1. Packages
  2. Aquasec
  3. API Docs
  4. getContainerRuntimePolicy
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

aquasec.getContainerRuntimePolicy

Explore with Pulumi AI

aquasec logo
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aquasec from "@pulumi/aquasec";
    
    const containerRuntimePolicy = aquasec.getContainerRuntimePolicy({
        name: "FunctionRuntimePolicyName",
    });
    export const containerRuntimePolicyDetails = containerRuntimePolicy;
    
    import pulumi
    import pulumi_aquasec as aquasec
    
    container_runtime_policy = aquasec.get_container_runtime_policy(name="FunctionRuntimePolicyName")
    pulumi.export("containerRuntimePolicyDetails", container_runtime_policy)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		containerRuntimePolicy, err := aquasec.LookupContainerRuntimePolicy(ctx, &aquasec.LookupContainerRuntimePolicyArgs{
    			Name: "FunctionRuntimePolicyName",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("containerRuntimePolicyDetails", containerRuntimePolicy)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aquasec = Pulumi.Aquasec;
    
    return await Deployment.RunAsync(() => 
    {
        var containerRuntimePolicy = Aquasec.GetContainerRuntimePolicy.Invoke(new()
        {
            Name = "FunctionRuntimePolicyName",
        });
    
        return new Dictionary<string, object?>
        {
            ["containerRuntimePolicyDetails"] = containerRuntimePolicy,
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aquasec.AquasecFunctions;
    import com.pulumi.aquasec.inputs.GetContainerRuntimePolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var containerRuntimePolicy = AquasecFunctions.getContainerRuntimePolicy(GetContainerRuntimePolicyArgs.builder()
                .name("FunctionRuntimePolicyName")
                .build());
    
            ctx.export("containerRuntimePolicyDetails", containerRuntimePolicy.applyValue(getContainerRuntimePolicyResult -> getContainerRuntimePolicyResult));
        }
    }
    
    variables:
      containerRuntimePolicy:
        fn::invoke:
          Function: aquasec:getContainerRuntimePolicy
          Arguments:
            name: FunctionRuntimePolicyName
    outputs:
      containerRuntimePolicyDetails: ${containerRuntimePolicy}
    

    Using getContainerRuntimePolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getContainerRuntimePolicy(args: GetContainerRuntimePolicyArgs, opts?: InvokeOptions): Promise<GetContainerRuntimePolicyResult>
    function getContainerRuntimePolicyOutput(args: GetContainerRuntimePolicyOutputArgs, opts?: InvokeOptions): Output<GetContainerRuntimePolicyResult>
    def get_container_runtime_policy(allowed_executables: Optional[Sequence[GetContainerRuntimePolicyAllowedExecutable]] = None,
                                     allowed_registries: Optional[Sequence[GetContainerRuntimePolicyAllowedRegistry]] = None,
                                     auditing: Optional[GetContainerRuntimePolicyAuditing] = None,
                                     container_exec: Optional[GetContainerRuntimePolicyContainerExec] = None,
                                     file_block: Optional[GetContainerRuntimePolicyFileBlock] = None,
                                     file_integrity_monitorings: Optional[Sequence[GetContainerRuntimePolicyFileIntegrityMonitoring]] = None,
                                     limit_container_privileges: Optional[Sequence[GetContainerRuntimePolicyLimitContainerPrivilege]] = None,
                                     malware_scan_options: Optional[Sequence[GetContainerRuntimePolicyMalwareScanOption]] = None,
                                     name: Optional[str] = None,
                                     port_block: Optional[GetContainerRuntimePolicyPortBlock] = None,
                                     readonly_files: Optional[GetContainerRuntimePolicyReadonlyFiles] = None,
                                     restricted_volumes: Optional[Sequence[GetContainerRuntimePolicyRestrictedVolume]] = None,
                                     opts: Optional[InvokeOptions] = None) -> GetContainerRuntimePolicyResult
    def get_container_runtime_policy_output(allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[GetContainerRuntimePolicyAllowedExecutableArgs]]]] = None,
                                     allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[GetContainerRuntimePolicyAllowedRegistryArgs]]]] = None,
                                     auditing: Optional[pulumi.Input[GetContainerRuntimePolicyAuditingArgs]] = None,
                                     container_exec: Optional[pulumi.Input[GetContainerRuntimePolicyContainerExecArgs]] = None,
                                     file_block: Optional[pulumi.Input[GetContainerRuntimePolicyFileBlockArgs]] = None,
                                     file_integrity_monitorings: Optional[pulumi.Input[Sequence[pulumi.Input[GetContainerRuntimePolicyFileIntegrityMonitoringArgs]]]] = None,
                                     limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[GetContainerRuntimePolicyLimitContainerPrivilegeArgs]]]] = None,
                                     malware_scan_options: Optional[pulumi.Input[Sequence[pulumi.Input[GetContainerRuntimePolicyMalwareScanOptionArgs]]]] = None,
                                     name: Optional[pulumi.Input[str]] = None,
                                     port_block: Optional[pulumi.Input[GetContainerRuntimePolicyPortBlockArgs]] = None,
                                     readonly_files: Optional[pulumi.Input[GetContainerRuntimePolicyReadonlyFilesArgs]] = None,
                                     restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[GetContainerRuntimePolicyRestrictedVolumeArgs]]]] = None,
                                     opts: Optional[InvokeOptions] = None) -> Output[GetContainerRuntimePolicyResult]
    func LookupContainerRuntimePolicy(ctx *Context, args *LookupContainerRuntimePolicyArgs, opts ...InvokeOption) (*LookupContainerRuntimePolicyResult, error)
    func LookupContainerRuntimePolicyOutput(ctx *Context, args *LookupContainerRuntimePolicyOutputArgs, opts ...InvokeOption) LookupContainerRuntimePolicyResultOutput

    > Note: This function is named LookupContainerRuntimePolicy in the Go SDK.

    public static class GetContainerRuntimePolicy 
    {
        public static Task<GetContainerRuntimePolicyResult> InvokeAsync(GetContainerRuntimePolicyArgs args, InvokeOptions? opts = null)
        public static Output<GetContainerRuntimePolicyResult> Invoke(GetContainerRuntimePolicyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetContainerRuntimePolicyResult> getContainerRuntimePolicy(GetContainerRuntimePolicyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aquasec:index/getContainerRuntimePolicy:getContainerRuntimePolicy
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Name string
    Name of the container runtime policy
    AllowedExecutables List<Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    AllowedRegistries List<Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyAllowedRegistry>
    Allowed registries configuration.
    Auditing Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyAuditing
    ContainerExec Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyContainerExec
    FileBlock Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyFileBlock
    FileIntegrityMonitorings List<Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyFileIntegrityMonitoring>
    Configuration for file integrity monitoring.
    LimitContainerPrivileges List<Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    MalwareScanOptions List<Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyMalwareScanOption>
    Configuration for Real-Time Malware Protection.
    PortBlock Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyPortBlock
    ReadonlyFiles Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyReadonlyFiles
    RestrictedVolumes List<Pulumiverse.Aquasec.Inputs.GetContainerRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    Name string
    Name of the container runtime policy
    AllowedExecutables []GetContainerRuntimePolicyAllowedExecutable
    Allowed executables configuration.
    AllowedRegistries []GetContainerRuntimePolicyAllowedRegistry
    Allowed registries configuration.
    Auditing GetContainerRuntimePolicyAuditing
    ContainerExec GetContainerRuntimePolicyContainerExec
    FileBlock GetContainerRuntimePolicyFileBlock
    FileIntegrityMonitorings []GetContainerRuntimePolicyFileIntegrityMonitoring
    Configuration for file integrity monitoring.
    LimitContainerPrivileges []GetContainerRuntimePolicyLimitContainerPrivilege
    Container privileges configuration.
    MalwareScanOptions []GetContainerRuntimePolicyMalwareScanOption
    Configuration for Real-Time Malware Protection.
    PortBlock GetContainerRuntimePolicyPortBlock
    ReadonlyFiles GetContainerRuntimePolicyReadonlyFiles
    RestrictedVolumes []GetContainerRuntimePolicyRestrictedVolume
    Restricted volumes configuration.
    name String
    Name of the container runtime policy
    allowedExecutables List<GetContainerRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    allowedRegistries List<GetContainerRuntimePolicyAllowedRegistry>
    Allowed registries configuration.
    auditing GetContainerRuntimePolicyAuditing
    containerExec GetContainerRuntimePolicyContainerExec
    fileBlock GetContainerRuntimePolicyFileBlock
    fileIntegrityMonitorings List<GetContainerRuntimePolicyFileIntegrityMonitoring>
    Configuration for file integrity monitoring.
    limitContainerPrivileges List<GetContainerRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    malwareScanOptions List<GetContainerRuntimePolicyMalwareScanOption>
    Configuration for Real-Time Malware Protection.
    portBlock GetContainerRuntimePolicyPortBlock
    readonlyFiles GetContainerRuntimePolicyReadonlyFiles
    restrictedVolumes List<GetContainerRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    name string
    Name of the container runtime policy
    allowedExecutables GetContainerRuntimePolicyAllowedExecutable[]
    Allowed executables configuration.
    allowedRegistries GetContainerRuntimePolicyAllowedRegistry[]
    Allowed registries configuration.
    auditing GetContainerRuntimePolicyAuditing
    containerExec GetContainerRuntimePolicyContainerExec
    fileBlock GetContainerRuntimePolicyFileBlock
    fileIntegrityMonitorings GetContainerRuntimePolicyFileIntegrityMonitoring[]
    Configuration for file integrity monitoring.
    limitContainerPrivileges GetContainerRuntimePolicyLimitContainerPrivilege[]
    Container privileges configuration.
    malwareScanOptions GetContainerRuntimePolicyMalwareScanOption[]
    Configuration for Real-Time Malware Protection.
    portBlock GetContainerRuntimePolicyPortBlock
    readonlyFiles GetContainerRuntimePolicyReadonlyFiles
    restrictedVolumes GetContainerRuntimePolicyRestrictedVolume[]
    Restricted volumes configuration.
    name str
    Name of the container runtime policy
    allowed_executables Sequence[GetContainerRuntimePolicyAllowedExecutable]
    Allowed executables configuration.
    allowed_registries Sequence[GetContainerRuntimePolicyAllowedRegistry]
    Allowed registries configuration.
    auditing GetContainerRuntimePolicyAuditing
    container_exec GetContainerRuntimePolicyContainerExec
    file_block GetContainerRuntimePolicyFileBlock
    file_integrity_monitorings Sequence[GetContainerRuntimePolicyFileIntegrityMonitoring]
    Configuration for file integrity monitoring.
    limit_container_privileges Sequence[GetContainerRuntimePolicyLimitContainerPrivilege]
    Container privileges configuration.
    malware_scan_options Sequence[GetContainerRuntimePolicyMalwareScanOption]
    Configuration for Real-Time Malware Protection.
    port_block GetContainerRuntimePolicyPortBlock
    readonly_files GetContainerRuntimePolicyReadonlyFiles
    restricted_volumes Sequence[GetContainerRuntimePolicyRestrictedVolume]
    Restricted volumes configuration.
    name String
    Name of the container runtime policy
    allowedExecutables List<Property Map>
    Allowed executables configuration.
    allowedRegistries List<Property Map>
    Allowed registries configuration.
    auditing Property Map
    containerExec Property Map
    fileBlock Property Map
    fileIntegrityMonitorings List<Property Map>
    Configuration for file integrity monitoring.
    limitContainerPrivileges List<Property Map>
    Container privileges configuration.
    malwareScanOptions List<Property Map>
    Configuration for Real-Time Malware Protection.
    portBlock Property Map
    readonlyFiles Property Map
    restrictedVolumes List<Property Map>
    Restricted volumes configuration.

    getContainerRuntimePolicy Result

    The following output properties are available:

    ApplicationScopes List<string>
    Indicates the application scope of the service.
    AuditAllNetworkActivity bool
    If true, all network activity will be audited.
    AuditAllProcessesActivity bool
    If true, all process activity will be audited.
    AuditFullCommandArguments bool
    If true, full command arguments will be audited.
    Author string
    Username of the account that created the service.
    BlockAccessHostNetwork bool
    If true, prevent containers from running with access to host network.
    BlockAddingCapabilities bool
    If true, prevent containers from running with adding capabilities with --cap-add privilege.
    BlockContainerExec bool
    If true, exec into a container is prevented.
    BlockCryptocurrencyMining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    BlockFilelessExec bool
    Detect and prevent running in-memory execution
    BlockLowPortBinding bool
    If true, prevent containers from running with the capability to bind in port lower than 1024.
    BlockNonCompliantImages bool
    If true, running non-compliant image in the container is prevented.
    BlockNonCompliantWorkloads bool
    If true, running containers in non-compliant pods is prevented.
    BlockNonK8sContainers bool
    If true, running non-kubernetes containers is prevented.
    BlockPrivilegedContainers bool
    If true, prevent containers from running with privileged container capability.
    BlockReverseShell bool
    If true, reverse shell is prevented.
    BlockRootUser bool
    If true, prevent containers from running with root user.
    BlockUnregisteredImages bool
    If true, running images in the container that are not registered in Aqua is prevented.
    BlockUseIpcNamespace bool
    If true, prevent containers from running with the privilege to use the IPC namespace.
    BlockUsePidNamespace bool
    If true, prevent containers from running with the privilege to use the PID namespace.
    BlockUseUserNamespace bool
    If true, prevent containers from running with the privilege to use the user namespace.
    BlockUseUtsNamespace bool
    If true, prevent containers from running with the privilege to use the UTS namespace.
    BlockedCapabilities List<string>
    If true, prevents containers from using specific Unix capabilities.
    BlockedExecutables List<string>
    List of executables that are prevented from running in containers.
    BlockedFiles List<string>
    List of files that are prevented from being read, modified and executed in the containers.
    BlockedInboundPorts List<string>
    List of blocked inbound ports.
    BlockedOutboundPorts List<string>
    List of blocked outbound ports.
    BlockedPackages List<string>
    Prevent containers from reading, writing, or executing all files in the list of packages.
    BlockedVolumes List<string>
    List of volumes that are prevented from being mounted in the containers.
    ContainerExecAllowedProcesses List<string>
    List of processes that will be allowed.
    Description string
    The description of the container runtime policy
    EnableDriftPrevention bool
    If true, executables that are not in the original image is prevented from running.
    EnableForkGuard bool
    If true, fork bombs are prevented in the containers.
    EnableIpReputationSecurity bool
    If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
    EnablePortScanDetection bool
    If true, detects port scanning behavior in the container.
    Enabled bool
    Indicates if the runtime policy is enabled or not.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    ExceptionalReadonlyFilesAndDirectories List<string>
    List of files and directories to be excluded from the read-only list.
    ExecLockdownWhiteLists List<string>
    Specify processes that will be allowed
    ForkGuardProcessLimit int
    Process limit for the fork guard.
    Id string
    The provider-assigned unique ID for this managed resource.
    LimitNewPrivileges bool
    If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)
    MonitorSystemTimeChanges bool
    If true, system time changes will be monitored.
    Name string
    Name of the container runtime policy
    ReadonlyFilesAndDirectories List<string>
    List of files and directories to be restricted as read-only
    ReverseShellAllowedIps List<string>
    List of IPs/ CIDRs that will be allowed
    ReverseShellAllowedProcesses List<string>
    List of processes that will be allowed
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables List<Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyScopeVariable>
    List of scope attributes.
    AllowedExecutables List<Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    AllowedRegistries List<Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyAllowedRegistry>
    Allowed registries configuration.
    Auditing Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyAuditing
    ContainerExec Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyContainerExec
    FileBlock Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyFileBlock
    FileIntegrityMonitorings List<Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyFileIntegrityMonitoring>
    Configuration for file integrity monitoring.
    LimitContainerPrivileges List<Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    MalwareScanOptions List<Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyMalwareScanOption>
    Configuration for Real-Time Malware Protection.
    PortBlock Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyPortBlock
    ReadonlyFiles Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyReadonlyFiles
    RestrictedVolumes List<Pulumiverse.Aquasec.Outputs.GetContainerRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    ApplicationScopes []string
    Indicates the application scope of the service.
    AuditAllNetworkActivity bool
    If true, all network activity will be audited.
    AuditAllProcessesActivity bool
    If true, all process activity will be audited.
    AuditFullCommandArguments bool
    If true, full command arguments will be audited.
    Author string
    Username of the account that created the service.
    BlockAccessHostNetwork bool
    If true, prevent containers from running with access to host network.
    BlockAddingCapabilities bool
    If true, prevent containers from running with adding capabilities with --cap-add privilege.
    BlockContainerExec bool
    If true, exec into a container is prevented.
    BlockCryptocurrencyMining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    BlockFilelessExec bool
    Detect and prevent running in-memory execution
    BlockLowPortBinding bool
    If true, prevent containers from running with the capability to bind in port lower than 1024.
    BlockNonCompliantImages bool
    If true, running non-compliant image in the container is prevented.
    BlockNonCompliantWorkloads bool
    If true, running containers in non-compliant pods is prevented.
    BlockNonK8sContainers bool
    If true, running non-kubernetes containers is prevented.
    BlockPrivilegedContainers bool
    If true, prevent containers from running with privileged container capability.
    BlockReverseShell bool
    If true, reverse shell is prevented.
    BlockRootUser bool
    If true, prevent containers from running with root user.
    BlockUnregisteredImages bool
    If true, running images in the container that are not registered in Aqua is prevented.
    BlockUseIpcNamespace bool
    If true, prevent containers from running with the privilege to use the IPC namespace.
    BlockUsePidNamespace bool
    If true, prevent containers from running with the privilege to use the PID namespace.
    BlockUseUserNamespace bool
    If true, prevent containers from running with the privilege to use the user namespace.
    BlockUseUtsNamespace bool
    If true, prevent containers from running with the privilege to use the UTS namespace.
    BlockedCapabilities []string
    If true, prevents containers from using specific Unix capabilities.
    BlockedExecutables []string
    List of executables that are prevented from running in containers.
    BlockedFiles []string
    List of files that are prevented from being read, modified and executed in the containers.
    BlockedInboundPorts []string
    List of blocked inbound ports.
    BlockedOutboundPorts []string
    List of blocked outbound ports.
    BlockedPackages []string
    Prevent containers from reading, writing, or executing all files in the list of packages.
    BlockedVolumes []string
    List of volumes that are prevented from being mounted in the containers.
    ContainerExecAllowedProcesses []string
    List of processes that will be allowed.
    Description string
    The description of the container runtime policy
    EnableDriftPrevention bool
    If true, executables that are not in the original image is prevented from running.
    EnableForkGuard bool
    If true, fork bombs are prevented in the containers.
    EnableIpReputationSecurity bool
    If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
    EnablePortScanDetection bool
    If true, detects port scanning behavior in the container.
    Enabled bool
    Indicates if the runtime policy is enabled or not.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    ExceptionalReadonlyFilesAndDirectories []string
    List of files and directories to be excluded from the read-only list.
    ExecLockdownWhiteLists []string
    Specify processes that will be allowed
    ForkGuardProcessLimit int
    Process limit for the fork guard.
    Id string
    The provider-assigned unique ID for this managed resource.
    LimitNewPrivileges bool
    If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)
    MonitorSystemTimeChanges bool
    If true, system time changes will be monitored.
    Name string
    Name of the container runtime policy
    ReadonlyFilesAndDirectories []string
    List of files and directories to be restricted as read-only
    ReverseShellAllowedIps []string
    List of IPs/ CIDRs that will be allowed
    ReverseShellAllowedProcesses []string
    List of processes that will be allowed
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables []GetContainerRuntimePolicyScopeVariable
    List of scope attributes.
    AllowedExecutables []GetContainerRuntimePolicyAllowedExecutable
    Allowed executables configuration.
    AllowedRegistries []GetContainerRuntimePolicyAllowedRegistry
    Allowed registries configuration.
    Auditing GetContainerRuntimePolicyAuditing
    ContainerExec GetContainerRuntimePolicyContainerExec
    FileBlock GetContainerRuntimePolicyFileBlock
    FileIntegrityMonitorings []GetContainerRuntimePolicyFileIntegrityMonitoring
    Configuration for file integrity monitoring.
    LimitContainerPrivileges []GetContainerRuntimePolicyLimitContainerPrivilege
    Container privileges configuration.
    MalwareScanOptions []GetContainerRuntimePolicyMalwareScanOption
    Configuration for Real-Time Malware Protection.
    PortBlock GetContainerRuntimePolicyPortBlock
    ReadonlyFiles GetContainerRuntimePolicyReadonlyFiles
    RestrictedVolumes []GetContainerRuntimePolicyRestrictedVolume
    Restricted volumes configuration.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditAllNetworkActivity Boolean
    If true, all network activity will be audited.
    auditAllProcessesActivity Boolean
    If true, all process activity will be audited.
    auditFullCommandArguments Boolean
    If true, full command arguments will be audited.
    author String
    Username of the account that created the service.
    blockAccessHostNetwork Boolean
    If true, prevent containers from running with access to host network.
    blockAddingCapabilities Boolean
    If true, prevent containers from running with adding capabilities with --cap-add privilege.
    blockContainerExec Boolean
    If true, exec into a container is prevented.
    blockCryptocurrencyMining Boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockFilelessExec Boolean
    Detect and prevent running in-memory execution
    blockLowPortBinding Boolean
    If true, prevent containers from running with the capability to bind in port lower than 1024.
    blockNonCompliantImages Boolean
    If true, running non-compliant image in the container is prevented.
    blockNonCompliantWorkloads Boolean
    If true, running containers in non-compliant pods is prevented.
    blockNonK8sContainers Boolean
    If true, running non-kubernetes containers is prevented.
    blockPrivilegedContainers Boolean
    If true, prevent containers from running with privileged container capability.
    blockReverseShell Boolean
    If true, reverse shell is prevented.
    blockRootUser Boolean
    If true, prevent containers from running with root user.
    blockUnregisteredImages Boolean
    If true, running images in the container that are not registered in Aqua is prevented.
    blockUseIpcNamespace Boolean
    If true, prevent containers from running with the privilege to use the IPC namespace.
    blockUsePidNamespace Boolean
    If true, prevent containers from running with the privilege to use the PID namespace.
    blockUseUserNamespace Boolean
    If true, prevent containers from running with the privilege to use the user namespace.
    blockUseUtsNamespace Boolean
    If true, prevent containers from running with the privilege to use the UTS namespace.
    blockedCapabilities List<String>
    If true, prevents containers from using specific Unix capabilities.
    blockedExecutables List<String>
    List of executables that are prevented from running in containers.
    blockedFiles List<String>
    List of files that are prevented from being read, modified and executed in the containers.
    blockedInboundPorts List<String>
    List of blocked inbound ports.
    blockedOutboundPorts List<String>
    List of blocked outbound ports.
    blockedPackages List<String>
    Prevent containers from reading, writing, or executing all files in the list of packages.
    blockedVolumes List<String>
    List of volumes that are prevented from being mounted in the containers.
    containerExecAllowedProcesses List<String>
    List of processes that will be allowed.
    description String
    The description of the container runtime policy
    enableDriftPrevention Boolean
    If true, executables that are not in the original image is prevented from running.
    enableForkGuard Boolean
    If true, fork bombs are prevented in the containers.
    enableIpReputationSecurity Boolean
    If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
    enablePortScanDetection Boolean
    If true, detects port scanning behavior in the container.
    enabled Boolean
    Indicates if the runtime policy is enabled or not.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Integer
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    exceptionalReadonlyFilesAndDirectories List<String>
    List of files and directories to be excluded from the read-only list.
    execLockdownWhiteLists List<String>
    Specify processes that will be allowed
    forkGuardProcessLimit Integer
    Process limit for the fork guard.
    id String
    The provider-assigned unique ID for this managed resource.
    limitNewPrivileges Boolean
    If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)
    monitorSystemTimeChanges Boolean
    If true, system time changes will be monitored.
    name String
    Name of the container runtime policy
    readonlyFilesAndDirectories List<String>
    List of files and directories to be restricted as read-only
    reverseShellAllowedIps List<String>
    List of IPs/ CIDRs that will be allowed
    reverseShellAllowedProcesses List<String>
    List of processes that will be allowed
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<GetContainerRuntimePolicyScopeVariable>
    List of scope attributes.
    allowedExecutables List<GetContainerRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    allowedRegistries List<GetContainerRuntimePolicyAllowedRegistry>
    Allowed registries configuration.
    auditing GetContainerRuntimePolicyAuditing
    containerExec GetContainerRuntimePolicyContainerExec
    fileBlock GetContainerRuntimePolicyFileBlock
    fileIntegrityMonitorings List<GetContainerRuntimePolicyFileIntegrityMonitoring>
    Configuration for file integrity monitoring.
    limitContainerPrivileges List<GetContainerRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    malwareScanOptions List<GetContainerRuntimePolicyMalwareScanOption>
    Configuration for Real-Time Malware Protection.
    portBlock GetContainerRuntimePolicyPortBlock
    readonlyFiles GetContainerRuntimePolicyReadonlyFiles
    restrictedVolumes List<GetContainerRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    applicationScopes string[]
    Indicates the application scope of the service.
    auditAllNetworkActivity boolean
    If true, all network activity will be audited.
    auditAllProcessesActivity boolean
    If true, all process activity will be audited.
    auditFullCommandArguments boolean
    If true, full command arguments will be audited.
    author string
    Username of the account that created the service.
    blockAccessHostNetwork boolean
    If true, prevent containers from running with access to host network.
    blockAddingCapabilities boolean
    If true, prevent containers from running with adding capabilities with --cap-add privilege.
    blockContainerExec boolean
    If true, exec into a container is prevented.
    blockCryptocurrencyMining boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockFilelessExec boolean
    Detect and prevent running in-memory execution
    blockLowPortBinding boolean
    If true, prevent containers from running with the capability to bind in port lower than 1024.
    blockNonCompliantImages boolean
    If true, running non-compliant image in the container is prevented.
    blockNonCompliantWorkloads boolean
    If true, running containers in non-compliant pods is prevented.
    blockNonK8sContainers boolean
    If true, running non-kubernetes containers is prevented.
    blockPrivilegedContainers boolean
    If true, prevent containers from running with privileged container capability.
    blockReverseShell boolean
    If true, reverse shell is prevented.
    blockRootUser boolean
    If true, prevent containers from running with root user.
    blockUnregisteredImages boolean
    If true, running images in the container that are not registered in Aqua is prevented.
    blockUseIpcNamespace boolean
    If true, prevent containers from running with the privilege to use the IPC namespace.
    blockUsePidNamespace boolean
    If true, prevent containers from running with the privilege to use the PID namespace.
    blockUseUserNamespace boolean
    If true, prevent containers from running with the privilege to use the user namespace.
    blockUseUtsNamespace boolean
    If true, prevent containers from running with the privilege to use the UTS namespace.
    blockedCapabilities string[]
    If true, prevents containers from using specific Unix capabilities.
    blockedExecutables string[]
    List of executables that are prevented from running in containers.
    blockedFiles string[]
    List of files that are prevented from being read, modified and executed in the containers.
    blockedInboundPorts string[]
    List of blocked inbound ports.
    blockedOutboundPorts string[]
    List of blocked outbound ports.
    blockedPackages string[]
    Prevent containers from reading, writing, or executing all files in the list of packages.
    blockedVolumes string[]
    List of volumes that are prevented from being mounted in the containers.
    containerExecAllowedProcesses string[]
    List of processes that will be allowed.
    description string
    The description of the container runtime policy
    enableDriftPrevention boolean
    If true, executables that are not in the original image is prevented from running.
    enableForkGuard boolean
    If true, fork bombs are prevented in the containers.
    enableIpReputationSecurity boolean
    If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
    enablePortScanDetection boolean
    If true, detects port scanning behavior in the container.
    enabled boolean
    Indicates if the runtime policy is enabled or not.
    enforce boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    exceptionalReadonlyFilesAndDirectories string[]
    List of files and directories to be excluded from the read-only list.
    execLockdownWhiteLists string[]
    Specify processes that will be allowed
    forkGuardProcessLimit number
    Process limit for the fork guard.
    id string
    The provider-assigned unique ID for this managed resource.
    limitNewPrivileges boolean
    If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)
    monitorSystemTimeChanges boolean
    If true, system time changes will be monitored.
    name string
    Name of the container runtime policy
    readonlyFilesAndDirectories string[]
    List of files and directories to be restricted as read-only
    reverseShellAllowedIps string[]
    List of IPs/ CIDRs that will be allowed
    reverseShellAllowedProcesses string[]
    List of processes that will be allowed
    scopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables GetContainerRuntimePolicyScopeVariable[]
    List of scope attributes.
    allowedExecutables GetContainerRuntimePolicyAllowedExecutable[]
    Allowed executables configuration.
    allowedRegistries GetContainerRuntimePolicyAllowedRegistry[]
    Allowed registries configuration.
    auditing GetContainerRuntimePolicyAuditing
    containerExec GetContainerRuntimePolicyContainerExec
    fileBlock GetContainerRuntimePolicyFileBlock
    fileIntegrityMonitorings GetContainerRuntimePolicyFileIntegrityMonitoring[]
    Configuration for file integrity monitoring.
    limitContainerPrivileges GetContainerRuntimePolicyLimitContainerPrivilege[]
    Container privileges configuration.
    malwareScanOptions GetContainerRuntimePolicyMalwareScanOption[]
    Configuration for Real-Time Malware Protection.
    portBlock GetContainerRuntimePolicyPortBlock
    readonlyFiles GetContainerRuntimePolicyReadonlyFiles
    restrictedVolumes GetContainerRuntimePolicyRestrictedVolume[]
    Restricted volumes configuration.
    application_scopes Sequence[str]
    Indicates the application scope of the service.
    audit_all_network_activity bool
    If true, all network activity will be audited.
    audit_all_processes_activity bool
    If true, all process activity will be audited.
    audit_full_command_arguments bool
    If true, full command arguments will be audited.
    author str
    Username of the account that created the service.
    block_access_host_network bool
    If true, prevent containers from running with access to host network.
    block_adding_capabilities bool
    If true, prevent containers from running with adding capabilities with --cap-add privilege.
    block_container_exec bool
    If true, exec into a container is prevented.
    block_cryptocurrency_mining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    block_fileless_exec bool
    Detect and prevent running in-memory execution
    block_low_port_binding bool
    If true, prevent containers from running with the capability to bind in port lower than 1024.
    block_non_compliant_images bool
    If true, running non-compliant image in the container is prevented.
    block_non_compliant_workloads bool
    If true, running containers in non-compliant pods is prevented.
    block_non_k8s_containers bool
    If true, running non-kubernetes containers is prevented.
    block_privileged_containers bool
    If true, prevent containers from running with privileged container capability.
    block_reverse_shell bool
    If true, reverse shell is prevented.
    block_root_user bool
    If true, prevent containers from running with root user.
    block_unregistered_images bool
    If true, running images in the container that are not registered in Aqua is prevented.
    block_use_ipc_namespace bool
    If true, prevent containers from running with the privilege to use the IPC namespace.
    block_use_pid_namespace bool
    If true, prevent containers from running with the privilege to use the PID namespace.
    block_use_user_namespace bool
    If true, prevent containers from running with the privilege to use the user namespace.
    block_use_uts_namespace bool
    If true, prevent containers from running with the privilege to use the UTS namespace.
    blocked_capabilities Sequence[str]
    If true, prevents containers from using specific Unix capabilities.
    blocked_executables Sequence[str]
    List of executables that are prevented from running in containers.
    blocked_files Sequence[str]
    List of files that are prevented from being read, modified and executed in the containers.
    blocked_inbound_ports Sequence[str]
    List of blocked inbound ports.
    blocked_outbound_ports Sequence[str]
    List of blocked outbound ports.
    blocked_packages Sequence[str]
    Prevent containers from reading, writing, or executing all files in the list of packages.
    blocked_volumes Sequence[str]
    List of volumes that are prevented from being mounted in the containers.
    container_exec_allowed_processes Sequence[str]
    List of processes that will be allowed.
    description str
    The description of the container runtime policy
    enable_drift_prevention bool
    If true, executables that are not in the original image is prevented from running.
    enable_fork_guard bool
    If true, fork bombs are prevented in the containers.
    enable_ip_reputation_security bool
    If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
    enable_port_scan_detection bool
    If true, detects port scanning behavior in the container.
    enabled bool
    Indicates if the runtime policy is enabled or not.
    enforce bool
    Indicates that policy should effect container execution (not just for audit).
    enforce_after_days int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    exceptional_readonly_files_and_directories Sequence[str]
    List of files and directories to be excluded from the read-only list.
    exec_lockdown_white_lists Sequence[str]
    Specify processes that will be allowed
    fork_guard_process_limit int
    Process limit for the fork guard.
    id str
    The provider-assigned unique ID for this managed resource.
    limit_new_privileges bool
    If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)
    monitor_system_time_changes bool
    If true, system time changes will be monitored.
    name str
    Name of the container runtime policy
    readonly_files_and_directories Sequence[str]
    List of files and directories to be restricted as read-only
    reverse_shell_allowed_ips Sequence[str]
    List of IPs/ CIDRs that will be allowed
    reverse_shell_allowed_processes Sequence[str]
    List of processes that will be allowed
    scope_expression str
    Logical expression of how to compute the dependency of the scope variables.
    scope_variables Sequence[GetContainerRuntimePolicyScopeVariable]
    List of scope attributes.
    allowed_executables Sequence[GetContainerRuntimePolicyAllowedExecutable]
    Allowed executables configuration.
    allowed_registries Sequence[GetContainerRuntimePolicyAllowedRegistry]
    Allowed registries configuration.
    auditing GetContainerRuntimePolicyAuditing
    container_exec GetContainerRuntimePolicyContainerExec
    file_block GetContainerRuntimePolicyFileBlock
    file_integrity_monitorings Sequence[GetContainerRuntimePolicyFileIntegrityMonitoring]
    Configuration for file integrity monitoring.
    limit_container_privileges Sequence[GetContainerRuntimePolicyLimitContainerPrivilege]
    Container privileges configuration.
    malware_scan_options Sequence[GetContainerRuntimePolicyMalwareScanOption]
    Configuration for Real-Time Malware Protection.
    port_block GetContainerRuntimePolicyPortBlock
    readonly_files GetContainerRuntimePolicyReadonlyFiles
    restricted_volumes Sequence[GetContainerRuntimePolicyRestrictedVolume]
    Restricted volumes configuration.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditAllNetworkActivity Boolean
    If true, all network activity will be audited.
    auditAllProcessesActivity Boolean
    If true, all process activity will be audited.
    auditFullCommandArguments Boolean
    If true, full command arguments will be audited.
    author String
    Username of the account that created the service.
    blockAccessHostNetwork Boolean
    If true, prevent containers from running with access to host network.
    blockAddingCapabilities Boolean
    If true, prevent containers from running with adding capabilities with --cap-add privilege.
    blockContainerExec Boolean
    If true, exec into a container is prevented.
    blockCryptocurrencyMining Boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockFilelessExec Boolean
    Detect and prevent running in-memory execution
    blockLowPortBinding Boolean
    If true, prevent containers from running with the capability to bind in port lower than 1024.
    blockNonCompliantImages Boolean
    If true, running non-compliant image in the container is prevented.
    blockNonCompliantWorkloads Boolean
    If true, running containers in non-compliant pods is prevented.
    blockNonK8sContainers Boolean
    If true, running non-kubernetes containers is prevented.
    blockPrivilegedContainers Boolean
    If true, prevent containers from running with privileged container capability.
    blockReverseShell Boolean
    If true, reverse shell is prevented.
    blockRootUser Boolean
    If true, prevent containers from running with root user.
    blockUnregisteredImages Boolean
    If true, running images in the container that are not registered in Aqua is prevented.
    blockUseIpcNamespace Boolean
    If true, prevent containers from running with the privilege to use the IPC namespace.
    blockUsePidNamespace Boolean
    If true, prevent containers from running with the privilege to use the PID namespace.
    blockUseUserNamespace Boolean
    If true, prevent containers from running with the privilege to use the user namespace.
    blockUseUtsNamespace Boolean
    If true, prevent containers from running with the privilege to use the UTS namespace.
    blockedCapabilities List<String>
    If true, prevents containers from using specific Unix capabilities.
    blockedExecutables List<String>
    List of executables that are prevented from running in containers.
    blockedFiles List<String>
    List of files that are prevented from being read, modified and executed in the containers.
    blockedInboundPorts List<String>
    List of blocked inbound ports.
    blockedOutboundPorts List<String>
    List of blocked outbound ports.
    blockedPackages List<String>
    Prevent containers from reading, writing, or executing all files in the list of packages.
    blockedVolumes List<String>
    List of volumes that are prevented from being mounted in the containers.
    containerExecAllowedProcesses List<String>
    List of processes that will be allowed.
    description String
    The description of the container runtime policy
    enableDriftPrevention Boolean
    If true, executables that are not in the original image is prevented from running.
    enableForkGuard Boolean
    If true, fork bombs are prevented in the containers.
    enableIpReputationSecurity Boolean
    If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
    enablePortScanDetection Boolean
    If true, detects port scanning behavior in the container.
    enabled Boolean
    Indicates if the runtime policy is enabled or not.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    exceptionalReadonlyFilesAndDirectories List<String>
    List of files and directories to be excluded from the read-only list.
    execLockdownWhiteLists List<String>
    Specify processes that will be allowed
    forkGuardProcessLimit Number
    Process limit for the fork guard.
    id String
    The provider-assigned unique ID for this managed resource.
    limitNewPrivileges Boolean
    If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)
    monitorSystemTimeChanges Boolean
    If true, system time changes will be monitored.
    name String
    Name of the container runtime policy
    readonlyFilesAndDirectories List<String>
    List of files and directories to be restricted as read-only
    reverseShellAllowedIps List<String>
    List of IPs/ CIDRs that will be allowed
    reverseShellAllowedProcesses List<String>
    List of processes that will be allowed
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<Property Map>
    List of scope attributes.
    allowedExecutables List<Property Map>
    Allowed executables configuration.
    allowedRegistries List<Property Map>
    Allowed registries configuration.
    auditing Property Map
    containerExec Property Map
    fileBlock Property Map
    fileIntegrityMonitorings List<Property Map>
    Configuration for file integrity monitoring.
    limitContainerPrivileges List<Property Map>
    Container privileges configuration.
    malwareScanOptions List<Property Map>
    Configuration for Real-Time Malware Protection.
    portBlock Property Map
    readonlyFiles Property Map
    restrictedVolumes List<Property Map>
    Restricted volumes configuration.

    Supporting Types

    GetContainerRuntimePolicyAllowedExecutable

    AllowExecutables List<string>
    List of allowed executables.
    AllowRootExecutables List<string>
    List of allowed root executables.
    Enabled bool
    Whether allowed executables configuration is enabled.
    SeparateExecutables bool
    Whether to treat executables separately.
    AllowExecutables []string
    List of allowed executables.
    AllowRootExecutables []string
    List of allowed root executables.
    Enabled bool
    Whether allowed executables configuration is enabled.
    SeparateExecutables bool
    Whether to treat executables separately.
    allowExecutables List<String>
    List of allowed executables.
    allowRootExecutables List<String>
    List of allowed root executables.
    enabled Boolean
    Whether allowed executables configuration is enabled.
    separateExecutables Boolean
    Whether to treat executables separately.
    allowExecutables string[]
    List of allowed executables.
    allowRootExecutables string[]
    List of allowed root executables.
    enabled boolean
    Whether allowed executables configuration is enabled.
    separateExecutables boolean
    Whether to treat executables separately.
    allow_executables Sequence[str]
    List of allowed executables.
    allow_root_executables Sequence[str]
    List of allowed root executables.
    enabled bool
    Whether allowed executables configuration is enabled.
    separate_executables bool
    Whether to treat executables separately.
    allowExecutables List<String>
    List of allowed executables.
    allowRootExecutables List<String>
    List of allowed root executables.
    enabled Boolean
    Whether allowed executables configuration is enabled.
    separateExecutables Boolean
    Whether to treat executables separately.

    GetContainerRuntimePolicyAllowedRegistry

    AllowedRegistries List<string>
    List of allowed registries.
    Enabled bool
    Whether allowed registries are enabled.
    AllowedRegistries []string
    List of allowed registries.
    Enabled bool
    Whether allowed registries are enabled.
    allowedRegistries List<String>
    List of allowed registries.
    enabled Boolean
    Whether allowed registries are enabled.
    allowedRegistries string[]
    List of allowed registries.
    enabled boolean
    Whether allowed registries are enabled.
    allowed_registries Sequence[str]
    List of allowed registries.
    enabled bool
    Whether allowed registries are enabled.
    allowedRegistries List<String>
    List of allowed registries.
    enabled Boolean
    Whether allowed registries are enabled.

    GetContainerRuntimePolicyAuditing

    GetContainerRuntimePolicyContainerExec

    GetContainerRuntimePolicyFileBlock

    GetContainerRuntimePolicyFileIntegrityMonitoring

    Enabled bool
    If true, file integrity monitoring is enabled.
    ExceptionalMonitoredFiles List<string>
    List of paths to be excluded from monitoring.
    ExceptionalMonitoredFilesProcesses List<string>
    List of processes to be excluded from monitoring.
    ExceptionalMonitoredFilesUsers List<string>
    List of users to be excluded from monitoring.
    MonitoredFiles List<string>
    List of paths to be monitored.
    MonitoredFilesAttributes bool
    Whether to monitor file attribute operations.
    MonitoredFilesCreate bool
    Whether to monitor file create operations.
    MonitoredFilesDelete bool
    Whether to monitor file delete operations.
    MonitoredFilesModify bool
    Whether to monitor file modify operations.
    MonitoredFilesProcesses List<string>
    List of processes associated with monitored files.
    MonitoredFilesRead bool
    Whether to monitor file read operations.
    MonitoredFilesUsers List<string>
    List of users associated with monitored files.
    Enabled bool
    If true, file integrity monitoring is enabled.
    ExceptionalMonitoredFiles []string
    List of paths to be excluded from monitoring.
    ExceptionalMonitoredFilesProcesses []string
    List of processes to be excluded from monitoring.
    ExceptionalMonitoredFilesUsers []string
    List of users to be excluded from monitoring.
    MonitoredFiles []string
    List of paths to be monitored.
    MonitoredFilesAttributes bool
    Whether to monitor file attribute operations.
    MonitoredFilesCreate bool
    Whether to monitor file create operations.
    MonitoredFilesDelete bool
    Whether to monitor file delete operations.
    MonitoredFilesModify bool
    Whether to monitor file modify operations.
    MonitoredFilesProcesses []string
    List of processes associated with monitored files.
    MonitoredFilesRead bool
    Whether to monitor file read operations.
    MonitoredFilesUsers []string
    List of users associated with monitored files.
    enabled Boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles List<String>
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses List<String>
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers List<String>
    List of users to be excluded from monitoring.
    monitoredFiles List<String>
    List of paths to be monitored.
    monitoredFilesAttributes Boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate Boolean
    Whether to monitor file create operations.
    monitoredFilesDelete Boolean
    Whether to monitor file delete operations.
    monitoredFilesModify Boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses List<String>
    List of processes associated with monitored files.
    monitoredFilesRead Boolean
    Whether to monitor file read operations.
    monitoredFilesUsers List<String>
    List of users associated with monitored files.
    enabled boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles string[]
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses string[]
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers string[]
    List of users to be excluded from monitoring.
    monitoredFiles string[]
    List of paths to be monitored.
    monitoredFilesAttributes boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate boolean
    Whether to monitor file create operations.
    monitoredFilesDelete boolean
    Whether to monitor file delete operations.
    monitoredFilesModify boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses string[]
    List of processes associated with monitored files.
    monitoredFilesRead boolean
    Whether to monitor file read operations.
    monitoredFilesUsers string[]
    List of users associated with monitored files.
    enabled bool
    If true, file integrity monitoring is enabled.
    exceptional_monitored_files Sequence[str]
    List of paths to be excluded from monitoring.
    exceptional_monitored_files_processes Sequence[str]
    List of processes to be excluded from monitoring.
    exceptional_monitored_files_users Sequence[str]
    List of users to be excluded from monitoring.
    monitored_files Sequence[str]
    List of paths to be monitored.
    monitored_files_attributes bool
    Whether to monitor file attribute operations.
    monitored_files_create bool
    Whether to monitor file create operations.
    monitored_files_delete bool
    Whether to monitor file delete operations.
    monitored_files_modify bool
    Whether to monitor file modify operations.
    monitored_files_processes Sequence[str]
    List of processes associated with monitored files.
    monitored_files_read bool
    Whether to monitor file read operations.
    monitored_files_users Sequence[str]
    List of users associated with monitored files.
    enabled Boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles List<String>
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses List<String>
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers List<String>
    List of users to be excluded from monitoring.
    monitoredFiles List<String>
    List of paths to be monitored.
    monitoredFilesAttributes Boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate Boolean
    Whether to monitor file create operations.
    monitoredFilesDelete Boolean
    Whether to monitor file delete operations.
    monitoredFilesModify Boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses List<String>
    List of processes associated with monitored files.
    monitoredFilesRead Boolean
    Whether to monitor file read operations.
    monitoredFilesUsers List<String>
    List of users associated with monitored files.

    GetContainerRuntimePolicyLimitContainerPrivilege

    BlockAddCapabilities bool
    Whether to block adding capabilities.
    Enabled bool
    Whether container privilege limitations are enabled.
    Ipcmode bool
    Whether to limit IPC-related capabilities.
    Netmode bool
    Whether to limit network-related capabilities.
    Pidmode bool
    Whether to limit process-related capabilities.
    PreventLowPortBinding bool
    Whether to prevent low port binding.
    PreventRootUser bool
    Whether to prevent the use of the root user.
    Privileged bool
    Whether the container is run in privileged mode.
    UseHostUser bool
    Whether to use the host user.
    Usermode bool
    Whether to limit user-related capabilities.
    Utsmode bool
    Whether to limit UTS-related capabilities.
    BlockAddCapabilities bool
    Whether to block adding capabilities.
    Enabled bool
    Whether container privilege limitations are enabled.
    Ipcmode bool
    Whether to limit IPC-related capabilities.
    Netmode bool
    Whether to limit network-related capabilities.
    Pidmode bool
    Whether to limit process-related capabilities.
    PreventLowPortBinding bool
    Whether to prevent low port binding.
    PreventRootUser bool
    Whether to prevent the use of the root user.
    Privileged bool
    Whether the container is run in privileged mode.
    UseHostUser bool
    Whether to use the host user.
    Usermode bool
    Whether to limit user-related capabilities.
    Utsmode bool
    Whether to limit UTS-related capabilities.
    blockAddCapabilities Boolean
    Whether to block adding capabilities.
    enabled Boolean
    Whether container privilege limitations are enabled.
    ipcmode Boolean
    Whether to limit IPC-related capabilities.
    netmode Boolean
    Whether to limit network-related capabilities.
    pidmode Boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding Boolean
    Whether to prevent low port binding.
    preventRootUser Boolean
    Whether to prevent the use of the root user.
    privileged Boolean
    Whether the container is run in privileged mode.
    useHostUser Boolean
    Whether to use the host user.
    usermode Boolean
    Whether to limit user-related capabilities.
    utsmode Boolean
    Whether to limit UTS-related capabilities.
    blockAddCapabilities boolean
    Whether to block adding capabilities.
    enabled boolean
    Whether container privilege limitations are enabled.
    ipcmode boolean
    Whether to limit IPC-related capabilities.
    netmode boolean
    Whether to limit network-related capabilities.
    pidmode boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding boolean
    Whether to prevent low port binding.
    preventRootUser boolean
    Whether to prevent the use of the root user.
    privileged boolean
    Whether the container is run in privileged mode.
    useHostUser boolean
    Whether to use the host user.
    usermode boolean
    Whether to limit user-related capabilities.
    utsmode boolean
    Whether to limit UTS-related capabilities.
    block_add_capabilities bool
    Whether to block adding capabilities.
    enabled bool
    Whether container privilege limitations are enabled.
    ipcmode bool
    Whether to limit IPC-related capabilities.
    netmode bool
    Whether to limit network-related capabilities.
    pidmode bool
    Whether to limit process-related capabilities.
    prevent_low_port_binding bool
    Whether to prevent low port binding.
    prevent_root_user bool
    Whether to prevent the use of the root user.
    privileged bool
    Whether the container is run in privileged mode.
    use_host_user bool
    Whether to use the host user.
    usermode bool
    Whether to limit user-related capabilities.
    utsmode bool
    Whether to limit UTS-related capabilities.
    blockAddCapabilities Boolean
    Whether to block adding capabilities.
    enabled Boolean
    Whether container privilege limitations are enabled.
    ipcmode Boolean
    Whether to limit IPC-related capabilities.
    netmode Boolean
    Whether to limit network-related capabilities.
    pidmode Boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding Boolean
    Whether to prevent low port binding.
    preventRootUser Boolean
    Whether to prevent the use of the root user.
    privileged Boolean
    Whether the container is run in privileged mode.
    useHostUser Boolean
    Whether to use the host user.
    usermode Boolean
    Whether to limit user-related capabilities.
    utsmode Boolean
    Whether to limit UTS-related capabilities.

    GetContainerRuntimePolicyMalwareScanOption

    Action string
    Set Action, Defaults to 'Alert' when empty
    Enabled bool
    Defines if enabled or not
    ExcludeDirectories List<string>
    List of registry paths to be excluded from being protected.
    ExcludeProcesses List<string>
    List of registry processes to be excluded from being protected.
    IncludeDirectories List<string>
    List of registry paths to be excluded from being protected.
    Action string
    Set Action, Defaults to 'Alert' when empty
    Enabled bool
    Defines if enabled or not
    ExcludeDirectories []string
    List of registry paths to be excluded from being protected.
    ExcludeProcesses []string
    List of registry processes to be excluded from being protected.
    IncludeDirectories []string
    List of registry paths to be excluded from being protected.
    action String
    Set Action, Defaults to 'Alert' when empty
    enabled Boolean
    Defines if enabled or not
    excludeDirectories List<String>
    List of registry paths to be excluded from being protected.
    excludeProcesses List<String>
    List of registry processes to be excluded from being protected.
    includeDirectories List<String>
    List of registry paths to be excluded from being protected.
    action string
    Set Action, Defaults to 'Alert' when empty
    enabled boolean
    Defines if enabled or not
    excludeDirectories string[]
    List of registry paths to be excluded from being protected.
    excludeProcesses string[]
    List of registry processes to be excluded from being protected.
    includeDirectories string[]
    List of registry paths to be excluded from being protected.
    action str
    Set Action, Defaults to 'Alert' when empty
    enabled bool
    Defines if enabled or not
    exclude_directories Sequence[str]
    List of registry paths to be excluded from being protected.
    exclude_processes Sequence[str]
    List of registry processes to be excluded from being protected.
    include_directories Sequence[str]
    List of registry paths to be excluded from being protected.
    action String
    Set Action, Defaults to 'Alert' when empty
    enabled Boolean
    Defines if enabled or not
    excludeDirectories List<String>
    List of registry paths to be excluded from being protected.
    excludeProcesses List<String>
    List of registry processes to be excluded from being protected.
    includeDirectories List<String>
    List of registry paths to be excluded from being protected.

    GetContainerRuntimePolicyPortBlock

    BlockInboundPorts List<string>
    BlockOutboundPorts List<string>
    Enabled bool
    blockInboundPorts List<String>
    blockOutboundPorts List<String>
    enabled Boolean
    block_inbound_ports Sequence[str]
    block_outbound_ports Sequence[str]
    enabled bool
    blockInboundPorts List<String>
    blockOutboundPorts List<String>
    enabled Boolean

    GetContainerRuntimePolicyReadonlyFiles

    GetContainerRuntimePolicyRestrictedVolume

    Enabled bool
    Whether restricted volumes are enabled.
    Volumes List<string>
    List of restricted volumes.
    Enabled bool
    Whether restricted volumes are enabled.
    Volumes []string
    List of restricted volumes.
    enabled Boolean
    Whether restricted volumes are enabled.
    volumes List<String>
    List of restricted volumes.
    enabled boolean
    Whether restricted volumes are enabled.
    volumes string[]
    List of restricted volumes.
    enabled bool
    Whether restricted volumes are enabled.
    volumes Sequence[str]
    List of restricted volumes.
    enabled Boolean
    Whether restricted volumes are enabled.
    volumes List<String>
    List of restricted volumes.

    GetContainerRuntimePolicyScopeVariable

    Attribute string
    Class of supported scope.
    Name string
    Name assigned to the attribute.
    Value string
    Value assigned to the attribute.
    Attribute string
    Class of supported scope.
    Name string
    Name assigned to the attribute.
    Value string
    Value assigned to the attribute.
    attribute String
    Class of supported scope.
    name String
    Name assigned to the attribute.
    value String
    Value assigned to the attribute.
    attribute string
    Class of supported scope.
    name string
    Name assigned to the attribute.
    value string
    Value assigned to the attribute.
    attribute str
    Class of supported scope.
    name str
    Name assigned to the attribute.
    value str
    Value assigned to the attribute.
    attribute String
    Class of supported scope.
    name String
    Name assigned to the attribute.
    value String
    Value assigned to the attribute.

    Package Details

    Repository
    aquasec pulumiverse/pulumi-aquasec
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aquasec Terraform Provider.
    aquasec logo
    Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse