UNPKG

@cloudtoolkit/aws

Version:

The Cloud Toolkit AWS provider for Pulumi provision well-architected solutions in [AWS](https://aws.amazon.com/). With Cloud Toolkit AWS you can use your preferred programming language to manage your platform with Infrastructure as Code.

183 lines (182 loc) 5.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../../types/input"; export interface AccountIamArgs { /** * The alias to be used for IAM. */ alias?: pulumi.Input<string>; /** * The IAM password policy configuration. */ passwordPolicy?: pulumi.Input<inputs.landingzone.AccountPasswordPolicyArgs>; } export interface AccountPasswordPolicyArgs { /** * Enable the creation of IAM Password Policy. Defaults to 'true'. */ enabled?: pulumi.Input<boolean>; /** * The rules to be applied to the IAM Password Policy */ rules?: pulumi.Input<inputs.landingzone.AccountPasswordPolicyRulesArgs>; } export interface AccountPasswordPolicyRulesArgs { /** * Whether to allow users to change their own password. Defaults to 'true'. */ allowUsersToChangePassword?: pulumi.Input<boolean>; /** * Whether users are prevented from setting a new password after their password has expired (i.e., require administrator reset). Defaults to 'true'. */ hardExpiry?: pulumi.Input<boolean>; /** * The number of days that an user password is valid. Defaults to '90'. */ maxPasswordAge?: pulumi.Input<number>; /** * Minimum length to require for user passwords. Defaults to '14'. */ minimumPasswordLength?: pulumi.Input<number>; /** * The number of previous passwords that users are prevented from reusing. Defaults to '0'. */ passwordReusePrevention?: pulumi.Input<number>; /** * Whether to require lowercase characters for user passwords. Defaults to 'true'. */ requireLowercaseCharacters?: pulumi.Input<boolean>; /** * Whether to require numbers for user passwords. Defaults to 'true'. */ requireNumbers?: pulumi.Input<boolean>; /** * Whether to require symbols for user passwords. Defaults to 'true'. */ requireSymbols?: pulumi.Input<boolean>; /** * Whether to require uppercase characters for user passwords. Defaults to 'true'. */ requireUppercaseCharacters?: pulumi.Input<boolean>; } export interface AuditLoggingCloudWatchArgs { /** * Enable storing audit logs in CloudWatch. Defaults to 'false'. */ enabled: pulumi.Input<boolean>; /** * The data retention in days. Defaults to '1'. */ retentionDays?: pulumi.Input<number>; } export interface IamTrustedAccountRoleArgs { name: pulumi.Input<string>; } export interface IamTrustingAccountRoleArgs { name: pulumi.Input<string>; policyNames: pulumi.Input<pulumi.Input<string>[]>; } export interface LandingZoneAuditArgs { /** * Select the Organization account to be used to store the audit logs. */ accountName?: pulumi.Input<string>; /** * Store the audit logs in CloudWatch to enable easy searching. */ cloudwatch?: pulumi.Input<inputs.landingzone.LandingZoneAuditCloudWatchArgs>; /** * Enable audit logging. Defaults to 'true'. */ enabled?: pulumi.Input<boolean>; /** * The data retention in days. Defaults to '7'. */ retentionDays?: pulumi.Input<number>; } export interface LandingZoneAuditCloudWatchArgs { /** * Enable storing audit logs in CloudWatch. Defaults to 'false'. */ enabled: pulumi.Input<boolean>; /** * The data retention in days. Defaults to '1'. */ retentionDays?: pulumi.Input<number>; } export interface LandingZoneIamArgs { accountName?: pulumi.Input<string>; roles?: pulumi.Input<pulumi.Input<inputs.landingzone.LandingZoneIamRoleArgs>[]>; } export interface LandingZoneIamRoleArgs { name: pulumi.Input<string>; policyNames: pulumi.Input<pulumi.Input<string>[]>; } export interface OrganizationArgs { /** * The list of AWS Account to be configured in the Organization. */ accounts?: pulumi.Input<pulumi.Input<inputs.landingzone.OrganizationAccountArgs>[]>; /** * The list of enabled Organizations Policies in the organization. */ enabledPolicies?: pulumi.Input<pulumi.Input<string>[]>; /** * The FeatureSet in the Organization.. */ featureSet?: pulumi.Input<string>; /** * The organization ID to import the Organization in the stack. If not set a new AWS Organization will be created. Defaults to undefined. */ organizationId?: pulumi.Input<string>; /** * The Organization policies to be applied. */ policies?: pulumi.Input<inputs.landingzone.OrganizationPoliciesArgs>; /** * The list of AWS Service Access Principals enabled in the organization. */ services?: pulumi.Input<pulumi.Input<string>[]>; } export interface OrganizationAccountArgs { /** * The AWS Account ID to be used to import the Account in the Organization. If not set, a new AWS Account will be created. */ accountId?: pulumi.Input<string>; /** * Admin role for the IAM Account. */ adminRoleName?: pulumi.Input<string>; /** * The email associated to the IAM Account. */ email: pulumi.Input<string>; /** * The configuration for IAM. */ iam: pulumi.Input<inputs.landingzone.AccountIamArgs>; /** * The name of the IAM Account. */ name: pulumi.Input<string>; ou?: pulumi.Input<string>; /** * The parentId of the imported account. */ parentId?: pulumi.Input<string>; } export interface OrganizationPoliciesArgs { /** * Deny IAM Account to leave the organization. Enabled by default. */ denyLeaveOrganization?: pulumi.Input<inputs.landingzone.OrganizationPolicyArgs>; } export interface OrganizationPolicyArgs { /** * Enable the policy/ */ enabled?: pulumi.Input<boolean>; /** * Import the policy with the given id */ policyId?: pulumi.Input<string>; }