prismacloud 1.7.0, Apr 14 25

prismacloud 1.7.0 published on Monday, Apr 14, 2025 by paloaltonetworks

paloaltonetworks/terraform-provider-prismacloud

prismacloud.Policy

Explore with Pulumi AI

prismacloud 1.7.0 published on Monday, Apr 14, 2025 by paloaltonetworks

paloaltonetworks/terraform-provider-prismacloud

Example Usage
Custom Build Policy)
Custom Run Policy Without Any RQL Saved Search)
Custom Run Policy With An RQL Saved Search)
Custom Build And Run Policy)
Attack Path Policy)
Create Policy Resource
Constructor syntax
Constructor example
Policy Resource Properties
Inputs
Outputs
Look up Existing Policy Resource
Supporting Types
Import
Package Details

Request a Change

Manage a specific policy.

import * as pulumi from "@pulumi/pulumi";
import * as prismacloud from "@pulumi/prismacloud";

const example = new prismacloud.Policy("example", {
    policyType: "network",
    rule: {
        criteria: "savedSearchId",
        name: "my rule",
        parameters: {
            savedSearch: "false",
            withIac: "false",
        },
        ruleType: "Network",
    },
});

import pulumi
import pulumi_prismacloud as prismacloud

example = prismacloud.Policy("example",
    policy_type="network",
    rule={
        "criteria": "savedSearchId",
        "name": "my rule",
        "parameters": {
            "savedSearch": "false",
            "withIac": "false",
        },
        "rule_type": "Network",
    })

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/prismacloud/prismacloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := prismacloud.NewPolicy(ctx, "example", &prismacloud.PolicyArgs{
			PolicyType: pulumi.String("network"),
			Rule: &prismacloud.PolicyRuleArgs{
				Criteria: pulumi.String("savedSearchId"),
				Name:     pulumi.String("my rule"),
				Parameters: pulumi.StringMap{
					"savedSearch": pulumi.String("false"),
					"withIac":     pulumi.String("false"),
				},
				RuleType: pulumi.String("Network"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Prismacloud = Pulumi.Prismacloud;

return await Deployment.RunAsync(() => 
{
    var example = new Prismacloud.Policy("example", new()
    {
        PolicyType = "network",
        Rule = new Prismacloud.Inputs.PolicyRuleArgs
        {
            Criteria = "savedSearchId",
            Name = "my rule",
            Parameters = 
            {
                { "savedSearch", "false" },
                { "withIac", "false" },
            },
            RuleType = "Network",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.prismacloud.Policy;
import com.pulumi.prismacloud.PolicyArgs;
import com.pulumi.prismacloud.inputs.PolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Policy("example", PolicyArgs.builder()
            .policyType("network")
            .rule(PolicyRuleArgs.builder()
                .criteria("savedSearchId")
                .name("my rule")
                .parameters(Map.ofEntries(
                    Map.entry("savedSearch", false),
                    Map.entry("withIac", false)
                ))
                .ruleType("Network")
                .build())
            .build());

    }
}

resources:
  example:
    type: prismacloud:Policy
    properties:
      policyType: network
      rule:
        criteria: savedSearchId
        name: my rule
        parameters:
          savedSearch: false
          withIac: false
        ruleType: Network

Custom Build Policy)

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as prismacloud from "@pulumi/prismacloud";

const example = new prismacloud.Policy("example", {
    policyType: "config",
    cloudType: "aws",
    severity: "high",
    labels: ["some_tag"],
    description: "this describes the policy",
    rule: {
        name: "sample custom build policy created with terraform",
        ruleType: "Config",
        parameters: {
            savedSearch: "false",
            withIac: "true",
        },
        childrens: [{
            type: "build",
            recommendation: "fix it",
            metadata: {
                code: fs.readFileSync("folder/build_policy.yaml", "utf8"),
            },
        }],
    },
});

import pulumi
import pulumi_prismacloud as prismacloud

example = prismacloud.Policy("example",
    policy_type="config",
    cloud_type="aws",
    severity="high",
    labels=["some_tag"],
    description="this describes the policy",
    rule={
        "name": "sample custom build policy created with terraform",
        "rule_type": "Config",
        "parameters": {
            "savedSearch": "false",
            "withIac": "true",
        },
        "childrens": [{
            "type": "build",
            "recommendation": "fix it",
            "metadata": {
                "code": (lambda path: open(path).read())("folder/build_policy.yaml"),
            },
        }],
    })

package main

import (
	"os"

	"github.com/pulumi/pulumi-terraform-provider/sdks/go/prismacloud/prismacloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := prismacloud.NewPolicy(ctx, "example", &prismacloud.PolicyArgs{
			PolicyType: pulumi.String("config"),
			CloudType:  pulumi.String("aws"),
			Severity:   pulumi.String("high"),
			Labels: pulumi.StringArray{
				pulumi.String("some_tag"),
			},
			Description: pulumi.String("this describes the policy"),
			Rule: &prismacloud.PolicyRuleArgs{
				Name:     pulumi.String("sample custom build policy created with terraform"),
				RuleType: pulumi.String("Config"),
				Parameters: pulumi.StringMap{
					"savedSearch": pulumi.String("false"),
					"withIac":     pulumi.String("true"),
				},
				Childrens: prismacloud.PolicyRuleChildrenArray{
					&prismacloud.PolicyRuleChildrenArgs{
						Type:           pulumi.String("build"),
						Recommendation: pulumi.String("fix it"),
						Metadata: pulumi.StringMap{
							"code": pulumi.String(readFileOrPanic("folder/build_policy.yaml")),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Prismacloud = Pulumi.Prismacloud;

return await Deployment.RunAsync(() => 
{
    var example = new Prismacloud.Policy("example", new()
    {
        PolicyType = "config",
        CloudType = "aws",
        Severity = "high",
        Labels = new[]
        {
            "some_tag",
        },
        Description = "this describes the policy",
        Rule = new Prismacloud.Inputs.PolicyRuleArgs
        {
            Name = "sample custom build policy created with terraform",
            RuleType = "Config",
            Parameters = 
            {
                { "savedSearch", "false" },
                { "withIac", "true" },
            },
            Childrens = new[]
            {
                new Prismacloud.Inputs.PolicyRuleChildrenArgs
                {
                    Type = "build",
                    Recommendation = "fix it",
                    Metadata = 
                    {
                        { "code", File.ReadAllText("folder/build_policy.yaml") },
                    },
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.prismacloud.Policy;
import com.pulumi.prismacloud.PolicyArgs;
import com.pulumi.prismacloud.inputs.PolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Policy("example", PolicyArgs.builder()
            .policyType("config")
            .cloudType("aws")
            .severity("high")
            .labels("some_tag")
            .description("this describes the policy")
            .rule(PolicyRuleArgs.builder()
                .name("sample custom build policy created with terraform")
                .ruleType("Config")
                .parameters(Map.ofEntries(
                    Map.entry("savedSearch", false),
                    Map.entry("withIac", true)
                ))
                .childrens(PolicyRuleChildrenArgs.builder()
                    .type("build")
                    .recommendation("fix it")
                    .metadata(Map.of("code", Files.readString(Paths.get("folder/build_policy.yaml"))))
                    .build())
                .build())
            .build());

    }
}

resources:
  example:
    type: prismacloud:Policy
    properties:
      policyType: config
      cloudType: aws
      severity: high
      labels:
        - some_tag
      description: this describes the policy
      rule:
        name: sample custom build policy created with terraform
        ruleType: Config
        parameters:
          savedSearch: false
          withIac: true
        childrens:
          - type: build
            recommendation: fix it
            metadata:
              code:
                fn::readFile: folder/build_policy.yaml

Custom Run Policy Without Any RQL Saved Search)

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as prismacloud from "@pulumi/prismacloud";

const example = new prismacloud.Policy("example", {
    policyType: "config",
    cloudType: "aws",
    severity: "low",
    labels: ["some_tag"],
    description: "this describes the policy",
    rule: {
        name: "sample custom run policy created with terraform",
        ruleType: "Config",
        parameters: {
            savedSearch: "false",
            withIac: "false",
        },
        criteria: fs.readFileSync("folder/run_policy.rql", "utf8"),
    },
});

import pulumi
import pulumi_prismacloud as prismacloud

example = prismacloud.Policy("example",
    policy_type="config",
    cloud_type="aws",
    severity="low",
    labels=["some_tag"],
    description="this describes the policy",
    rule={
        "name": "sample custom run policy created with terraform",
        "rule_type": "Config",
        "parameters": {
            "savedSearch": "false",
            "withIac": "false",
        },
        "criteria": (lambda path: open(path).read())("folder/run_policy.rql"),
    })

package main

import (
	"os"

	"github.com/pulumi/pulumi-terraform-provider/sdks/go/prismacloud/prismacloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := prismacloud.NewPolicy(ctx, "example", &prismacloud.PolicyArgs{
			PolicyType: pulumi.String("config"),
			CloudType:  pulumi.String("aws"),
			Severity:   pulumi.String("low"),
			Labels: pulumi.StringArray{
				pulumi.String("some_tag"),
			},
			Description: pulumi.String("this describes the policy"),
			Rule: &prismacloud.PolicyRuleArgs{
				Name:     pulumi.String("sample custom run policy created with terraform"),
				RuleType: pulumi.String("Config"),
				Parameters: pulumi.StringMap{
					"savedSearch": pulumi.String("false"),
					"withIac":     pulumi.String("false"),
				},
				Criteria: pulumi.String(readFileOrPanic("folder/run_policy.rql")),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Prismacloud = Pulumi.Prismacloud;

return await Deployment.RunAsync(() => 
{
    var example = new Prismacloud.Policy("example", new()
    {
        PolicyType = "config",
        CloudType = "aws",
        Severity = "low",
        Labels = new[]
        {
            "some_tag",
        },
        Description = "this describes the policy",
        Rule = new Prismacloud.Inputs.PolicyRuleArgs
        {
            Name = "sample custom run policy created with terraform",
            RuleType = "Config",
            Parameters = 
            {
                { "savedSearch", "false" },
                { "withIac", "false" },
            },
            Criteria = File.ReadAllText("folder/run_policy.rql"),
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.prismacloud.Policy;
import com.pulumi.prismacloud.PolicyArgs;
import com.pulumi.prismacloud.inputs.PolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Policy("example", PolicyArgs.builder()
            .policyType("config")
            .cloudType("aws")
            .severity("low")
            .labels("some_tag")
            .description("this describes the policy")
            .rule(PolicyRuleArgs.builder()
                .name("sample custom run policy created with terraform")
                .ruleType("Config")
                .parameters(Map.ofEntries(
                    Map.entry("savedSearch", false),
                    Map.entry("withIac", false)
                ))
                .criteria(Files.readString(Paths.get("folder/run_policy.rql")))
                .build())
            .build());

    }
}

resources:
  example:
    type: prismacloud:Policy
    properties:
      policyType: config
      cloudType: aws
      severity: low
      labels:
        - some_tag
      description: this describes the policy
      rule:
        name: sample custom run policy created with terraform
        ruleType: Config
        parameters:
          savedSearch: false
          withIac: false
        criteria:
          fn::readFile: folder/run_policy.rql

Custom Run Policy With An RQL Saved Search)

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as prismacloud from "@pulumi/prismacloud";

const examplePolicy = new prismacloud.Policy("examplePolicy", {
    policyType: "config",
    cloudType: "azure",
    severity: "low",
    labels: ["some_tag"],
    description: "this describes the policy",
    enabled: false,
    rule: {
        name: "sample custom run policy created with terraform",
        ruleType: "Config",
        parameters: {
            savedSearch: "true",
            withIac: "true",
        },
        criteria: fs.readFileSync("policies/aks/aks001.rql", "utf8"),
    },
});
const exampleRqlSearch = new prismacloud.RqlSearch("exampleRqlSearch", {
    searchType: "config",
    query: "config from cloud.resource where api.name = 'azure-kubernetes-cluster' AND json.rule = properties.enableRBAC is true'",
    timeRange: {
        relatives: [{
            unit: "hour",
            amount: 24,
        }],
    },
});
const exampleSavedSearch = new prismacloud.SavedSearch("exampleSavedSearch", {
    description: "sample saved RQL search",
    searchId: exampleRqlSearch.searchId,
    query: exampleRqlSearch.query,
    timeRange: {
        relative: {
            unit: exampleRqlSearch.timeRange.apply(timeRange => timeRange?.relatives?.[0]?.unit),
            amount: exampleRqlSearch.timeRange.apply(timeRange => timeRange?.relatives?.[0]?.amount),
        },
    },
});

import pulumi
import pulumi_prismacloud as prismacloud

example_policy = prismacloud.Policy("examplePolicy",
    policy_type="config",
    cloud_type="azure",
    severity="low",
    labels=["some_tag"],
    description="this describes the policy",
    enabled=False,
    rule={
        "name": "sample custom run policy created with terraform",
        "rule_type": "Config",
        "parameters": {
            "savedSearch": "true",
            "withIac": "true",
        },
        "criteria": (lambda path: open(path).read())("policies/aks/aks001.rql"),
    })
example_rql_search = prismacloud.RqlSearch("exampleRqlSearch",
    search_type="config",
    query="config from cloud.resource where api.name = 'azure-kubernetes-cluster' AND json.rule = properties.enableRBAC is true'",
    time_range={
        "relatives": [{
            "unit": "hour",
            "amount": 24,
        }],
    })
example_saved_search = prismacloud.SavedSearch("exampleSavedSearch",
    description="sample saved RQL search",
    search_id=example_rql_search.search_id,
    query=example_rql_search.query,
    time_range={
        "relative": {
            "unit": example_rql_search.time_range.relatives[0].unit,
            "amount": example_rql_search.time_range.relatives[0].amount,
        },
    })

package main

import (
	"os"

	"github.com/pulumi/pulumi-terraform-provider/sdks/go/prismacloud/prismacloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := prismacloud.NewPolicy(ctx, "examplePolicy", &prismacloud.PolicyArgs{
			PolicyType: pulumi.String("config"),
			CloudType:  pulumi.String("azure"),
			Severity:   pulumi.String("low"),
			Labels: pulumi.StringArray{
				pulumi.String("some_tag"),
			},
			Description: pulumi.String("this describes the policy"),
			Enabled:     pulumi.Bool(false),
			Rule: &prismacloud.PolicyRuleArgs{
				Name:     pulumi.String("sample custom run policy created with terraform"),
				RuleType: pulumi.String("Config"),
				Parameters: pulumi.StringMap{
					"savedSearch": pulumi.String("true"),
					"withIac":     pulumi.String("true"),
				},
				Criteria: pulumi.String(readFileOrPanic("policies/aks/aks001.rql")),
			},
		})
		if err != nil {
			return err
		}
		exampleRqlSearch, err := prismacloud.NewRqlSearch(ctx, "exampleRqlSearch", &prismacloud.RqlSearchArgs{
			SearchType: pulumi.String("config"),
			Query:      pulumi.String("config from cloud.resource where api.name = 'azure-kubernetes-cluster' AND json.rule = properties.enableRBAC is true'"),
			TimeRange: &prismacloud.RqlSearchTimeRangeArgs{
				Relatives: prismacloud.RqlSearchTimeRangeRelativeArray{
					&prismacloud.RqlSearchTimeRangeRelativeArgs{
						Unit:   pulumi.String("hour"),
						Amount: pulumi.Float64(24),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = prismacloud.NewSavedSearch(ctx, "exampleSavedSearch", &prismacloud.SavedSearchArgs{
			Description: pulumi.String("sample saved RQL search"),
			SearchId:    exampleRqlSearch.SearchId,
			Query:       exampleRqlSearch.Query,
			TimeRange: &prismacloud.SavedSearchTimeRangeArgs{
				Relative: &prismacloud.SavedSearchTimeRangeRelativeArgs{
					Unit: exampleRqlSearch.TimeRange.ApplyT(func(timeRange prismacloud.RqlSearchTimeRange) (*string, error) {
						return &timeRange.Relatives[0].Unit, nil
					}).(pulumi.StringPtrOutput),
					Amount: exampleRqlSearch.TimeRange.ApplyT(func(timeRange prismacloud.RqlSearchTimeRange) (*float64, error) {
						return &timeRange.Relatives[0].Amount, nil
					}).(pulumi.Float64PtrOutput),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Prismacloud = Pulumi.Prismacloud;

return await Deployment.RunAsync(() => 
{
    var examplePolicy = new Prismacloud.Policy("examplePolicy", new()
    {
        PolicyType = "config",
        CloudType = "azure",
        Severity = "low",
        Labels = new[]
        {
            "some_tag",
        },
        Description = "this describes the policy",
        Enabled = false,
        Rule = new Prismacloud.Inputs.PolicyRuleArgs
        {
            Name = "sample custom run policy created with terraform",
            RuleType = "Config",
            Parameters = 
            {
                { "savedSearch", "true" },
                { "withIac", "true" },
            },
            Criteria = File.ReadAllText("policies/aks/aks001.rql"),
        },
    });

    var exampleRqlSearch = new Prismacloud.RqlSearch("exampleRqlSearch", new()
    {
        SearchType = "config",
        Query = "config from cloud.resource where api.name = 'azure-kubernetes-cluster' AND json.rule = properties.enableRBAC is true'",
        TimeRange = new Prismacloud.Inputs.RqlSearchTimeRangeArgs
        {
            Relatives = new[]
            {
                new Prismacloud.Inputs.RqlSearchTimeRangeRelativeArgs
                {
                    Unit = "hour",
                    Amount = 24,
                },
            },
        },
    });

    var exampleSavedSearch = new Prismacloud.SavedSearch("exampleSavedSearch", new()
    {
        Description = "sample saved RQL search",
        SearchId = exampleRqlSearch.SearchId,
        Query = exampleRqlSearch.Query,
        TimeRange = new Prismacloud.Inputs.SavedSearchTimeRangeArgs
        {
            Relative = new Prismacloud.Inputs.SavedSearchTimeRangeRelativeArgs
            {
                Unit = exampleRqlSearch.TimeRange.Apply(timeRange => timeRange?.Relatives[0]?.Unit),
                Amount = exampleRqlSearch.TimeRange.Apply(timeRange => timeRange?.Relatives[0]?.Amount),
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.prismacloud.Policy;
import com.pulumi.prismacloud.PolicyArgs;
import com.pulumi.prismacloud.inputs.PolicyRuleArgs;
import com.pulumi.prismacloud.RqlSearch;
import com.pulumi.prismacloud.RqlSearchArgs;
import com.pulumi.prismacloud.inputs.RqlSearchTimeRangeArgs;
import com.pulumi.prismacloud.SavedSearch;
import com.pulumi.prismacloud.SavedSearchArgs;
import com.pulumi.prismacloud.inputs.SavedSearchTimeRangeArgs;
import com.pulumi.prismacloud.inputs.SavedSearchTimeRangeRelativeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var examplePolicy = new Policy("examplePolicy", PolicyArgs.builder()
            .policyType("config")
            .cloudType("azure")
            .severity("low")
            .labels("some_tag")
            .description("this describes the policy")
            .enabled(false)
            .rule(PolicyRuleArgs.builder()
                .name("sample custom run policy created with terraform")
                .ruleType("Config")
                .parameters(Map.ofEntries(
                    Map.entry("savedSearch", true),
                    Map.entry("withIac", true)
                ))
                .criteria(Files.readString(Paths.get("policies/aks/aks001.rql")))
                .build())
            .build());

        var exampleRqlSearch = new RqlSearch("exampleRqlSearch", RqlSearchArgs.builder()
            .searchType("config")
            .query("config from cloud.resource where api.name = 'azure-kubernetes-cluster' AND json.rule = properties.enableRBAC is true'")
            .timeRange(RqlSearchTimeRangeArgs.builder()
                .relatives(RqlSearchTimeRangeRelativeArgs.builder()
                    .unit("hour")
                    .amount(24)
                    .build())
                .build())
            .build());

        var exampleSavedSearch = new SavedSearch("exampleSavedSearch", SavedSearchArgs.builder()
            .description("sample saved RQL search")
            .searchId(exampleRqlSearch.searchId())
            .query(exampleRqlSearch.query())
            .timeRange(SavedSearchTimeRangeArgs.builder()
                .relative(SavedSearchTimeRangeRelativeArgs.builder()
                    .unit(exampleRqlSearch.timeRange().applyValue(timeRange -> timeRange.relatives()[0].unit()))
                    .amount(exampleRqlSearch.timeRange().applyValue(timeRange -> timeRange.relatives()[0].amount()))
                    .build())
                .build())
            .build());

    }
}

resources:
  examplePolicy:
    type: prismacloud:Policy
    properties:
      policyType: config
      cloudType: azure
      severity: low
      labels:
        - some_tag
      description: this describes the policy
      enabled: false
      rule:
        name: sample custom run policy created with terraform
        ruleType: Config
        parameters:
          savedSearch: true
          withIac: true
        criteria:
          fn::readFile: policies/aks/aks001.rql
  exampleSavedSearch:
    type: prismacloud:SavedSearch
    properties:
      description: sample saved RQL search
      searchId: ${exampleRqlSearch.searchId}
      query: ${exampleRqlSearch.query}
      timeRange:
        relative:
          unit: ${exampleRqlSearch.timeRange.relatives[0].unit}
          amount: ${exampleRqlSearch.timeRange.relatives[0].amount}
  exampleRqlSearch:
    type: prismacloud:RqlSearch
    properties:
      searchType: config
      query: config from cloud.resource where api.name = 'azure-kubernetes-cluster' AND json.rule = properties.enableRBAC is true'
      timeRange:
        relatives:
          - unit: hour
            amount: 24

Custom Build And Run Policy)

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as prismacloud from "@pulumi/prismacloud";

const policy = new prismacloud.Policy("policy", {
    policyType: "config",
    cloudType: "aws",
    policySubtypes: [
        "run",
        "build",
    ],
    severity: "high",
    labels: ["some_tag"],
    description: "this describes the policy",
    recommendation: "fix it",
    rule: {
        name: "sample custom build and run policy with remediation",
        ruleType: "Config",
        criteria: "savedSearchId",
        parameters: {
            savedSearch: "true",
            withIac: "true",
        },
        childrens: [{
            type: "build",
            recommendation: "fix it",
            metadata: {
                code: fs.readFileSync("folder/build_and_run_policy.yaml", "utf8"),
            },
        }],
    },
});

import pulumi
import pulumi_prismacloud as prismacloud

policy = prismacloud.Policy("policy",
    policy_type="config",
    cloud_type="aws",
    policy_subtypes=[
        "run",
        "build",
    ],
    severity="high",
    labels=["some_tag"],
    description="this describes the policy",
    recommendation="fix it",
    rule={
        "name": "sample custom build and run policy with remediation",
        "rule_type": "Config",
        "criteria": "savedSearchId",
        "parameters": {
            "savedSearch": "true",
            "withIac": "true",
        },
        "childrens": [{
            "type": "build",
            "recommendation": "fix it",
            "metadata": {
                "code": (lambda path: open(path).read())("folder/build_and_run_policy.yaml"),
            },
        }],
    })

package main

import (
	"os"

	"github.com/pulumi/pulumi-terraform-provider/sdks/go/prismacloud/prismacloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := prismacloud.NewPolicy(ctx, "policy", &prismacloud.PolicyArgs{
			PolicyType: pulumi.String("config"),
			CloudType:  pulumi.String("aws"),
			PolicySubtypes: pulumi.StringArray{
				pulumi.String("run"),
				pulumi.String("build"),
			},
			Severity: pulumi.String("high"),
			Labels: pulumi.StringArray{
				pulumi.String("some_tag"),
			},
			Description:    pulumi.String("this describes the policy"),
			Recommendation: pulumi.String("fix it"),
			Rule: &prismacloud.PolicyRuleArgs{
				Name:     pulumi.String("sample custom build and run policy with remediation"),
				RuleType: pulumi.String("Config"),
				Criteria: pulumi.String("savedSearchId"),
				Parameters: pulumi.StringMap{
					"savedSearch": pulumi.String("true"),
					"withIac":     pulumi.String("true"),
				},
				Childrens: prismacloud.PolicyRuleChildrenArray{
					&prismacloud.PolicyRuleChildrenArgs{
						Type:           pulumi.String("build"),
						Recommendation: pulumi.String("fix it"),
						Metadata: pulumi.StringMap{
							"code": pulumi.String(readFileOrPanic("folder/build_and_run_policy.yaml")),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Prismacloud = Pulumi.Prismacloud;

return await Deployment.RunAsync(() => 
{
    var policy = new Prismacloud.Policy("policy", new()
    {
        PolicyType = "config",
        CloudType = "aws",
        PolicySubtypes = new[]
        {
            "run",
            "build",
        },
        Severity = "high",
        Labels = new[]
        {
            "some_tag",
        },
        Description = "this describes the policy",
        Recommendation = "fix it",
        Rule = new Prismacloud.Inputs.PolicyRuleArgs
        {
            Name = "sample custom build and run policy with remediation",
            RuleType = "Config",
            Criteria = "savedSearchId",
            Parameters = 
            {
                { "savedSearch", "true" },
                { "withIac", "true" },
            },
            Childrens = new[]
            {
                new Prismacloud.Inputs.PolicyRuleChildrenArgs
                {
                    Type = "build",
                    Recommendation = "fix it",
                    Metadata = 
                    {
                        { "code", File.ReadAllText("folder/build_and_run_policy.yaml") },
                    },
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.prismacloud.Policy;
import com.pulumi.prismacloud.PolicyArgs;
import com.pulumi.prismacloud.inputs.PolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policy = new Policy("policy", PolicyArgs.builder()
            .policyType("config")
            .cloudType("aws")
            .policySubtypes(            
                "run",
                "build")
            .severity("high")
            .labels("some_tag")
            .description("this describes the policy")
            .recommendation("fix it")
            .rule(PolicyRuleArgs.builder()
                .name("sample custom build and run policy with remediation")
                .ruleType("Config")
                .criteria("savedSearchId")
                .parameters(Map.ofEntries(
                    Map.entry("savedSearch", true),
                    Map.entry("withIac", true)
                ))
                .childrens(PolicyRuleChildrenArgs.builder()
                    .type("build")
                    .recommendation("fix it")
                    .metadata(Map.of("code", Files.readString(Paths.get("folder/build_and_run_policy.yaml"))))
                    .build())
                .build())
            .build());

    }
}

resources:
  policy:
    type: prismacloud:Policy
    properties:
      policyType: config
      cloudType: aws
      policySubtypes:
        - run
        - build
      severity: high
      labels:
        - some_tag
      description: this describes the policy
      recommendation: fix it
      rule:
        name: sample custom build and run policy with remediation
        ruleType: Config
        criteria: savedSearchId
        parameters:
          savedSearch: true
          withIac: true
        childrens:
          - type: build
            recommendation: fix it
            metadata:
              code:
                fn::readFile: folder/build_and_run_policy.yaml

Attack Path Policy)

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as prismacloud from "@pulumi/prismacloud";

const asset = new prismacloud.RqlSearch("asset", {
    searchType: "asset",
    query: "<asset_query>",
});
const assetSavedSearch = new prismacloud.SavedSearch("assetSavedSearch", {
    description: "Made by Pulumi",
    searchId: asset.searchId,
    query: asset.query,
    timeRange: {
        toNow: {
            unit: "epoch",
        },
    },
});
const example = new prismacloud.Policy("example", {
    policyType: "attack_path",
    cloudType: "<cloud_type>",
    rule: {
        name: "Attack Path Policy",
        criteria: assetSavedSearch.searchId,
        parameters: {
            savedSearch: "true",
        },
        ruleType: "attack_path",
    },
    severity: "low",
});

import pulumi
import pulumi_prismacloud as prismacloud

asset = prismacloud.RqlSearch("asset",
    search_type="asset",
    query="<asset_query>")
asset_saved_search = prismacloud.SavedSearch("assetSavedSearch",
    description="Made by Pulumi",
    search_id=asset.search_id,
    query=asset.query,
    time_range={
        "to_now": {
            "unit": "epoch",
        },
    })
example = prismacloud.Policy("example",
    policy_type="attack_path",
    cloud_type="<cloud_type>",
    rule={
        "name": "Attack Path Policy",
        "criteria": asset_saved_search.search_id,
        "parameters": {
            "savedSearch": "true",
        },
        "rule_type": "attack_path",
    },
    severity="low")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/prismacloud/prismacloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		asset, err := prismacloud.NewRqlSearch(ctx, "asset", &prismacloud.RqlSearchArgs{
			SearchType: pulumi.String("asset"),
			Query:      pulumi.String("<asset_query>"),
		})
		if err != nil {
			return err
		}
		assetSavedSearch, err := prismacloud.NewSavedSearch(ctx, "assetSavedSearch", &prismacloud.SavedSearchArgs{
			Description: pulumi.String("Made by Pulumi"),
			SearchId:    asset.SearchId,
			Query:       asset.Query,
			TimeRange: &prismacloud.SavedSearchTimeRangeArgs{
				ToNow: &prismacloud.SavedSearchTimeRangeToNowArgs{
					Unit: pulumi.String("epoch"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = prismacloud.NewPolicy(ctx, "example", &prismacloud.PolicyArgs{
			PolicyType: pulumi.String("attack_path"),
			CloudType:  pulumi.String("<cloud_type>"),
			Rule: &prismacloud.PolicyRuleArgs{
				Name:     pulumi.String("Attack Path Policy"),
				Criteria: assetSavedSearch.SearchId,
				Parameters: pulumi.StringMap{
					"savedSearch": pulumi.String("true"),
				},
				RuleType: pulumi.String("attack_path"),
			},
			Severity: pulumi.String("low"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Prismacloud = Pulumi.Prismacloud;

return await Deployment.RunAsync(() => 
{
    var asset = new Prismacloud.RqlSearch("asset", new()
    {
        SearchType = "asset",
        Query = "<asset_query>",
    });

    var assetSavedSearch = new Prismacloud.SavedSearch("assetSavedSearch", new()
    {
        Description = "Made by Pulumi",
        SearchId = asset.SearchId,
        Query = asset.Query,
        TimeRange = new Prismacloud.Inputs.SavedSearchTimeRangeArgs
        {
            ToNow = new Prismacloud.Inputs.SavedSearchTimeRangeToNowArgs
            {
                Unit = "epoch",
            },
        },
    });

    var example = new Prismacloud.Policy("example", new()
    {
        PolicyType = "attack_path",
        CloudType = "<cloud_type>",
        Rule = new Prismacloud.Inputs.PolicyRuleArgs
        {
            Name = "Attack Path Policy",
            Criteria = assetSavedSearch.SearchId,
            Parameters = 
            {
                { "savedSearch", "true" },
            },
            RuleType = "attack_path",
        },
        Severity = "low",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.prismacloud.RqlSearch;
import com.pulumi.prismacloud.RqlSearchArgs;
import com.pulumi.prismacloud.SavedSearch;
import com.pulumi.prismacloud.SavedSearchArgs;
import com.pulumi.prismacloud.inputs.SavedSearchTimeRangeArgs;
import com.pulumi.prismacloud.inputs.SavedSearchTimeRangeToNowArgs;
import com.pulumi.prismacloud.Policy;
import com.pulumi.prismacloud.PolicyArgs;
import com.pulumi.prismacloud.inputs.PolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var asset = new RqlSearch("asset", RqlSearchArgs.builder()
            .searchType("asset")
            .query("<asset_query>")
            .build());

        var assetSavedSearch = new SavedSearch("assetSavedSearch", SavedSearchArgs.builder()
            .description("Made by Pulumi")
            .searchId(asset.searchId())
            .query(asset.query())
            .timeRange(SavedSearchTimeRangeArgs.builder()
                .toNow(SavedSearchTimeRangeToNowArgs.builder()
                    .unit("epoch")
                    .build())
                .build())
            .build());

        var example = new Policy("example", PolicyArgs.builder()
            .policyType("attack_path")
            .cloudType("<cloud_type>")
            .rule(PolicyRuleArgs.builder()
                .name("Attack Path Policy")
                .criteria(assetSavedSearch.searchId())
                .parameters(Map.of("savedSearch", true))
                .ruleType("attack_path")
                .build())
            .severity("low")
            .build());

    }
}

resources:
  example:
    type: prismacloud:Policy
    properties:
      policyType: attack_path
      cloudType: <cloud_type>
      rule:
        name: Attack Path Policy
        criteria: ${assetSavedSearch.searchId}
        parameters:
          savedSearch: true
        ruleType: attack_path
      severity: low
  assetSavedSearch:
    type: prismacloud:SavedSearch
    properties:
      description: Made by Pulumi
      searchId: ${asset.searchId}
      query: ${asset.query}
      timeRange:
        toNow:
          unit: epoch
  asset:
    type: prismacloud:RqlSearch
    properties:
      searchType: asset
      query: <asset_query>

Create Policy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);

@overload
def Policy(resource_name: str,
           args: PolicyArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Policy(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           policy_type: Optional[str] = None,
           rule: Optional[PolicyRuleArgs] = None,
           policy_subtypes: Optional[Sequence[str]] = None,
           deleted: Optional[bool] = None,
           enabled: Optional[bool] = None,
           labels: Optional[Sequence[str]] = None,
           name: Optional[str] = None,
           overridden: Optional[bool] = None,
           cloud_type: Optional[str] = None,
           description: Optional[str] = None,
           prismacloud_policy_id: Optional[str] = None,
           recommendation: Optional[str] = None,
           remediation: Optional[PolicyRemediationArgs] = None,
           restrict_alert_dismissal: Optional[bool] = None,
           compliance_metadatas: Optional[Sequence[PolicyComplianceMetadataArgs]] = None,
           severity: Optional[str] = None,
           timeouts: Optional[PolicyTimeoutsArgs] = None)

func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)

public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)

public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)

type: prismacloud:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var policyResource = new Prismacloud.Policy("policyResource", new()
{
    PolicyType = "string",
    Rule = new Prismacloud.Inputs.PolicyRuleArgs
    {
        Name = "string",
        RuleType = "string",
        ApiName = "string",
        Childrens = new[]
        {
            new Prismacloud.Inputs.PolicyRuleChildrenArgs
            {
                Criteria = "string",
                Metadata = 
                {
                    { "string", "string" },
                },
                Recommendation = "string",
                Type = "string",
            },
        },
        CloudAccount = "string",
        CloudType = "string",
        Criteria = "string",
        DataCriteria = new Prismacloud.Inputs.PolicyRuleDataCriteriaArgs
        {
            ClassificationResult = "string",
            Exposure = "string",
            Extensions = new[]
            {
                "string",
            },
        },
        Parameters = 
        {
            { "string", "string" },
        },
        ResourceIdPath = "string",
        ResourceType = "string",
    },
    PolicySubtypes = new[]
    {
        "string",
    },
    Deleted = false,
    Enabled = false,
    Labels = new[]
    {
        "string",
    },
    Name = "string",
    Overridden = false,
    CloudType = "string",
    Description = "string",
    PrismacloudPolicyId = "string",
    Recommendation = "string",
    Remediation = new Prismacloud.Inputs.PolicyRemediationArgs
    {
        Actions = new[]
        {
            new Prismacloud.Inputs.PolicyRemediationActionArgs
            {
                Operation = "string",
                Payload = "string",
            },
        },
        CliScriptJsonSchemaString = "string",
        CliScriptTemplate = "string",
        Description = "string",
        TemplateType = "string",
    },
    RestrictAlertDismissal = false,
    ComplianceMetadatas = new[]
    {
        new Prismacloud.Inputs.PolicyComplianceMetadataArgs
        {
            ComplianceId = "string",
            CustomAssigned = false,
            PolicyId = "string",
            RequirementDescription = "string",
            RequirementId = "string",
            RequirementName = "string",
            SectionDescription = "string",
            SectionId = "string",
            SectionLabel = "string",
            StandardDescription = "string",
            StandardName = "string",
        },
    },
    Severity = "string",
    Timeouts = new Prismacloud.Inputs.PolicyTimeoutsArgs
    {
        Create = "string",
        Delete = "string",
        Update = "string",
    },
});

example, err := prismacloud.NewPolicy(ctx, "policyResource", &prismacloud.PolicyArgs{
PolicyType: pulumi.String("string"),
Rule: &.PolicyRuleArgs{
Name: pulumi.String("string"),
RuleType: pulumi.String("string"),
ApiName: pulumi.String("string"),
Childrens: .PolicyRuleChildrenArray{
&.PolicyRuleChildrenArgs{
Criteria: pulumi.String("string"),
Metadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
Recommendation: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
CloudAccount: pulumi.String("string"),
CloudType: pulumi.String("string"),
Criteria: pulumi.String("string"),
DataCriteria: &.PolicyRuleDataCriteriaArgs{
ClassificationResult: pulumi.String("string"),
Exposure: pulumi.String("string"),
Extensions: pulumi.StringArray{
pulumi.String("string"),
},
},
Parameters: pulumi.StringMap{
"string": pulumi.String("string"),
},
ResourceIdPath: pulumi.String("string"),
ResourceType: pulumi.String("string"),
},
PolicySubtypes: pulumi.StringArray{
pulumi.String("string"),
},
Deleted: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Labels: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
Overridden: pulumi.Bool(false),
CloudType: pulumi.String("string"),
Description: pulumi.String("string"),
PrismacloudPolicyId: pulumi.String("string"),
Recommendation: pulumi.String("string"),
Remediation: &.PolicyRemediationArgs{
Actions: .PolicyRemediationActionArray{
&.PolicyRemediationActionArgs{
Operation: pulumi.String("string"),
Payload: pulumi.String("string"),
},
},
CliScriptJsonSchemaString: pulumi.String("string"),
CliScriptTemplate: pulumi.String("string"),
Description: pulumi.String("string"),
TemplateType: pulumi.String("string"),
},
RestrictAlertDismissal: pulumi.Bool(false),
ComplianceMetadatas: .PolicyComplianceMetadataArray{
&.PolicyComplianceMetadataArgs{
ComplianceId: pulumi.String("string"),
CustomAssigned: pulumi.Bool(false),
PolicyId: pulumi.String("string"),
RequirementDescription: pulumi.String("string"),
RequirementId: pulumi.String("string"),
RequirementName: pulumi.String("string"),
SectionDescription: pulumi.String("string"),
SectionId: pulumi.String("string"),
SectionLabel: pulumi.String("string"),
StandardDescription: pulumi.String("string"),
StandardName: pulumi.String("string"),
},
},
Severity: pulumi.String("string"),
Timeouts: &.PolicyTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
})

var policyResource = new Policy("policyResource", PolicyArgs.builder()
    .policyType("string")
    .rule(PolicyRuleArgs.builder()
        .name("string")
        .ruleType("string")
        .apiName("string")
        .childrens(PolicyRuleChildrenArgs.builder()
            .criteria("string")
            .metadata(Map.of("string", "string"))
            .recommendation("string")
            .type("string")
            .build())
        .cloudAccount("string")
        .cloudType("string")
        .criteria("string")
        .dataCriteria(PolicyRuleDataCriteriaArgs.builder()
            .classificationResult("string")
            .exposure("string")
            .extensions("string")
            .build())
        .parameters(Map.of("string", "string"))
        .resourceIdPath("string")
        .resourceType("string")
        .build())
    .policySubtypes("string")
    .deleted(false)
    .enabled(false)
    .labels("string")
    .name("string")
    .overridden(false)
    .cloudType("string")
    .description("string")
    .prismacloudPolicyId("string")
    .recommendation("string")
    .remediation(PolicyRemediationArgs.builder()
        .actions(PolicyRemediationActionArgs.builder()
            .operation("string")
            .payload("string")
            .build())
        .cliScriptJsonSchemaString("string")
        .cliScriptTemplate("string")
        .description("string")
        .templateType("string")
        .build())
    .restrictAlertDismissal(false)
    .complianceMetadatas(PolicyComplianceMetadataArgs.builder()
        .complianceId("string")
        .customAssigned(false)
        .policyId("string")
        .requirementDescription("string")
        .requirementId("string")
        .requirementName("string")
        .sectionDescription("string")
        .sectionId("string")
        .sectionLabel("string")
        .standardDescription("string")
        .standardName("string")
        .build())
    .severity("string")
    .timeouts(PolicyTimeoutsArgs.builder()
        .create("string")
        .delete("string")
        .update("string")
        .build())
    .build());

policy_resource = prismacloud.Policy("policyResource",
    policy_type="string",
    rule={
        "name": "string",
        "rule_type": "string",
        "api_name": "string",
        "childrens": [{
            "criteria": "string",
            "metadata": {
                "string": "string",
            },
            "recommendation": "string",
            "type": "string",
        }],
        "cloud_account": "string",
        "cloud_type": "string",
        "criteria": "string",
        "data_criteria": {
            "classification_result": "string",
            "exposure": "string",
            "extensions": ["string"],
        },
        "parameters": {
            "string": "string",
        },
        "resource_id_path": "string",
        "resource_type": "string",
    },
    policy_subtypes=["string"],
    deleted=False,
    enabled=False,
    labels=["string"],
    name="string",
    overridden=False,
    cloud_type="string",
    description="string",
    prismacloud_policy_id="string",
    recommendation="string",
    remediation={
        "actions": [{
            "operation": "string",
            "payload": "string",
        }],
        "cli_script_json_schema_string": "string",
        "cli_script_template": "string",
        "description": "string",
        "template_type": "string",
    },
    restrict_alert_dismissal=False,
    compliance_metadatas=[{
        "compliance_id": "string",
        "custom_assigned": False,
        "policy_id": "string",
        "requirement_description": "string",
        "requirement_id": "string",
        "requirement_name": "string",
        "section_description": "string",
        "section_id": "string",
        "section_label": "string",
        "standard_description": "string",
        "standard_name": "string",
    }],
    severity="string",
    timeouts={
        "create": "string",
        "delete": "string",
        "update": "string",
    })

const policyResource = new prismacloud.Policy("policyResource", {
    policyType: "string",
    rule: {
        name: "string",
        ruleType: "string",
        apiName: "string",
        childrens: [{
            criteria: "string",
            metadata: {
                string: "string",
            },
            recommendation: "string",
            type: "string",
        }],
        cloudAccount: "string",
        cloudType: "string",
        criteria: "string",
        dataCriteria: {
            classificationResult: "string",
            exposure: "string",
            extensions: ["string"],
        },
        parameters: {
            string: "string",
        },
        resourceIdPath: "string",
        resourceType: "string",
    },
    policySubtypes: ["string"],
    deleted: false,
    enabled: false,
    labels: ["string"],
    name: "string",
    overridden: false,
    cloudType: "string",
    description: "string",
    prismacloudPolicyId: "string",
    recommendation: "string",
    remediation: {
        actions: [{
            operation: "string",
            payload: "string",
        }],
        cliScriptJsonSchemaString: "string",
        cliScriptTemplate: "string",
        description: "string",
        templateType: "string",
    },
    restrictAlertDismissal: false,
    complianceMetadatas: [{
        complianceId: "string",
        customAssigned: false,
        policyId: "string",
        requirementDescription: "string",
        requirementId: "string",
        requirementName: "string",
        sectionDescription: "string",
        sectionId: "string",
        sectionLabel: "string",
        standardDescription: "string",
        standardName: "string",
    }],
    severity: "string",
    timeouts: {
        create: "string",
        "delete": "string",
        update: "string",
    },
});

type: prismacloud:Policy
properties:
    cloudType: string
    complianceMetadatas:
        - complianceId: string
          customAssigned: false
          policyId: string
          requirementDescription: string
          requirementId: string
          requirementName: string
          sectionDescription: string
          sectionId: string
          sectionLabel: string
          standardDescription: string
          standardName: string
    deleted: false
    description: string
    enabled: false
    labels:
        - string
    name: string
    overridden: false
    policySubtypes:
        - string
    policyType: string
    prismacloudPolicyId: string
    recommendation: string
    remediation:
        actions:
            - operation: string
              payload: string
        cliScriptJsonSchemaString: string
        cliScriptTemplate: string
        description: string
        templateType: string
    restrictAlertDismissal: false
    rule:
        apiName: string
        childrens:
            - criteria: string
              metadata:
                string: string
              recommendation: string
              type: string
        cloudAccount: string
        cloudType: string
        criteria: string
        dataCriteria:
            classificationResult: string
            exposure: string
            extensions:
                - string
        name: string
        parameters:
            string: string
        resourceIdPath: string
        resourceType: string
        ruleType: string
    severity: string
    timeouts:
        create: string
        delete: string
        update: string

Policy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Policy resource accepts the following input properties:

PolicyType string: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
Rule PolicyRule: Model for the rule, as defined below
CloudType string: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
ComplianceMetadatas List<PolicyComplianceMetadata>: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
Deleted bool: Deleted
Description string: Description
Enabled bool: Enabled
Labels List<string>: List of labels
Name string: Policy name
Overridden bool: Overridden
PolicySubtypes List<string>: Policy subtypes. Valid values are build, run
PrismacloudPolicyId string
Recommendation string: Remediation recommendation
Remediation PolicyRemediation: Model for remediation, as defined below
RestrictAlertDismissal bool: Restrict alert dismissal
Severity string: Severity. Valid values are low (default), medium, high,informational, or critical.
Timeouts PolicyTimeouts

PolicyType string: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
Rule PolicyRuleArgs: Model for the rule, as defined below
CloudType string: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
ComplianceMetadatas []PolicyComplianceMetadataArgs: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
Deleted bool: Deleted
Description string: Description
Enabled bool: Enabled
Labels []string: List of labels
Name string: Policy name
Overridden bool: Overridden
PolicySubtypes []string: Policy subtypes. Valid values are build, run
PrismacloudPolicyId string
Recommendation string: Remediation recommendation
Remediation PolicyRemediationArgs: Model for remediation, as defined below
RestrictAlertDismissal bool: Restrict alert dismissal
Severity string: Severity. Valid values are low (default), medium, high,informational, or critical.
Timeouts PolicyTimeoutsArgs

policyType String: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
rule PolicyRule: Model for the rule, as defined below
cloudType String: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
complianceMetadatas List<PolicyComplianceMetadata>: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
deleted Boolean: Deleted
description String: Description
enabled Boolean: Enabled
labels List<String>: List of labels
name String: Policy name
overridden Boolean: Overridden
policySubtypes List<String>: Policy subtypes. Valid values are build, run
prismacloudPolicyId String
recommendation String: Remediation recommendation
remediation PolicyRemediation: Model for remediation, as defined below
restrictAlertDismissal Boolean: Restrict alert dismissal
severity String: Severity. Valid values are low (default), medium, high,informational, or critical.
timeouts PolicyTimeouts

policyType string: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
rule PolicyRule: Model for the rule, as defined below
cloudType string: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
complianceMetadatas PolicyComplianceMetadata[]: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
deleted boolean: Deleted
description string: Description
enabled boolean: Enabled
labels string[]: List of labels
name string: Policy name
overridden boolean: Overridden
policySubtypes string[]: Policy subtypes. Valid values are build, run
prismacloudPolicyId string
recommendation string: Remediation recommendation
remediation PolicyRemediation: Model for remediation, as defined below
restrictAlertDismissal boolean: Restrict alert dismissal
severity string: Severity. Valid values are low (default), medium, high,informational, or critical.
timeouts PolicyTimeouts

policy_type str: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
rule PolicyRuleArgs: Model for the rule, as defined below
cloud_type str: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
compliance_metadatas Sequence[PolicyComplianceMetadataArgs]: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
deleted bool: Deleted
description str: Description
enabled bool: Enabled
labels Sequence[str]: List of labels
name str: Policy name
overridden bool: Overridden
policy_subtypes Sequence[str]: Policy subtypes. Valid values are build, run
prismacloud_policy_id str
recommendation str: Remediation recommendation
remediation PolicyRemediationArgs: Model for remediation, as defined below
restrict_alert_dismissal bool: Restrict alert dismissal
severity str: Severity. Valid values are low (default), medium, high,informational, or critical.
timeouts PolicyTimeoutsArgs

policyType String: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
rule Property Map: Model for the rule, as defined below
cloudType String: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
complianceMetadatas List<Property Map>: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
deleted Boolean: Deleted
description String: Description
enabled Boolean: Enabled
labels List<String>: List of labels
name String: Policy name
overridden Boolean: Overridden
policySubtypes List<String>: Policy subtypes. Valid values are build, run
prismacloudPolicyId String
recommendation String: Remediation recommendation
remediation Property Map: Model for remediation, as defined below
restrictAlertDismissal Boolean: Restrict alert dismissal
severity String: Severity. Valid values are low (default), medium, high,informational, or critical.
timeouts Property Map

Outputs

All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

CreatedBy string: Created by
CreatedOn double: (int) Created on
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy string: Last modified by
LastModifiedOn double: (int) Last modified on
OpenAlertsCount double: (int) Open alerts count
Owner string: Owner
PolicyCategory string: Policy category
PolicyClass string: Policy class
PolicyId string: Policy ID
PolicyMode string: Policy mode
Remediable bool: (bool) Is remediable or not
RuleLastModifiedOn double: (int) Rule last modified on
SystemDefault bool: (bool) If policy is a system default policy or not

CreatedBy string: Created by
CreatedOn float64: (int) Created on
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy string: Last modified by
LastModifiedOn float64: (int) Last modified on
OpenAlertsCount float64: (int) Open alerts count
Owner string: Owner
PolicyCategory string: Policy category
PolicyClass string: Policy class
PolicyId string: Policy ID
PolicyMode string: Policy mode
Remediable bool: (bool) Is remediable or not
RuleLastModifiedOn float64: (int) Rule last modified on
SystemDefault bool: (bool) If policy is a system default policy or not

createdBy String: Created by
createdOn Double: (int) Created on
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy String: Last modified by
lastModifiedOn Double: (int) Last modified on
openAlertsCount Double: (int) Open alerts count
owner String: Owner
policyCategory String: Policy category
policyClass String: Policy class
policyId String: Policy ID
policyMode String: Policy mode
remediable Boolean: (bool) Is remediable or not
ruleLastModifiedOn Double: (int) Rule last modified on
systemDefault Boolean: (bool) If policy is a system default policy or not

createdBy string: Created by
createdOn number: (int) Created on
id string: The provider-assigned unique ID for this managed resource.
lastModifiedBy string: Last modified by
lastModifiedOn number: (int) Last modified on
openAlertsCount number: (int) Open alerts count
owner string: Owner
policyCategory string: Policy category
policyClass string: Policy class
policyId string: Policy ID
policyMode string: Policy mode
remediable boolean: (bool) Is remediable or not
ruleLastModifiedOn number: (int) Rule last modified on
systemDefault boolean: (bool) If policy is a system default policy or not

created_by str: Created by
created_on float: (int) Created on
id str: The provider-assigned unique ID for this managed resource.
last_modified_by str: Last modified by
last_modified_on float: (int) Last modified on
open_alerts_count float: (int) Open alerts count
owner str: Owner
policy_category str: Policy category
policy_class str: Policy class
policy_id str: Policy ID
policy_mode str: Policy mode
remediable bool: (bool) Is remediable or not
rule_last_modified_on float: (int) Rule last modified on
system_default bool: (bool) If policy is a system default policy or not

createdBy String: Created by
createdOn Number: (int) Created on
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy String: Last modified by
lastModifiedOn Number: (int) Last modified on
openAlertsCount Number: (int) Open alerts count
owner String: Owner
policyCategory String: Policy category
policyClass String: Policy class
policyId String: Policy ID
policyMode String: Policy mode
remediable Boolean: (bool) Is remediable or not
ruleLastModifiedOn Number: (int) Rule last modified on
systemDefault Boolean: (bool) If policy is a system default policy or not

Look up Existing Policy Resource

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cloud_type: Optional[str] = None,
        compliance_metadatas: Optional[Sequence[PolicyComplianceMetadataArgs]] = None,
        created_by: Optional[str] = None,
        created_on: Optional[float] = None,
        deleted: Optional[bool] = None,
        description: Optional[str] = None,
        enabled: Optional[bool] = None,
        labels: Optional[Sequence[str]] = None,
        last_modified_by: Optional[str] = None,
        last_modified_on: Optional[float] = None,
        name: Optional[str] = None,
        open_alerts_count: Optional[float] = None,
        overridden: Optional[bool] = None,
        owner: Optional[str] = None,
        policy_category: Optional[str] = None,
        policy_class: Optional[str] = None,
        policy_id: Optional[str] = None,
        policy_mode: Optional[str] = None,
        policy_subtypes: Optional[Sequence[str]] = None,
        policy_type: Optional[str] = None,
        prismacloud_policy_id: Optional[str] = None,
        recommendation: Optional[str] = None,
        remediable: Optional[bool] = None,
        remediation: Optional[PolicyRemediationArgs] = None,
        restrict_alert_dismissal: Optional[bool] = None,
        rule: Optional[PolicyRuleArgs] = None,
        rule_last_modified_on: Optional[float] = None,
        severity: Optional[str] = None,
        system_default: Optional[bool] = None,
        timeouts: Optional[PolicyTimeoutsArgs] = None) -> Policy

func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)

public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)

public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)

resources:  _:    type: prismacloud:Policy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CloudType string: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
ComplianceMetadatas List<PolicyComplianceMetadata>: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
CreatedBy string: Created by
CreatedOn double: (int) Created on
Deleted bool: Deleted
Description string: Description
Enabled bool: Enabled
Labels List<string>: List of labels
LastModifiedBy string: Last modified by
LastModifiedOn double: (int) Last modified on
Name string: Policy name
OpenAlertsCount double: (int) Open alerts count
Overridden bool: Overridden
Owner string: Owner
PolicyCategory string: Policy category
PolicyClass string: Policy class
PolicyId string: Policy ID
PolicyMode string: Policy mode
PolicySubtypes List<string>: Policy subtypes. Valid values are build, run
PolicyType string: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
PrismacloudPolicyId string
Recommendation string: Remediation recommendation
Remediable bool: (bool) Is remediable or not
Remediation PolicyRemediation: Model for remediation, as defined below
RestrictAlertDismissal bool: Restrict alert dismissal
Rule PolicyRule: Model for the rule, as defined below
RuleLastModifiedOn double: (int) Rule last modified on
Severity string: Severity. Valid values are low (default), medium, high,informational, or critical.
SystemDefault bool: (bool) If policy is a system default policy or not
Timeouts PolicyTimeouts

CloudType string: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
ComplianceMetadatas []PolicyComplianceMetadataArgs: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
CreatedBy string: Created by
CreatedOn float64: (int) Created on
Deleted bool: Deleted
Description string: Description
Enabled bool: Enabled
Labels []string: List of labels
LastModifiedBy string: Last modified by
LastModifiedOn float64: (int) Last modified on
Name string: Policy name
OpenAlertsCount float64: (int) Open alerts count
Overridden bool: Overridden
Owner string: Owner
PolicyCategory string: Policy category
PolicyClass string: Policy class
PolicyId string: Policy ID
PolicyMode string: Policy mode
PolicySubtypes []string: Policy subtypes. Valid values are build, run
PolicyType string: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
PrismacloudPolicyId string
Recommendation string: Remediation recommendation
Remediable bool: (bool) Is remediable or not
Remediation PolicyRemediationArgs: Model for remediation, as defined below
RestrictAlertDismissal bool: Restrict alert dismissal
Rule PolicyRuleArgs: Model for the rule, as defined below
RuleLastModifiedOn float64: (int) Rule last modified on
Severity string: Severity. Valid values are low (default), medium, high,informational, or critical.
SystemDefault bool: (bool) If policy is a system default policy or not
Timeouts PolicyTimeoutsArgs

cloudType String: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
complianceMetadatas List<PolicyComplianceMetadata>: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
createdBy String: Created by
createdOn Double: (int) Created on
deleted Boolean: Deleted
description String: Description
enabled Boolean: Enabled
labels List<String>: List of labels
lastModifiedBy String: Last modified by
lastModifiedOn Double: (int) Last modified on
name String: Policy name
openAlertsCount Double: (int) Open alerts count
overridden Boolean: Overridden
owner String: Owner
policyCategory String: Policy category
policyClass String: Policy class
policyId String: Policy ID
policyMode String: Policy mode
policySubtypes List<String>: Policy subtypes. Valid values are build, run
policyType String: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
prismacloudPolicyId String
recommendation String: Remediation recommendation
remediable Boolean: (bool) Is remediable or not
remediation PolicyRemediation: Model for remediation, as defined below
restrictAlertDismissal Boolean: Restrict alert dismissal
rule PolicyRule: Model for the rule, as defined below
ruleLastModifiedOn Double: (int) Rule last modified on
severity String: Severity. Valid values are low (default), medium, high,informational, or critical.
systemDefault Boolean: (bool) If policy is a system default policy or not
timeouts PolicyTimeouts

cloudType string: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
complianceMetadatas PolicyComplianceMetadata[]: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
createdBy string: Created by
createdOn number: (int) Created on
deleted boolean: Deleted
description string: Description
enabled boolean: Enabled
labels string[]: List of labels
lastModifiedBy string: Last modified by
lastModifiedOn number: (int) Last modified on
name string: Policy name
openAlertsCount number: (int) Open alerts count
overridden boolean: Overridden
owner string: Owner
policyCategory string: Policy category
policyClass string: Policy class
policyId string: Policy ID
policyMode string: Policy mode
policySubtypes string[]: Policy subtypes. Valid values are build, run
policyType string: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
prismacloudPolicyId string
recommendation string: Remediation recommendation
remediable boolean: (bool) Is remediable or not
remediation PolicyRemediation: Model for remediation, as defined below
restrictAlertDismissal boolean: Restrict alert dismissal
rule PolicyRule: Model for the rule, as defined below
ruleLastModifiedOn number: (int) Rule last modified on
severity string: Severity. Valid values are low (default), medium, high,informational, or critical.
systemDefault boolean: (bool) If policy is a system default policy or not
timeouts PolicyTimeouts

cloud_type str: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
compliance_metadatas Sequence[PolicyComplianceMetadataArgs]: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
created_by str: Created by
created_on float: (int) Created on
deleted bool: Deleted
description str: Description
enabled bool: Enabled
labels Sequence[str]: List of labels
last_modified_by str: Last modified by
last_modified_on float: (int) Last modified on
name str: Policy name
open_alerts_count float: (int) Open alerts count
overridden bool: Overridden
owner str: Owner
policy_category str: Policy category
policy_class str: Policy class
policy_id str: Policy ID
policy_mode str: Policy mode
policy_subtypes Sequence[str]: Policy subtypes. Valid values are build, run
policy_type str: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
prismacloud_policy_id str
recommendation str: Remediation recommendation
remediable bool: (bool) Is remediable or not
remediation PolicyRemediationArgs: Model for remediation, as defined below
restrict_alert_dismissal bool: Restrict alert dismissal
rule PolicyRuleArgs: Model for the rule, as defined below
rule_last_modified_on float: (int) Rule last modified on
severity str: Severity. Valid values are low (default), medium, high,informational, or critical.
system_default bool: (bool) If policy is a system default policy or not
timeouts PolicyTimeoutsArgs

cloudType String: Cloud type (Optional for policies having RQL query with multiway joins, otherwise required) - valid values are aws,azure,gcp,alibaba_cloud and all
complianceMetadatas List<Property Map>: List of compliance data. Each item has compliance standard, requirement, and/or section information, as defined below
createdBy String: Created by
createdOn Number: (int) Created on
deleted Boolean: Deleted
description String: Description
enabled Boolean: Enabled
labels List<String>: List of labels
lastModifiedBy String: Last modified by
lastModifiedOn Number: (int) Last modified on
name String: Policy name
openAlertsCount Number: (int) Open alerts count
overridden Boolean: Overridden
owner String: Owner
policyCategory String: Policy category
policyClass String: Policy class
policyId String: Policy ID
policyMode String: Policy mode
policySubtypes List<String>: Policy subtypes. Valid values are build, run
policyType String: Policy type. Valid values are config, audit_event, iam, network, data, anomaly or attack_path
prismacloudPolicyId String
recommendation String: Remediation recommendation
remediable Boolean: (bool) Is remediable or not
remediation Property Map: Model for remediation, as defined below
restrictAlertDismissal Boolean: Restrict alert dismissal
rule Property Map: Model for the rule, as defined below
ruleLastModifiedOn Number: (int) Rule last modified on
severity String: Severity. Valid values are low (default), medium, high,informational, or critical.
systemDefault Boolean: (bool) If policy is a system default policy or not
timeouts Property Map

Supporting Types

PolicyComplianceMetadata
, PolicyComplianceMetadataArgs

ComplianceId string: Compliance Section UUID
CustomAssigned bool: (bool) Custom assigned
PolicyId string: Policy ID
RequirementDescription string: Requirement description
RequirementId string: Requirement ID
RequirementName string: Requirement name
SectionDescription string: Section description
SectionId string: Section ID
SectionLabel string: Section label
StandardDescription string: Compliance standard description
StandardName string: Compliance standard name

ComplianceId string: Compliance Section UUID
CustomAssigned bool: (bool) Custom assigned
PolicyId string: Policy ID
RequirementDescription string: Requirement description
RequirementId string: Requirement ID
RequirementName string: Requirement name
SectionDescription string: Section description
SectionId string: Section ID
SectionLabel string: Section label
StandardDescription string: Compliance standard description
StandardName string: Compliance standard name

complianceId String: Compliance Section UUID
customAssigned Boolean: (bool) Custom assigned
policyId String: Policy ID
requirementDescription String: Requirement description
requirementId String: Requirement ID
requirementName String: Requirement name
sectionDescription String: Section description
sectionId String: Section ID
sectionLabel String: Section label
standardDescription String: Compliance standard description
standardName String: Compliance standard name

complianceId string: Compliance Section UUID
customAssigned boolean: (bool) Custom assigned
policyId string: Policy ID
requirementDescription string: Requirement description
requirementId string: Requirement ID
requirementName string: Requirement name
sectionDescription string: Section description
sectionId string: Section ID
sectionLabel string: Section label
standardDescription string: Compliance standard description
standardName string: Compliance standard name

compliance_id str: Compliance Section UUID
custom_assigned bool: (bool) Custom assigned
policy_id str: Policy ID
requirement_description str: Requirement description
requirement_id str: Requirement ID
requirement_name str: Requirement name
section_description str: Section description
section_id str: Section ID
section_label str: Section label
standard_description str: Compliance standard description
standard_name str: Compliance standard name

complianceId String: Compliance Section UUID
customAssigned Boolean: (bool) Custom assigned
policyId String: Policy ID
requirementDescription String: Requirement description
requirementId String: Requirement ID
requirementName String: Requirement name
sectionDescription String: Section description
sectionId String: Section ID
sectionLabel String: Section label
standardDescription String: Compliance standard description
standardName String: Compliance standard name

PolicyRemediation
, PolicyRemediationArgs

Actions List<PolicyRemediationAction>: List of actions, as defined below
CliScriptJsonSchemaString string: CLI script JSON schema
CliScriptTemplate string: CLI script template
Description string: Description
TemplateType string: Template type

Actions []PolicyRemediationAction: List of actions, as defined below
CliScriptJsonSchemaString string: CLI script JSON schema
CliScriptTemplate string: CLI script template
Description string: Description
TemplateType string: Template type

actions List<PolicyRemediationAction>: List of actions, as defined below
cliScriptJsonSchemaString String: CLI script JSON schema
cliScriptTemplate String: CLI script template
description String: Description
templateType String: Template type

actions PolicyRemediationAction[]: List of actions, as defined below
cliScriptJsonSchemaString string: CLI script JSON schema
cliScriptTemplate string: CLI script template
description string: Description
templateType string: Template type

actions Sequence[PolicyRemediationAction]: List of actions, as defined below
cli_script_json_schema_string str: CLI script JSON schema
cli_script_template str: CLI script template
description str: Description
template_type str: Template type

actions List<Property Map>: List of actions, as defined below
cliScriptJsonSchemaString String: CLI script JSON schema
cliScriptTemplate String: CLI script template
description String: Description
templateType String: Template type

PolicyRemediationAction
, PolicyRemediationActionArgs

Operation string: Operation
Payload string: Payload

Operation string: Operation
Payload string: Payload

operation String: Operation
payload String: Payload

operation string: Operation
payload string: Payload

operation str: Operation
payload str: Payload

operation String: Operation
payload String: Payload

PolicyRule
, PolicyRuleArgs

Name string: Name
RuleType string: Type of rule or RQL query. Valid values are Config, AuditEvent, IAM, Network, DLP, Anomaly or NetworkConfig
ApiName string: API name
Childrens List<PolicyRuleChildren>: Children description for build policy, as defined below
CloudAccount string: Cloud account
CloudType string: Cloud type
Criteria string: Saved search ID that defines the rule criteria
DataCriteria PolicyRuleDataCriteria: Criteria for DLP Rule, as defined below
Parameters Dictionary<string, string>: Parameters. Valid keys are withIac and savedSearch and value is "true"or "false" (SavedSearch is true when we are using savedsearch and it is false when we directly give search query and withIac is true for build policies otherwise false)
ResourceIdPath string: Resource ID path
ResourceType string: Resource type

Name string: Name
RuleType string: Type of rule or RQL query. Valid values are Config, AuditEvent, IAM, Network, DLP, Anomaly or NetworkConfig
ApiName string: API name
Childrens []PolicyRuleChildren: Children description for build policy, as defined below
CloudAccount string: Cloud account
CloudType string: Cloud type
Criteria string: Saved search ID that defines the rule criteria
DataCriteria PolicyRuleDataCriteria: Criteria for DLP Rule, as defined below
Parameters map[string]string: Parameters. Valid keys are withIac and savedSearch and value is "true"or "false" (SavedSearch is true when we are using savedsearch and it is false when we directly give search query and withIac is true for build policies otherwise false)
ResourceIdPath string: Resource ID path
ResourceType string: Resource type

name String: Name
ruleType String: Type of rule or RQL query. Valid values are Config, AuditEvent, IAM, Network, DLP, Anomaly or NetworkConfig
apiName String: API name
childrens List<PolicyRuleChildren>: Children description for build policy, as defined below
cloudAccount String: Cloud account
cloudType String: Cloud type
criteria String: Saved search ID that defines the rule criteria
dataCriteria PolicyRuleDataCriteria: Criteria for DLP Rule, as defined below
parameters Map<String,String>: Parameters. Valid keys are withIac and savedSearch and value is "true"or "false" (SavedSearch is true when we are using savedsearch and it is false when we directly give search query and withIac is true for build policies otherwise false)
resourceIdPath String: Resource ID path
resourceType String: Resource type

name string: Name
ruleType string: Type of rule or RQL query. Valid values are Config, AuditEvent, IAM, Network, DLP, Anomaly or NetworkConfig
apiName string: API name
childrens PolicyRuleChildren[]: Children description for build policy, as defined below
cloudAccount string: Cloud account
cloudType string: Cloud type
criteria string: Saved search ID that defines the rule criteria
dataCriteria PolicyRuleDataCriteria: Criteria for DLP Rule, as defined below
parameters {[key: string]: string}: Parameters. Valid keys are withIac and savedSearch and value is "true"or "false" (SavedSearch is true when we are using savedsearch and it is false when we directly give search query and withIac is true for build policies otherwise false)
resourceIdPath string: Resource ID path
resourceType string: Resource type

name str: Name
rule_type str: Type of rule or RQL query. Valid values are Config, AuditEvent, IAM, Network, DLP, Anomaly or NetworkConfig
api_name str: API name
childrens Sequence[PolicyRuleChildren]: Children description for build policy, as defined below
cloud_account str: Cloud account
cloud_type str: Cloud type
criteria str: Saved search ID that defines the rule criteria
data_criteria PolicyRuleDataCriteria: Criteria for DLP Rule, as defined below
parameters Mapping[str, str]: Parameters. Valid keys are withIac and savedSearch and value is "true"or "false" (SavedSearch is true when we are using savedsearch and it is false when we directly give search query and withIac is true for build policies otherwise false)
resource_id_path str: Resource ID path
resource_type str: Resource type

name String: Name
ruleType String: Type of rule or RQL query. Valid values are Config, AuditEvent, IAM, Network, DLP, Anomaly or NetworkConfig
apiName String: API name
childrens List<Property Map>: Children description for build policy, as defined below
cloudAccount String: Cloud account
cloudType String: Cloud type
criteria String: Saved search ID that defines the rule criteria
dataCriteria Property Map: Criteria for DLP Rule, as defined below
parameters Map<String>: Parameters. Valid keys are withIac and savedSearch and value is "true"or "false" (SavedSearch is true when we are using savedsearch and it is false when we directly give search query and withIac is true for build policies otherwise false)
resourceIdPath String: Resource ID path
resourceType String: Resource type

PolicyRuleChildren
, PolicyRuleChildrenArgs

Criteria string: Criteria for build policy.
Metadata Dictionary<string, string>: YAML string for code build policy. Valid key is code.
Recommendation string: Recommendation.
Type string: Type of policy. Valid values are: tf, cft, k8s or build.

Criteria string: Criteria for build policy.
Metadata map[string]string: YAML string for code build policy. Valid key is code.
Recommendation string: Recommendation.
Type string: Type of policy. Valid values are: tf, cft, k8s or build.

criteria String: Criteria for build policy.
metadata Map<String,String>: YAML string for code build policy. Valid key is code.
recommendation String: Recommendation.
type String: Type of policy. Valid values are: tf, cft, k8s or build.

criteria string: Criteria for build policy.
metadata {[key: string]: string}: YAML string for code build policy. Valid key is code.
recommendation string: Recommendation.
type string: Type of policy. Valid values are: tf, cft, k8s or build.

criteria str: Criteria for build policy.
metadata Mapping[str, str]: YAML string for code build policy. Valid key is code.
recommendation str: Recommendation.
type str: Type of policy. Valid values are: tf, cft, k8s or build.

criteria String: Criteria for build policy.
metadata Map<String>: YAML string for code build policy. Valid key is code.
recommendation String: Recommendation.
type String: Type of policy. Valid values are: tf, cft, k8s or build.

PolicyRuleDataCriteria
, PolicyRuleDataCriteriaArgs

ClassificationResult string: Data Profile name required for DLP rule criteria
Exposure string: File exposure. Valid values are private, public, or conditional
Extensions List<string>: List of file extensions

ClassificationResult string: Data Profile name required for DLP rule criteria
Exposure string: File exposure. Valid values are private, public, or conditional
Extensions []string: List of file extensions

classificationResult String: Data Profile name required for DLP rule criteria
exposure String: File exposure. Valid values are private, public, or conditional
extensions List<String>: List of file extensions

classificationResult string: Data Profile name required for DLP rule criteria
exposure string: File exposure. Valid values are private, public, or conditional
extensions string[]: List of file extensions

classification_result str: Data Profile name required for DLP rule criteria
exposure str: File exposure. Valid values are private, public, or conditional
extensions Sequence[str]: List of file extensions

classificationResult String: Data Profile name required for DLP rule criteria
exposure String: File exposure. Valid values are private, public, or conditional
extensions List<String>: List of file extensions

PolicyTimeouts
, PolicyTimeoutsArgs

Create string
Delete string
Update string

Create string
Delete string
Update string

create String
delete String
update String

create string
delete string
update string

create str
delete str
update str

create String
delete String
update String

Import

Resources can be imported using the policy ID:

$ pulumi import prismacloud:index/policy:Policy example 11111111-2222-3333-4444-555555555555

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: prismacloud paloaltonetworks/terraform-provider-prismacloud
License
Notes: This Pulumi package is based on the prismacloud Terraform Provider.

prismacloud 1.7.0 published on Monday, Apr 14, 2025 by paloaltonetworks

paloaltonetworks/terraform-provider-prismacloud

Example Usage
Custom Build Policy)
Custom Run Policy Without Any RQL Saved Search)
Custom Run Policy With An RQL Saved Search)
Custom Build And Run Policy)
Attack Path Policy)
Create Policy Resource
Constructor syntax
Constructor example
Policy Resource Properties
Inputs
Outputs
Look up Existing Policy Resource
Supporting Types
Import
Package Details

Request a Change

prismacloud.Policy

On this page

On this page

Example Usage

Custom Build Policy)

Custom Run Policy Without Any RQL Saved Search)

Custom Run Policy With An RQL Saved Search)

Custom Build And Run Policy)

Attack Path Policy)

Create Policy Resource

Constructor syntax

Parameters

Constructor example

Policy Resource Properties

Inputs

Outputs

Look up Existing Policy Resource

Supporting Types

PolicyComplianceMetadata
, PolicyComplianceMetadataArgs

PolicyRemediation
, PolicyRemediationArgs

PolicyRemediationAction
, PolicyRemediationActionArgs

PolicyRule
, PolicyRuleArgs

PolicyRuleChildren
, PolicyRuleChildrenArgs

PolicyRuleDataCriteria
, PolicyRuleDataCriteriaArgs

PolicyTimeouts
, PolicyTimeoutsArgs

Import

Package Details

On this page

On this page

prismacloud.Policy

On this page

On this page

Example Usage

Custom Build Policy)

Custom Run Policy Without Any RQL Saved Search)

Custom Run Policy With An RQL Saved Search)

Custom Build And Run Policy)

Attack Path Policy)

Create Policy Resource

Constructor syntax

Parameters

Constructor example

Policy Resource Properties

Inputs

Outputs

Look up Existing Policy Resource

Supporting Types

PolicyComplianceMetadata, PolicyComplianceMetadataArgs

PolicyRemediation, PolicyRemediationArgs

PolicyRemediationAction, PolicyRemediationActionArgs

PolicyRule, PolicyRuleArgs

PolicyRuleChildren, PolicyRuleChildrenArgs

PolicyRuleDataCriteria, PolicyRuleDataCriteriaArgs

PolicyTimeouts, PolicyTimeoutsArgs

Import

Package Details

On this page

On this page

PolicyComplianceMetadata
, PolicyComplianceMetadataArgs

PolicyRemediation
, PolicyRemediationArgs

PolicyRemediationAction
, PolicyRemediationActionArgs

PolicyRule
, PolicyRuleArgs

PolicyRuleChildren
, PolicyRuleChildrenArgs

PolicyRuleDataCriteria
, PolicyRuleDataCriteriaArgs

PolicyTimeouts
, PolicyTimeoutsArgs