ID (Access Key)
    honeypotApplyOns List<String>
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    honeypotSecretKey String
    Honeypot User Password (Secret Key)
    honeypotServerlessAppName String
    Serverless application name
    imageName String
    isAuditChecked Boolean
    isAutoGenerated Boolean
    isOotbPolicy Boolean
    lastupdate Number
    limitContainerPrivileges List<Property Map>
    Container privileges configuration.
    linuxCapabilities Property Map
    malwareScanOptions Property Map
    Configuration for Real-Time Malware Protection.
    name String
    Name of the function runtime policy
    noNewPrivileges Boolean
    onlyRegisteredImages Boolean
    packageBlock Property Map
    permission String
    portBlock Property Map
    readonlyFiles Property Map
    readonlyRegistry Property Map
    registry String
    registryAccessMonitoring Property Map
    repoName String
    resourceName String
    resourceType String
    restrictedVolumes List<Property Map>
    Restricted volumes configuration.
    reverseShell Property Map
    runtimeMode Number
    runtimeType String
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<Property Map>
    List of scope attributes.
    scopes List<Property Map>
    Scope configuration.
    systemIntegrityProtection Property Map
    tripwire Property Map
    type String
    updated String
    version String
    vpatchVersion String
    whitelistedOsUsers Property Map

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FunctionRuntimePolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing FunctionRuntimePolicy Resource

    Get an existing FunctionRuntimePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FunctionRuntimePolicyState, opts?: CustomResourceOptions): FunctionRuntimePolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowed_executables: Optional[Sequence[FunctionRuntimePolicyAllowedExecutableArgs]] = None,
            allowed_registries: Optional[Sequence[FunctionRuntimePolicyAllowedRegistryArgs]] = None,
            application_scopes: Optional[Sequence[str]] = None,
            audit_brute_force_login: Optional[bool] = None,
            auditing: Optional[FunctionRuntimePolicyAuditingArgs] = None,
            author: Optional[str] = None,
            blacklisted_os_users: Optional[FunctionRuntimePolicyBlacklistedOsUsersArgs] = None,
            block_container_exec: Optional[bool] = None,
            block_disallowed_images: Optional[bool] = None,
            block_fileless_exec: Optional[bool] = None,
            block_non_compliant_workloads: Optional[bool] = None,
            block_non_k8s_containers: Optional[bool] = None,
            bypass_scopes: Optional[Sequence[FunctionRuntimePolicyBypassScopeArgs]] = None,
            container_exec: Optional[FunctionRuntimePolicyContainerExecArgs] = None,
            created: Optional[str] = None,
            cve: Optional[str] = None,
            default_security_profile: Optional[str] = None,
            description: Optional[str] = None,
            digest: Optional[str] = None,
            drift_preventions: Optional[Sequence[FunctionRuntimePolicyDriftPreventionArgs]] = None,
            enable_crypto_mining_dns: Optional[bool] = None,
            enable_fork_guard: Optional[bool] = None,
            enable_ip_reputation: Optional[bool] = None,
            enable_port_scan_protection: Optional[bool] = None,
            enabled: Optional[bool] = None,
            enforce: Optional[bool] = None,
            enforce_after_days: Optional[int] = None,
            enforce_scheduler_added_on: Optional[int] = None,
            exclude_application_scopes: Optional[Sequence[str]] = None,
            executable_blacklists: Optional[Sequence[FunctionRuntimePolicyExecutableBlacklistArgs]] = None,
            failed_kubernetes_checks: Optional[FunctionRuntimePolicyFailedKubernetesChecksArgs] = None,
            file_block: Optional[FunctionRuntimePolicyFileBlockArgs] = None,
            file_integrity_monitorings: Optional[Sequence[FunctionRuntimePolicyFileIntegrityMonitoringArgs]] = None,
            fork_guard_process_limit: Optional[int] = None,
            honeypot_access_key: Optional[str] = None,
            honeypot_apply_ons: Optional[Sequence[str]] = None,
            honeypot_secret_key: Optional[str] = None,
            honeypot_serverless_app_name: Optional[str] = None,
            image_name: Optional[str] = None,
            is_audit_checked: Optional[bool] = None,
            is_auto_generated: Optional[bool] = None,
            is_ootb_policy: Optional[bool] = None,
            lastupdate: Optional[int] = None,
            limit_container_privileges: Optional[Sequence[FunctionRuntimePolicyLimitContainerPrivilegeArgs]] = None,
            linux_capabilities: Optional[FunctionRuntimePolicyLinuxCapabilitiesArgs] = None,
            malware_scan_options: Optional[FunctionRuntimePolicyMalwareScanOptionsArgs] = None,
            name: Optional[str] = None,
            no_new_privileges: Optional[bool] = None,
            only_registered_images: Optional[bool] = None,
            package_block: Optional[FunctionRuntimePolicyPackageBlockArgs] = None,
            permission: Optional[str] = None,
            port_block: Optional[FunctionRuntimePolicyPortBlockArgs] = None,
            readonly_files: Optional[FunctionRuntimePolicyReadonlyFilesArgs] = None,
            readonly_registry: Optional[FunctionRuntimePolicyReadonlyRegistryArgs] = None,
            registry: Optional[str] = None,
            registry_access_monitoring: Optional[FunctionRuntimePolicyRegistryAccessMonitoringArgs] = None,
            repo_name: Optional[str] = None,
            resource_name: Optional[str] = None,
            resource_type: Optional[str] = None,
            restricted_volumes: Optional[Sequence[FunctionRuntimePolicyRestrictedVolumeArgs]] = None,
            reverse_shell: Optional[FunctionRuntimePolicyReverseShellArgs] = None,
            runtime_mode: Optional[int] = None,
            runtime_type: Optional[str] = None,
            scope_expression: Optional[str] = None,
            scope_variables: Optional[Sequence[FunctionRuntimePolicyScopeVariableArgs]] = None,
            scopes: Optional[Sequence[FunctionRuntimePolicyScopeArgs]] = None,
            system_integrity_protection: Optional[FunctionRuntimePolicySystemIntegrityProtectionArgs] = None,
            tripwire: Optional[FunctionRuntimePolicyTripwireArgs] = None,
            type: Optional[str] = None,
            updated: Optional[str] = None,
            version: Optional[str] = None,
            vpatch_version: Optional[str] = None,
            whitelisted_os_users: Optional[FunctionRuntimePolicyWhitelistedOsUsersArgs] = None) -> FunctionRuntimePolicy
    func GetFunctionRuntimePolicy(ctx *Context, name string, id IDInput, state *FunctionRuntimePolicyState, opts ...ResourceOption) (*FunctionRuntimePolicy, error)
    public static FunctionRuntimePolicy Get(string name, Input<string> id, FunctionRuntimePolicyState? state, CustomResourceOptions? opts = null)
    public static FunctionRuntimePolicy get(String name, Output<String> id, FunctionRuntimePolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowedExecutables List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    AllowedRegistries List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyAllowedRegistry>
    Allowed registries configuration.
    ApplicationScopes List<string>
    Indicates the application scope of the service.
    AuditBruteForceLogin bool
    Detects brute force login attempts
    Auditing Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyAuditing
    Author string
    Username of the account that created the service.
    BlacklistedOsUsers Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyBlacklistedOsUsers
    BlockContainerExec bool
    BlockDisallowedImages bool
    BlockFilelessExec bool
    BlockNonCompliantWorkloads bool
    BlockNonK8sContainers bool
    BypassScopes List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyBypassScope>
    Bypass scope configuration.
    ContainerExec Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyContainerExec
    Created string
    Cve string
    DefaultSecurityProfile string
    Description string
    The description of the function runtime policy
    Digest string
    DriftPreventions List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyDriftPrevention>
    Drift prevention configuration.
    EnableCryptoMiningDns bool
    EnableForkGuard bool
    EnableIpReputation bool
    EnablePortScanProtection bool
    Enabled bool
    Indicates if the runtime policy is enabled or not.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    EnforceSchedulerAddedOn int
    ExcludeApplicationScopes List<string>
    List of excluded application scopes.
    ExecutableBlacklists List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyExecutableBlacklist>
    Executable blacklist configuration.
    FailedKubernetesChecks Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyFailedKubernetesChecks
    FileBlock Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyFileBlock
    FileIntegrityMonitorings List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyFileIntegrityMonitoring>
    Configuration for file integrity monitoring.
    ForkGuardProcessLimit int
    HoneypotAccessKey string
    Honeypot User ID (Access Key)
    HoneypotApplyOns List<string>
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    HoneypotSecretKey string
    Honeypot User Password (Secret Key)
    HoneypotServerlessAppName string
    Serverless application name
    ImageName string
    IsAuditChecked bool
    IsAutoGenerated bool
    IsOotbPolicy bool
    Lastupdate int
    LimitContainerPrivileges List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    LinuxCapabilities Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyLinuxCapabilities
    MalwareScanOptions Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    Name string
    Name of the function runtime policy
    NoNewPrivileges bool
    OnlyRegisteredImages bool
    PackageBlock Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyPackageBlock
    Permission string
    PortBlock Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyPortBlock
    ReadonlyFiles Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyReadonlyFiles
    ReadonlyRegistry Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyReadonlyRegistry
    Registry string
    RegistryAccessMonitoring Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyRegistryAccessMonitoring
    RepoName string
    ResourceName string
    ResourceType string
    RestrictedVolumes List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    ReverseShell Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyReverseShell
    RuntimeMode int
    RuntimeType string
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyScopeVariable>
    List of scope attributes.
    Scopes List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyScope>
    Scope configuration.
    SystemIntegrityProtection Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicySystemIntegrityProtection
    Tripwire Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyTripwire
    Type string
    Updated string
    Version string
    VpatchVersion string
    WhitelistedOsUsers Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyWhitelistedOsUsers
    AllowedExecutables []FunctionRuntimePolicyAllowedExecutableArgs
    Allowed executables configuration.
    AllowedRegistries []FunctionRuntimePolicyAllowedRegistryArgs
    Allowed registries configuration.
    ApplicationScopes []string
    Indicates the application scope of the service.
    AuditBruteForceLogin bool
    Detects brute force login attempts
    Auditing FunctionRuntimePolicyAuditingArgs
    Author string
    Username of the account that created the service.
    BlacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsersArgs
    BlockContainerExec bool
    BlockDisallowedImages bool
    BlockFilelessExec bool
    BlockNonCompliantWorkloads bool
    BlockNonK8sContainers bool
    BypassScopes []FunctionRuntimePolicyBypassScopeArgs
    Bypass scope configuration.
    ContainerExec FunctionRuntimePolicyContainerExecArgs
    Created string
    Cve string
    DefaultSecurityProfile string
    Description string
    The description of the function runtime policy
    Digest string
    DriftPreventions []FunctionRuntimePolicyDriftPreventionArgs
    Drift prevention configuration.
    EnableCryptoMiningDns bool
    EnableForkGuard bool
    EnableIpReputation bool
    EnablePortScanProtection bool
    Enabled bool
    Indicates if the runtime policy is enabled or not.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    EnforceSchedulerAddedOn int
    ExcludeApplicationScopes []string
    List of excluded application scopes.
    ExecutableBlacklists []FunctionRuntimePolicyExecutableBlacklistArgs
    Executable blacklist configuration.
    FailedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecksArgs
    FileBlock FunctionRuntimePolicyFileBlockArgs
    FileIntegrityMonitorings []FunctionRuntimePolicyFileIntegrityMonitoringArgs
    Configuration for file integrity monitoring.
    ForkGuardProcessLimit int
    HoneypotAccessKey string
    Honeypot User ID (Access Key)
    HoneypotApplyOns []string
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    HoneypotSecretKey string
    Honeypot User Password (Secret Key)
    HoneypotServerlessAppName string
    Serverless application name
    ImageName string
    IsAuditChecked bool
    IsAutoGenerated bool
    IsOotbPolicy bool
    Lastupdate int
    LimitContainerPrivileges []FunctionRuntimePolicyLimitContainerPrivilegeArgs
    Container privileges configuration.
    LinuxCapabilities FunctionRuntimePolicyLinuxCapabilitiesArgs
    MalwareScanOptions FunctionRuntimePolicyMalwareScanOptionsArgs
    Configuration for Real-Time Malware Protection.
    Name string
    Name of the function runtime policy
    NoNewPrivileges bool
    OnlyRegisteredImages bool
    PackageBlock FunctionRuntimePolicyPackageBlockArgs
    Permission string
    PortBlock FunctionRuntimePolicyPortBlockArgs
    ReadonlyFiles FunctionRuntimePolicyReadonlyFilesArgs
    ReadonlyRegistry FunctionRuntimePolicyReadonlyRegistryArgs
    Registry string
    RegistryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoringArgs
    RepoName string
    ResourceName string
    ResourceType string
    RestrictedVolumes []FunctionRuntimePolicyRestrictedVolumeArgs
    Restricted volumes configuration.
    ReverseShell FunctionRuntimePolicyReverseShellArgs
    RuntimeMode int
    RuntimeType string
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables []FunctionRuntimePolicyScopeVariableArgs
    List of scope attributes.
    Scopes []FunctionRuntimePolicyScopeArgs
    Scope configuration.
    SystemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtectionArgs
    Tripwire FunctionRuntimePolicyTripwireArgs
    Type string
    Updated string
    Version string
    VpatchVersion string
    WhitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsersArgs
    allowedExecutables List<FunctionRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    allowedRegistries List<FunctionRuntimePolicyAllowedRegistry>
    Allowed registries configuration.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditBruteForceLogin Boolean
    Detects brute force login attempts
    auditing FunctionRuntimePolicyAuditing
    author String
    Username of the account that created the service.
    blacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsers
    blockContainerExec Boolean
    blockDisallowedImages Boolean
    blockFilelessExec Boolean
    blockNonCompliantWorkloads Boolean
    blockNonK8sContainers Boolean
    bypassScopes List<FunctionRuntimePolicyBypassScope>
    Bypass scope configuration.
    containerExec FunctionRuntimePolicyContainerExec
    created String
    cve String
    defaultSecurityProfile String
    description String
    The description of the function runtime policy
    digest String
    driftPreventions List<FunctionRuntimePolicyDriftPrevention>
    Drift prevention configuration.
    enableCryptoMiningDns Boolean
    enableForkGuard Boolean
    enableIpReputation Boolean
    enablePortScanProtection Boolean
    enabled Boolean
    Indicates if the runtime policy is enabled or not.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Integer
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn Integer
    excludeApplicationScopes List<String>
    List of excluded application scopes.
    executableBlacklists List<FunctionRuntimePolicyExecutableBlacklist>
    Executable blacklist configuration.
    failedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecks
    fileBlock FunctionRuntimePolicyFileBlock
    fileIntegrityMonitorings List<FunctionRuntimePolicyFileIntegrityMonitoring>
    Configuration for file integrity monitoring.
    forkGuardProcessLimit Integer
    honeypotAccessKey String
    Honeypot User ID (Access Key)
    honeypotApplyOns List<String>
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    honeypotSecretKey String
    Honeypot User Password (Secret Key)
    honeypotServerlessAppName String
    Serverless application name
    imageName String
    isAuditChecked Boolean
    isAutoGenerated Boolean
    isOotbPolicy Boolean
    lastupdate Integer
    limitContainerPrivileges List<FunctionRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    linuxCapabilities FunctionRuntimePolicyLinuxCapabilities
    malwareScanOptions FunctionRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    name String
    Name of the function runtime policy
    noNewPrivileges Boolean
    onlyRegisteredImages Boolean
    packageBlock FunctionRuntimePolicyPackageBlock
    permission String
    portBlock FunctionRuntimePolicyPortBlock
    readonlyFiles FunctionRuntimePolicyReadonlyFiles
    readonlyRegistry FunctionRuntimePolicyReadonlyRegistry
    registry String
    registryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoring
    repoName String
    resourceName String
    resourceType String
    restrictedVolumes List<FunctionRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    reverseShell FunctionRuntimePolicyReverseShell
    runtimeMode Integer
    runtimeType String
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<FunctionRuntimePolicyScopeVariable>
    List of scope attributes.
    scopes List<FunctionRuntimePolicyScope>
    Scope configuration.
    systemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtection
    tripwire FunctionRuntimePolicyTripwire
    type String
    updated String
    version String
    vpatchVersion String
    whitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsers
    allowedExecutables FunctionRuntimePolicyAllowedExecutable[]
    Allowed executables configuration.
    allowedRegistries FunctionRuntimePolicyAllowedRegistry[]
    Allowed registries configuration.
    applicationScopes string[]
    Indicates the application scope of the service.
    auditBruteForceLogin boolean
    Detects brute force login attempts
    auditing FunctionRuntimePolicyAuditing
    author string
    Username of the account that created the service.
    blacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsers
    blockContainerExec boolean
    blockDisallowedImages boolean
    blockFilelessExec boolean
    blockNonCompliantWorkloads boolean
    blockNonK8sContainers boolean
    bypassScopes FunctionRuntimePolicyBypassScope[]
    Bypass scope configuration.
    containerExec FunctionRuntimePolicyContainerExec
    created string
    cve string
    defaultSecurityProfile string
    description string
    The description of the function runtime policy
    digest string
    driftPreventions FunctionRuntimePolicyDriftPrevention[]
    Drift prevention configuration.
    enableCryptoMiningDns boolean
    enableForkGuard boolean
    enableIpReputation boolean
    enablePortScanProtection boolean
    enabled boolean
    Indicates if the runtime policy is enabled or not.
    enforce boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn number
    excludeApplicationScopes string[]
    List of excluded application scopes.
    executableBlacklists FunctionRuntimePolicyExecutableBlacklist[]
    Executable blacklist configuration.
    failedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecks
    fileBlock FunctionRuntimePolicyFileBlock
    fileIntegrityMonitorings FunctionRuntimePolicyFileIntegrityMonitoring[]
    Configuration for file integrity monitoring.
    forkGuardProcessLimit number
    honeypotAccessKey string
    Honeypot User ID (Access Key)
    honeypotApplyOns string[]
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    honeypotSecretKey string
    Honeypot User Password (Secret Key)
    honeypotServerlessAppName string
    Serverless application name
    imageName string
    isAuditChecked boolean
    isAutoGenerated boolean
    isOotbPolicy boolean
    lastupdate number
    limitContainerPrivileges FunctionRuntimePolicyLimitContainerPrivilege[]
    Container privileges configuration.
    linuxCapabilities FunctionRuntimePolicyLinuxCapabilities
    malwareScanOptions FunctionRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    name string
    Name of the function runtime policy
    noNewPrivileges boolean
    onlyRegisteredImages boolean
    packageBlock FunctionRuntimePolicyPackageBlock
    permission string
    portBlock FunctionRuntimePolicyPortBlock
    readonlyFiles FunctionRuntimePolicyReadonlyFiles
    readonlyRegistry FunctionRuntimePolicyReadonlyRegistry
    registry string
    registryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoring
    repoName string
    resourceName string
    resourceType string
    restrictedVolumes FunctionRuntimePolicyRestrictedVolume[]
    Restricted volumes configuration.
    reverseShell FunctionRuntimePolicyReverseShell
    runtimeMode number
    runtimeType string
    scopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables FunctionRuntimePolicyScopeVariable[]
    List of scope attributes.
    scopes FunctionRuntimePolicyScope[]
    Scope configuration.
    systemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtection
    tripwire FunctionRuntimePolicyTripwire
    type string
    updated string
    version string
    vpatchVersion string
    whitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsers
    allowed_executables Sequence[FunctionRuntimePolicyAllowedExecutableArgs]
    Allowed executables configuration.
    allowed_registries Sequence[FunctionRuntimePolicyAllowedRegistryArgs]
    Allowed registries configuration.
    application_scopes Sequence[str]
    Indicates the application scope of the service.
    audit_brute_force_login bool
    Detects brute force login attempts
    auditing FunctionRuntimePolicyAuditingArgs
    author str
    Username of the account that created the service.
    blacklisted_os_users FunctionRuntimePolicyBlacklistedOsUsersArgs
    block_container_exec bool
    block_disallowed_images bool
    block_fileless_exec bool
    block_non_compliant_workloads bool
    block_non_k8s_containers bool
    bypass_scopes Sequence[FunctionRuntimePolicyBypassScopeArgs]
    Bypass scope configuration.
    container_exec FunctionRuntimePolicyContainerExecArgs
    created str
    cve str
    default_security_profile str
    description str
    The description of the function runtime policy
    digest str
    drift_preventions Sequence[FunctionRuntimePolicyDriftPreventionArgs]
    Drift prevention configuration.
    enable_crypto_mining_dns bool
    enable_fork_guard bool
    enable_ip_reputation bool
    enable_port_scan_protection bool
    enabled bool
    Indicates if the runtime policy is enabled or not.
    enforce bool
    Indicates that policy should effect container execution (not just for audit).
    enforce_after_days int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforce_scheduler_added_on int
    exclude_application_scopes Sequence[str]
    List of excluded application scopes.
    executable_blacklists Sequence[FunctionRuntimePolicyExecutableBlacklistArgs]
    Executable blacklist configuration.
    failed_kubernetes_checks FunctionRuntimePolicyFailedKubernetesChecksArgs
    file_block FunctionRuntimePolicyFileBlockArgs
    file_integrity_monitorings Sequence[FunctionRuntimePolicyFileIntegrityMonitoringArgs]
    Configuration for file integrity monitoring.
    fork_guard_process_limit int
    honeypot_access_key str
    Honeypot User ID (Access Key)
    honeypot_apply_ons Sequence[str]
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    honeypot_secret_key str
    Honeypot User Password (Secret Key)
    honeypot_serverless_app_name str
    Serverless application name
    image_name str
    is_audit_checked bool
    is_auto_generated bool
    is_ootb_policy bool
    lastupdate int
    limit_container_privileges Sequence[FunctionRuntimePolicyLimitContainerPrivilegeArgs]
    Container privileges configuration.
    linux_capabilities FunctionRuntimePolicyLinuxCapabilitiesArgs
    malware_scan_options FunctionRuntimePolicyMalwareScanOptionsArgs
    Configuration for Real-Time Malware Protection.
    name str
    Name of the function runtime policy
    no_new_privileges bool
    only_registered_images bool
    package_block FunctionRuntimePolicyPackageBlockArgs
    permission str
    port_block FunctionRuntimePolicyPortBlockArgs
    readonly_files FunctionRuntimePolicyReadonlyFilesArgs
    readonly_registry FunctionRuntimePolicyReadonlyRegistryArgs
    registry str
    registry_access_monitoring FunctionRuntimePolicyRegistryAccessMonitoringArgs
    repo_name str
    resource_name str
    resource_type str
    restricted_volumes Sequence[FunctionRuntimePolicyRestrictedVolumeArgs]
    Restricted volumes configuration.
    reverse_shell FunctionRuntimePolicyReverseShellArgs
    runtime_mode int
    runtime_type str
    scope_expression str
    Logical expression of how to compute the dependency of the scope variables.
    scope_variables Sequence[FunctionRuntimePolicyScopeVariableArgs]
    List of scope attributes.
    scopes Sequence[FunctionRuntimePolicyScopeArgs]
    Scope configuration.
    system_integrity_protection FunctionRuntimePolicySystemIntegrityProtectionArgs
    tripwire FunctionRuntimePolicyTripwireArgs
    type str
    updated str
    version str
    vpatch_version str
    whitelisted_os_users FunctionRuntimePolicyWhitelistedOsUsersArgs
    allowedExecutables List<Property Map>
    Allowed executables configuration.
    allowedRegistries List<Property Map>
    Allowed registries configuration.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditBruteForceLogin Boolean
    Detects brute force login attempts
    auditing Property Map
    author String
    Username of the account that created the service.
    blacklistedOsUsers Property Map
    blockContainerExec Boolean
    blockDisallowedImages Boolean
    blockFilelessExec Boolean
    blockNonCompliantWorkloads Boolean
    blockNonK8sContainers Boolean
    bypassScopes List<Property Map>
    Bypass scope configuration.
    containerExec Property Map
    created String
    cve String
    defaultSecurityProfile String
    description String
    The description of the function runtime policy
    digest String
    driftPreventions List<Property Map>
    Drift prevention configuration.
    enableCryptoMiningDns Boolean
    enableForkGuard Boolean
    enableIpReputation Boolean
    enablePortScanProtection Boolean
    enabled Boolean
    Indicates if the runtime policy is enabled or not.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn Number
    excludeApplicationScopes List<String>
    List of excluded application scopes.
    executableBlacklists List<Property Map>
    Executable blacklist configuration.
    failedKubernetesChecks Property Map
    fileBlock Property Map
    fileIntegrityMonitorings List<Property Map>
    Configuration for file integrity monitoring.
    forkGuardProcessLimit Number
    honeypotAccessKey String
    Honeypot User ID (Access Key)
    honeypotApplyOns List<String>
    List of options to apply the honeypot on (Environment Vairable, Layer, File)
    honeypotSecretKey String
    Honeypot User Password (Secret Key)
    honeypotServerlessAppName String
    Serverless application name
    imageName String
    isAuditChecked Boolean
    isAutoGenerated Boolean
    isOotbPolicy Boolean
    lastupdate Number
    limitContainerPrivileges List<Property Map>
    Container privileges configuration.
    linuxCapabilities Property Map
    malwareScanOptions Property Map
    Configuration for Real-Time Malware Protection.
    name String
    Name of the function runtime policy
    noNewPrivileges Boolean
    onlyRegisteredImages Boolean
    packageBlock Property Map
    permission String
    portBlock Property Map
    readonlyFiles Property Map
    readonlyRegistry Property Map
    registry String
    registryAccessMonitoring Property Map
    repoName String
    resourceName String
    resourceType String
    restrictedVolumes List<Property Map>
    Restricted volumes configuration.
    reverseShell Property Map
    runtimeMode Number
    runtimeType String
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<Property Map>
    List of scope attributes.
    scopes List<Property Map>
    Scope configuration.
    systemIntegrityProtection Property Map
    tripwire Property Map
    type String
    updated String
    version String
    vpatchVersion String
    whitelistedOsUsers Property Map

    Supporting Types

    FunctionRuntimePolicyAllowedExecutable, FunctionRuntimePolicyAllowedExecutableArgs

    AllowExecutables List<string>
    List of allowed executables.
    AllowRootExecutables List<string>
    List of allowed root executables.
    Enabled bool
    Whether allowed executables configuration is enabled.
    SeparateExecutables bool
    Whether to treat executables separately.
    AllowExecutables []string
    List of allowed executables.
    AllowRootExecutables []string
    List of allowed root executables.
    Enabled bool
    Whether allowed executables configuration is enabled.
    SeparateExecutables bool
    Whether to treat executables separately.
    allowExecutables List<String>
    List of allowed executables.
    allowRootExecutables List<String>
    List of allowed root executables.
    enabled Boolean
    Whether allowed executables configuration is enabled.
    separateExecutables Boolean
    Whether to treat executables separately.
    allowExecutables string[]
    List of allowed executables.
    allowRootExecutables string[]
    List of allowed root executables.
    enabled boolean
    Whether allowed executables configuration is enabled.
    separateExecutables boolean
    Whether to treat executables separately.
    allow_executables Sequence[str]
    List of allowed executables.
    allow_root_executables Sequence[str]
    List of allowed root executables.
    enabled bool
    Whether allowed executables configuration is enabled.
    separate_executables bool
    Whether to treat executables separately.
    allowExecutables List<String>
    List of allowed executables.
    allowRootExecutables List<String>
    List of allowed root executables.
    enabled Boolean
    Whether allowed executables configuration is enabled.
    separateExecutables Boolean
    Whether to treat executables separately.

    FunctionRuntimePolicyAllowedRegistry, FunctionRuntimePolicyAllowedRegistryArgs

    AllowedRegistries List<string>
    List of allowed registries.
    Enabled bool
    Whether allowed registries are enabled.
    AllowedRegistries []string
    List of allowed registries.
    Enabled bool
    Whether allowed registries are enabled.
    allowedRegistries List<String>
    List of allowed registries.
    enabled Boolean
    Whether allowed registries are enabled.
    allowedRegistries string[]
    List of allowed registries.
    enabled boolean
    Whether allowed registries are enabled.
    allowed_registries Sequence[str]
    List of allowed registries.
    enabled bool
    Whether allowed registries are enabled.
    allowedRegistries List<String>
    List of allowed registries.
    enabled Boolean
    Whether allowed registries are enabled.

    FunctionRuntimePolicyAuditing, FunctionRuntimePolicyAuditingArgs

    FunctionRuntimePolicyBlacklistedOsUsers, FunctionRuntimePolicyBlacklistedOsUsersArgs

    Enabled bool
    GroupBlackLists List<string>
    UserBlackLists List<string>
    enabled Boolean
    groupBlackLists List<String>
    userBlackLists List<String>
    enabled boolean
    groupBlackLists string[]
    userBlackLists string[]
    enabled bool
    group_black_lists Sequence[str]
    user_black_lists Sequence[str]
    enabled Boolean
    groupBlackLists List<String>
    userBlackLists List<String>

    FunctionRuntimePolicyBypassScope, FunctionRuntimePolicyBypassScopeArgs

    Enabled bool
    Whether bypassing the scope is enabled.
    Scopes List<Pulumiverse.Aquasec.Inputs.FunctionRuntimePolicyBypassScopeScope>
    Scope configuration.
    Enabled bool
    Whether bypassing the scope is enabled.
    Scopes []FunctionRuntimePolicyBypassScopeScope
    Scope configuration.
    enabled Boolean
    Whether bypassing the scope is enabled.
    scopes List<FunctionRuntimePolicyBypassScopeScope>
    Scope configuration.
    enabled boolean
    Whether bypassing the scope is enabled.
    scopes FunctionRuntimePolicyBypassScopeScope[]
    Scope configuration.
    enabled bool
    Whether bypassing the scope is enabled.
    scopes Sequence[FunctionRuntimePolicyBypassScopeScope]
    Scope configuration.
    enabled Boolean
    Whether bypassing the scope is enabled.
    scopes List<Property Map>
    Scope configuration.

    FunctionRuntimePolicyBypassScopeScope, FunctionRuntimePolicyBypassScopeScopeArgs

    Expression string
    Scope expression.
    Variables []FunctionRuntimePolicyBypassScopeScopeVariable
    List of variables in the scope.
    expression String
    Scope expression.
    variables List<FunctionRuntimePolicyBypassScopeScopeVariable>
    List of variables in the scope.
    expression string
    Scope expression.
    variables FunctionRuntimePolicyBypassScopeScopeVariable[]
    List of variables in the scope.
    expression str
    Scope expression.
    variables Sequence[FunctionRuntimePolicyBypassScopeScopeVariable]
    List of variables in the scope.
    expression String
    Scope expression.
    variables List<Property Map>
    List of variables in the scope.

    FunctionRuntimePolicyBypassScopeScopeVariable, FunctionRuntimePolicyBypassScopeScopeVariableArgs

    Attribute string
    Variable attribute.
    Value string
    Variable value.
    Attribute string
    Variable attribute.
    Value string
    Variable value.
    attribute String
    Variable attribute.
    value String
    Variable value.
    attribute string
    Variable attribute.
    value string
    Variable value.
    attribute str
    Variable attribute.
    value str
    Variable value.
    attribute String
    Variable attribute.
    value String
    Variable value.

    FunctionRuntimePolicyContainerExec, FunctionRuntimePolicyContainerExecArgs

    FunctionRuntimePolicyDriftPrevention, FunctionRuntimePolicyDriftPreventionArgs

    Enabled bool
    Whether drift prevention is enabled.
    ExecLockdown bool
    Whether to lockdown execution drift.
    ExecLockdownWhiteLists List<string>
    List of items in the execution lockdown white list.
    ImageLockdown bool
    Whether to lockdown image drift.
    Enabled bool
    Whether drift prevention is enabled.
    ExecLockdown bool
    Whether to lockdown execution drift.
    ExecLockdownWhiteLists []string
    List of items in the execution lockdown white list.
    ImageLockdown bool
    Whether to lockdown image drift.
    enabled Boolean
    Whether drift prevention is enabled.
    execLockdown Boolean
    Whether to lockdown execution drift.
    execLockdownWhiteLists List<String>
    List of items in the execution lockdown white list.
    imageLockdown Boolean
    Whether to lockdown image drift.
    enabled boolean
    Whether drift prevention is enabled.
    execLockdown boolean
    Whether to lockdown execution drift.
    execLockdownWhiteLists string[]
    List of items in the execution lockdown white list.
    imageLockdown boolean
    Whether to lockdown image drift.
    enabled bool
    Whether drift prevention is enabled.
    exec_lockdown bool
    Whether to lockdown execution drift.
    exec_lockdown_white_lists Sequence[str]
    List of items in the execution lockdown white list.
    image_lockdown bool
    Whether to lockdown image drift.
    enabled Boolean
    Whether drift prevention is enabled.
    execLockdown Boolean
    Whether to lockdown execution drift.
    execLockdownWhiteLists List<String>
    List of items in the execution lockdown white list.
    imageLockdown Boolean
    Whether to lockdown image drift.

    FunctionRuntimePolicyExecutableBlacklist, FunctionRuntimePolicyExecutableBlacklistArgs

    Enabled bool
    Whether the executable blacklist is enabled.
    Executables List<string>
    List of blacklisted executables.
    Enabled bool
    Whether the executable blacklist is enabled.
    Executables []string
    List of blacklisted executables.
    enabled Boolean
    Whether the executable blacklist is enabled.
    executables List<String>
    List of blacklisted executables.
    enabled boolean
    Whether the executable blacklist is enabled.
    executables string[]
    List of blacklisted executables.
    enabled bool
    Whether the executable blacklist is enabled.
    executables Sequence[str]
    List of blacklisted executables.
    enabled Boolean
    Whether the executable blacklist is enabled.
    executables List<String>
    List of blacklisted executables.

    FunctionRuntimePolicyFailedKubernetesChecks, FunctionRuntimePolicyFailedKubernetesChecksArgs

    Enabled bool
    FailedChecks List<string>
    Enabled bool
    FailedChecks []string
    enabled Boolean
    failedChecks List<String>
    enabled boolean
    failedChecks string[]
    enabled bool
    failed_checks Sequence[str]
    enabled Boolean
    failedChecks List<String>

    FunctionRuntimePolicyFileBlock, FunctionRuntimePolicyFileBlockArgs

    FunctionRuntimePolicyFileIntegrityMonitoring, FunctionRuntimePolicyFileIntegrityMonitoringArgs

    Enabled bool
    If true, file integrity monitoring is enabled.
    ExceptionalMonitoredFiles List<string>
    List of paths to be excluded from monitoring.
    ExceptionalMonitoredFilesProcesses List<string>
    List of processes to be excluded from monitoring.
    ExceptionalMonitoredFilesUsers List<string>
    List of users to be excluded from monitoring.
    MonitoredFiles List<string>
    List of paths to be monitored.
    MonitoredFilesAttributes bool
    Whether to monitor file attribute operations.
    MonitoredFilesCreate bool
    Whether to monitor file create operations.
    MonitoredFilesDelete bool
    Whether to monitor file delete operations.
    MonitoredFilesModify bool
    Whether to monitor file modify operations.
    MonitoredFilesProcesses List<string>
    List of processes associated with monitored files.
    MonitoredFilesRead bool
    Whether to monitor file read operations.
    MonitoredFilesUsers List<string>
    List of users associated with monitored files.
    Enabled bool
    If true, file integrity monitoring is enabled.
    ExceptionalMonitoredFiles []string
    List of paths to be excluded from monitoring.
    ExceptionalMonitoredFilesProcesses []string
    List of processes to be excluded from monitoring.
    ExceptionalMonitoredFilesUsers []string
    List of users to be excluded from monitoring.
    MonitoredFiles []string
    List of paths to be monitored.
    MonitoredFilesAttributes bool
    Whether to monitor file attribute operations.
    MonitoredFilesCreate bool
    Whether to monitor file create operations.
    MonitoredFilesDelete bool
    Whether to monitor file delete operations.
    MonitoredFilesModify bool
    Whether to monitor file modify operations.
    MonitoredFilesProcesses []string
    List of processes associated with monitored files.
    MonitoredFilesRead bool
    Whether to monitor file read operations.
    MonitoredFilesUsers []string
    List of users associated with monitored files.
    enabled Boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles List<String>
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses List<String>
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers List<String>
    List of users to be excluded from monitoring.
    monitoredFiles List<String>
    List of paths to be monitored.
    monitoredFilesAttributes Boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate Boolean
    Whether to monitor file create operations.
    monitoredFilesDelete Boolean
    Whether to monitor file delete operations.
    monitoredFilesModify Boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses List<String>
    List of processes associated with monitored files.
    monitoredFilesRead Boolean
    Whether to monitor file read operations.
    monitoredFilesUsers List<String>
    List of users associated with monitored files.
    enabled boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles string[]
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses string[]
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers string[]
    List of users to be excluded from monitoring.
    monitoredFiles string[]
    List of paths to be monitored.
    monitoredFilesAttributes boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate boolean
    Whether to monitor file create operations.
    monitoredFilesDelete boolean
    Whether to monitor file delete operations.
    monitoredFilesModify boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses string[]
    List of processes associated with monitored files.
    monitoredFilesRead boolean
    Whether to monitor file read operations.
    monitoredFilesUsers string[]
    List of users associated with monitored files.
    enabled bool
    If true, file integrity monitoring is enabled.
    exceptional_monitored_files Sequence[str]
    List of paths to be excluded from monitoring.
    exceptional_monitored_files_processes Sequence[str]
    List of processes to be excluded from monitoring.
    exceptional_monitored_files_users Sequence[str]
    List of users to be excluded from monitoring.
    monitored_files Sequence[str]
    List of paths to be monitored.
    monitored_files_attributes bool
    Whether to monitor file attribute operations.
    monitored_files_create bool
    Whether to monitor file create operations.
    monitored_files_delete bool
    Whether to monitor file delete operations.
    monitored_files_modify bool
    Whether to monitor file modify operations.
    monitored_files_processes Sequence[str]
    List of processes associated with monitored files.
    monitored_files_read bool
    Whether to monitor file read operations.
    monitored_files_users Sequence[str]
    List of users associated with monitored files.
    enabled Boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles List<String>
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses List<String>
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers List<String>
    List of users to be excluded from monitoring.
    monitoredFiles List<String>
    List of paths to be monitored.
    monitoredFilesAttributes Boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate Boolean
    Whether to monitor file create operations.
    monitoredFilesDelete Boolean
    Whether to monitor file delete operations.
    monitoredFilesModify Boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses List<String>
    List of processes associated with monitored files.
    monitoredFilesRead Boolean
    Whether to monitor file read operations.
    monitoredFilesUsers List<String>
    List of users associated with monitored files.

    FunctionRuntimePolicyLimitContainerPrivilege, FunctionRuntimePolicyLimitContainerPrivilegeArgs

    BlockAddCapabilities bool
    Whether to block adding capabilities.
    Enabled bool
    Whether container privilege limitations are enabled.
    Ipcmode bool
    Whether to limit IPC-related capabilities.
    Netmode bool
    Whether to limit network-related capabilities.
    Pidmode bool
    Whether to limit process-related capabilities.
    PreventLowPortBinding bool
    Whether to prevent low port binding.
    PreventRootUser bool
    Whether to prevent the use of the root user.
    Privileged bool
    Whether the container is run in privileged mode.
    UseHostUser bool
    Whether to use the host user.
    Usermode bool
    Whether to limit user-related capabilities.
    Utsmode bool
    Whether to limit UTS-related capabilities.
    BlockAddCapabilities bool
    Whether to block adding capabilities.
    Enabled bool
    Whether container privilege limitations are enabled.
    Ipcmode bool
    Whether to limit IPC-related capabilities.
    Netmode bool
    Whether to limit network-related capabilities.
    Pidmode bool
    Whether to limit process-related capabilities.
    PreventLowPortBinding bool
    Whether to prevent low port binding.
    PreventRootUser bool
    Whether to prevent the use of the root user.
    Privileged bool
    Whether the container is run in privileged mode.
    UseHostUser bool
    Whether to use the host user.
    Usermode bool
    Whether to limit user-related capabilities.
    Utsmode bool
    Whether to limit UTS-related capabilities.
    blockAddCapabilities Boolean
    Whether to block adding capabilities.
    enabled Boolean
    Whether container privilege limitations are enabled.
    ipcmode Boolean
    Whether to limit IPC-related capabilities.
    netmode Boolean
    Whether to limit network-related capabilities.
    pidmode Boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding Boolean
    Whether to prevent low port binding.
    preventRootUser Boolean
    Whether to prevent the use of the root user.
    privileged Boolean
    Whether the container is run in privileged mode.
    useHostUser Boolean
    Whether to use the host user.
    usermode Boolean
    Whether to limit user-related capabilities.
    utsmode Boolean
    Whether to limit UTS-related capabilities.
    blockAddCapabilities boolean
    Whether to block adding capabilities.
    enabled boolean
    Whether container privilege limitations are enabled.
    ipcmode boolean
    Whether to limit IPC-related capabilities.
    netmode boolean
    Whether to limit network-related capabilities.
    pidmode boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding boolean
    Whether to prevent low port binding.
    preventRootUser boolean
    Whether to prevent the use of the root user.
    privileged boolean
    Whether the container is run in privileged mode.
    useHostUser boolean
    Whether to use the host user.
    usermode boolean
    Whether to limit user-related capabilities.
    utsmode boolean
    Whether to limit UTS-related capabilities.
    block_add_capabilities bool
    Whether to block adding capabilities.
    enabled bool
    Whether container privilege limitations are enabled.
    ipcmode bool
    Whether to limit IPC-related capabilities.
    netmode bool
    Whether to limit network-related capabilities.
    pidmode bool
    Whether to limit process-related capabilities.
    prevent_low_port_binding bool
    Whether to prevent low port binding.
    prevent_root_user bool
    Whether to prevent the use of the root user.
    privileged bool
    Whether the container is run in privileged mode.
    use_host_user bool
    Whether to use the host user.
    usermode bool
    Whether to limit user-related capabilities.
    utsmode bool
    Whether to limit UTS-related capabilities.
    blockAddCapabilities Boolean
    Whether to block adding capabilities.
    enabled Boolean
    Whether container privilege limitations are enabled.
    ipcmode Boolean
    Whether to limit IPC-related capabilities.
    netmode Boolean
    Whether to limit network-related capabilities.
    pidmode Boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding Boolean
    Whether to prevent low port binding.
    preventRootUser Boolean
    Whether to prevent the use of the root user.
    privileged Boolean
    Whether the container is run in privileged mode.
    useHostUser Boolean
    Whether to use the host user.
    usermode Boolean
    Whether to limit user-related capabilities.
    utsmode Boolean
    Whether to limit UTS-related capabilities.

    FunctionRuntimePolicyLinuxCapabilities, FunctionRuntimePolicyLinuxCapabilitiesArgs

    enabled Boolean
    removeLinuxCapabilities List<String>
    enabled Boolean
    removeLinuxCapabilities List<String>

    FunctionRuntimePolicyMalwareScanOptions, FunctionRuntimePolicyMalwareScanOptionsArgs

    Action string
    Set Action, Defaults to 'Alert' when empty
    Enabled bool
    Defines if enabled or not
    ExcludeDirectories List<string>
    List of registry paths to be excluded from being protected.
    ExcludeProcesses List<string>
    List of registry processes to be excluded from being protected.
    IncludeDirectories List<string>
    List of registry paths to be excluded from being protected.
    Action string
    Set Action, Defaults to 'Alert' when empty
    Enabled bool
    Defines if enabled or not
    ExcludeDirectories []string
    List of registry paths to be excluded from being protected.
    ExcludeProcesses []string
    List of registry processes to be excluded from being protected.
    IncludeDirectories []string
    List of registry paths to be excluded from being protected.
    action String
    Set Action, Defaults to 'Alert' when empty
    enabled Boolean
    Defines if enabled or not
    excludeDirectories List<String>
    List of registry paths to be excluded from being protected.
    excludeProcesses List<String>
    List of registry processes to be excluded from being protected.
    includeDirectories List<String>
    List of registry paths to be excluded from being protected.
    action string
    Set Action, Defaults to 'Alert' when empty
    enabled boolean
    Defines if enabled or not
    excludeDirectories string[]
    List of registry paths to be excluded from being protected.
    excludeProcesses string[]
    List of registry processes to be excluded from being protected.
    includeDirectories string[]
    List of registry paths to be excluded from being protected.
    action str
    Set Action, Defaults to 'Alert' when empty
    enabled bool
    Defines if enabled or not
    exclude_directories Sequence[str]
    List of registry paths to be excluded from being protected.
    exclude_processes Sequence[str]
    List of registry processes to be excluded from being protected.
    include_directories Sequence[str]
    List of registry paths to be excluded from being protected.
    action String
    Set Action, Defaults to 'Alert' when empty
    enabled Boolean
    Defines if enabled or not
    excludeDirectories List<String>
    List of registry paths to be excluded from being protected.
    excludeProcesses List<String>
    List of registry processes to be excluded from being protected.
    includeDirectories List<String>
    List of registry paths to be excluded from being protected.

    FunctionRuntimePolicyPackageBlock, FunctionRuntimePolicyPackageBlockArgs

    FunctionRuntimePolicyPortBlock, FunctionRuntimePolicyPortBlockArgs

    BlockInboundPorts List<string>
    BlockOutboundPorts List<string>
    Enabled bool
    blockInboundPorts List<String>
    blockOutboundPorts List<String>
    enabled Boolean
    block_inbound_ports Sequence[str]
    block_outbound_ports Sequence[str]
    enabled bool
    blockInboundPorts List<String>
    blockOutboundPorts List<String>
    enabled Boolean

    FunctionRuntimePolicyReadonlyFiles, FunctionRuntimePolicyReadonlyFilesArgs

    FunctionRuntimePolicyReadonlyRegistry, FunctionRuntimePolicyReadonlyRegistryArgs

    FunctionRuntimePolicyRegistryAccessMonitoring, FunctionRuntimePolicyRegistryAccessMonitoringArgs

    FunctionRuntimePolicyRestrictedVolume, FunctionRuntimePolicyRestrictedVolumeArgs

    Enabled bool
    Whether restricted volumes are enabled.
    Volumes List<string>
    List of restricted volumes.
    Enabled bool
    Whether restricted volumes are enabled.
    Volumes []string
    List of restricted volumes.
    enabled Boolean
    Whether restricted volumes are enabled.
    volumes List<String>
    List of restricted volumes.
    enabled boolean
    Whether restricted volumes are enabled.
    volumes string[]
    List of restricted volumes.
    enabled bool
    Whether restricted volumes are enabled.
    volumes Sequence[str]
    List of restricted volumes.
    enabled Boolean
    Whether restricted volumes are enabled.
    volumes List<String>
    List of restricted volumes.

    FunctionRuntimePolicyReverseShell, FunctionRuntimePolicyReverseShellArgs

    FunctionRuntimePolicyScope, FunctionRuntimePolicyScopeArgs

    Expression string
    Scope expression.
    Variables []FunctionRuntimePolicyScopeVariable
    List of variables in the scope.
    expression String
    Scope expression.
    variables List<FunctionRuntimePolicyScopeVariable>
    List of variables in the scope.
    expression string
    Scope expression.
    variables FunctionRuntimePolicyScopeVariable[]
    List of variables in the scope.
    expression str
    Scope expression.
    variables Sequence[FunctionRuntimePolicyScopeVariable]
    List of variables in the scope.
    expression String
    Scope expression.
    variables List<Property Map>
    List of variables in the scope.

    FunctionRuntimePolicyScopeVariable, FunctionRuntimePolicyScopeVariableArgs

    Attribute string
    Class of supported scope.
    Value string
    Value assigned to the attribute.
    Name string
    Name assigned to the attribute.
    Attribute string
    Class of supported scope.
    Value string
    Value assigned to the attribute.
    Name string
    Name assigned to the attribute.
    attribute String
    Class of supported scope.
    value String
    Value assigned to the attribute.
    name String
    Name assigned to the attribute.
    attribute string
    Class of supported scope.
    value string
    Value assigned to the attribute.
    name string
    Name assigned to the attribute.
    attribute str
    Class of supported scope.
    value str
    Value assigned to the attribute.
    name str
    Name assigned to the attribute.
    attribute String
    Class of supported scope.
    value String
    Value assigned to the attribute.
    name String
    Name assigned to the attribute.

    FunctionRuntimePolicySystemIntegrityProtection, FunctionRuntimePolicySystemIntegrityProtectionArgs

    FunctionRuntimePolicyTripwire, FunctionRuntimePolicyTripwireArgs

    ApplyOns List<string>
    Enabled bool
    ServerlessApp string
    UserId string
    UserPassword string
    ApplyOns []string
    Enabled bool
    ServerlessApp string
    UserId string
    UserPassword string
    applyOns List<String>
    enabled Boolean
    serverlessApp String
    userId String
    userPassword String
    applyOns string[]
    enabled boolean
    serverlessApp string
    userId string
    userPassword string
    applyOns List<String>
    enabled Boolean
    serverlessApp String
    userId String
    userPassword String

    FunctionRuntimePolicyWhitelistedOsUsers, FunctionRuntimePolicyWhitelistedOsUsersArgs

    Enabled bool
    GroupWhiteLists List<string>
    UserWhiteLists List<string>
    enabled Boolean
    groupWhiteLists List<String>
    userWhiteLists List<String>
    enabled boolean
    groupWhiteLists string[]
    userWhiteLists string[]
    enabled bool
    group_white_lists Sequence[str]
    user_white_lists Sequence[str]
    enabled Boolean
    groupWhiteLists List<String>
    userWhiteLists List<String>

    Package Details

    Repository
    aquasec pulumiverse/pulumi-aquasec
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aquasec Terraform Provider.
    aquasec logo
    Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse