UNPKG

@enfo/aws-cdkompliance

Version:

Tagging and compliant resources using the CDK

github.com/enfogroup/aws-cdk-compliance

72 lines 7.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.exemptBucketFromSslAutoFix = exports.exemptBucketFromBlockPublicAutoFix = exports.ExemptionValue = exports.enableBackups = exports.BackupPlan = void 0; const aws_cdk_lib_1 = require("aws-cdk-lib"); /** * Available Backup plans. Availability depends on your agreement with Enfo */ var BackupPlan; (function (BackupPlan) { /** * Creates backups in the region of the resource */ BackupPlan["STANDARD"] = "Standard"; /** * Creates backups in the region of the resource, and copies of those backups in eu-north-1, the Stockholm region */ BackupPlan["STOCKHOLM"] = "StandardCrossRegionStockholm"; /** * Creates backups in the region of the resource, and copies of those backups in eu-west-1, the Ireland region */ BackupPlan["IRELAND"] = "StandardCrossRegionIreland"; /** * Creates backups in the region of the resource, and copies of those backups in eu-central-1, the Frankfurt region */ BackupPlan["FRANKFURT"] = "StandardCrossRegionFrankfurt"; })(BackupPlan = exports.BackupPlan || (exports.BackupPlan = {})); /** * Tags a CDK Construct to enable Enfo Standard Backups. * If an a stack is supplied this will be applied to all resources within the stack. * See README for examples * * Backups only applies to databases. The following types of resources will be affected: * Aurora * RDS * DynamoDB * EBS * EC2 * EFS * FSx * Storage Gateway * DocumentDB * Neptune * * @param construct * A CDK Construct * @param backupPlan * Which BackupPlan to use. Defaults to STANDARD */ exports.enableBackups = (construct, backupPlan = BackupPlan.STANDARD) => { aws_cdk_lib_1.Tags.of(construct).add('BackupPlan', backupPlan); }; /** * Static value used for exemption tags */ exports.ExemptionValue = 'Exempt'; /** * Tags a Bucket as exempt from the auto fixing of https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-s3-2 which is handled within Enfo managed accounts * @param bucket * CDK Bucket Construct */ exports.exemptBucketFromBlockPublicAutoFix = (bucket) => { aws_cdk_lib_1.Tags.of(bucket).add('BlockPublicAccessAutomation', exports.ExemptionValue); }; /** * Tags a Bucket as exempt from the auto fixing of https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-s3-5 which is handled within Enfo managed accounts * @param bucket * CDK Bucket Construct */ exports.exemptBucketFromSslAutoFix = (bucket) => { aws_cdk_lib_1.Tags.of(bucket).add('SecureTransportAutomation', exports.ExemptionValue); }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGFncy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInRhZ3MudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWtDO0FBSWxDOztHQUVHO0FBQ0gsSUFBWSxVQWlCWDtBQWpCRCxXQUFZLFVBQVU7SUFDcEI7O09BRUc7SUFDSCxtQ0FBcUIsQ0FBQTtJQUNyQjs7T0FFRztJQUNILHdEQUEwQyxDQUFBO0lBQzFDOztPQUVHO0lBQ0gsb0RBQXNDLENBQUE7SUFDdEM7O09BRUc7SUFDSCx3REFBMEMsQ0FBQTtBQUM1QyxDQUFDLEVBakJXLFVBQVUsR0FBVixrQkFBVSxLQUFWLGtCQUFVLFFBaUJyQjtBQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FxQkc7QUFDVSxRQUFBLGFBQWEsR0FBRyxDQUFDLFNBQW9CLEVBQUUsYUFBeUIsVUFBVSxDQUFDLFFBQVEsRUFBUSxFQUFFO0lBQ3hHLGtCQUFJLENBQUMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxZQUFZLEVBQUUsVUFBVSxDQUFDLENBQUE7QUFDbEQsQ0FBQyxDQUFBO0FBRUQ7O0dBRUc7QUFDVSxRQUFBLGNBQWMsR0FBRyxRQUFRLENBQUE7QUFFdEM7Ozs7R0FJRztBQUNVLFFBQUEsa0NBQWtDLEdBQUcsQ0FBQyxNQUFjLEVBQVEsRUFBRTtJQUN6RSxrQkFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxHQUFHLENBQUMsNkJBQTZCLEVBQUUsc0JBQWMsQ0FBQyxDQUFBO0FBQ3BFLENBQUMsQ0FBQTtBQUVEOzs7O0dBSUc7QUFDVSxRQUFBLDBCQUEwQixHQUFHLENBQUMsTUFBYyxFQUFRLEVBQUU7SUFDakUsa0JBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsR0FBRyxDQUFDLDJCQUEyQixFQUFFLHNCQUFjLENBQUMsQ0FBQTtBQUNsRSxDQUFDLENBQUEiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBUYWdzIH0gZnJvbSAnYXdzLWNkay1saWInXG5pbXBvcnQgeyBCdWNrZXQgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtczMnXG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJ1xuXG4vKipcbiAqIEF2YWlsYWJsZSBCYWNrdXAgcGxhbnMuIEF2YWlsYWJpbGl0eSBkZXBlbmRzIG9uIHlvdXIgYWdyZWVtZW50IHdpdGggRW5mb1xuICovXG5leHBvcnQgZW51bSBCYWNrdXBQbGFuIHtcbiAgLyoqXG4gICAqIENyZWF0ZXMgYmFja3VwcyBpbiB0aGUgcmVnaW9uIG9mIHRoZSByZXNvdXJjZVxuICAgKi9cbiAgU1RBTkRBUkQgPSAnU3RhbmRhcmQnLFxuICAvKipcbiAgICogQ3JlYXRlcyBiYWNrdXBzIGluIHRoZSByZWdpb24gb2YgdGhlIHJlc291cmNlLCBhbmQgY29waWVzIG9mIHRob3NlIGJhY2t1cHMgaW4gZXUtbm9ydGgtMSwgdGhlIFN0b2NraG9sbSByZWdpb25cbiAgICovXG4gIFNUT0NLSE9MTSA9ICdTdGFuZGFyZENyb3NzUmVnaW9uU3RvY2tob2xtJyxcbiAgLyoqXG4gICAqIENyZWF0ZXMgYmFja3VwcyBpbiB0aGUgcmVnaW9uIG9mIHRoZSByZXNvdXJjZSwgYW5kIGNvcGllcyBvZiB0aG9zZSBiYWNrdXBzIGluIGV1LXdlc3QtMSwgdGhlIElyZWxhbmQgcmVnaW9uXG4gICAqL1xuICBJUkVMQU5EID0gJ1N0YW5kYXJkQ3Jvc3NSZWdpb25JcmVsYW5kJyxcbiAgLyoqXG4gICAqIENyZWF0ZXMgYmFja3VwcyBpbiB0aGUgcmVnaW9uIG9mIHRoZSByZXNvdXJjZSwgYW5kIGNvcGllcyBvZiB0aG9zZSBiYWNrdXBzIGluIGV1LWNlbnRyYWwtMSwgdGhlIEZyYW5rZnVydCByZWdpb25cbiAgICovXG4gIEZSQU5LRlVSVCA9ICdTdGFuZGFyZENyb3NzUmVnaW9uRnJhbmtmdXJ0J1xufVxuXG4vKipcbiAqIFRhZ3MgYSBDREsgQ29uc3RydWN0IHRvIGVuYWJsZSBFbmZvIFN0YW5kYXJkIEJhY2t1cHMuXG4gKiBJZiBhbiBhIHN0YWNrIGlzIHN1cHBsaWVkIHRoaXMgd2lsbCBiZSBhcHBsaWVkIHRvIGFsbCByZXNvdXJjZXMgd2l0aGluIHRoZSBzdGFjay5cbiAqIFNlZSBSRUFETUUgZm9yIGV4YW1wbGVzXG4gKlxuICogQmFja3VwcyBvbmx5IGFwcGxpZXMgdG8gZGF0YWJhc2VzLiBUaGUgZm9sbG93aW5nIHR5cGVzIG9mIHJlc291cmNlcyB3aWxsIGJlIGFmZmVjdGVkOlxuICogQXVyb3JhXG4gKiBSRFNcbiAqIER5bmFtb0RCXG4gKiBFQlNcbiAqIEVDMlxuICogRUZTXG4gKiBGU3hcbiAqIFN0b3JhZ2UgR2F0ZXdheVxuICogRG9jdW1lbnREQlxuICogTmVwdHVuZVxuICpcbiAqIEBwYXJhbSBjb25zdHJ1Y3RcbiAqIEEgQ0RLIENvbnN0cnVjdFxuICogQHBhcmFtIGJhY2t1cFBsYW5cbiAqIFdoaWNoIEJhY2t1cFBsYW4gdG8gdXNlLiBEZWZhdWx0cyB0byBTVEFOREFSRFxuICovXG5leHBvcnQgY29uc3QgZW5hYmxlQmFja3VwcyA9IChjb25zdHJ1Y3Q6IENvbnN0cnVjdCwgYmFja3VwUGxhbjogQmFja3VwUGxhbiA9IEJhY2t1cFBsYW4uU1RBTkRBUkQpOiB2b2lkID0+IHtcbiAgVGFncy5vZihjb25zdHJ1Y3QpLmFkZCgnQmFja3VwUGxhbicsIGJhY2t1cFBsYW4pXG59XG5cbi8qKlxuICogU3RhdGljIHZhbHVlIHVzZWQgZm9yIGV4ZW1wdGlvbiB0YWdzXG4gKi9cbmV4cG9ydCBjb25zdCBFeGVtcHRpb25WYWx1ZSA9ICdFeGVtcHQnXG5cbi8qKlxuICogVGFncyBhIEJ1Y2tldCBhcyBleGVtcHQgZnJvbSB0aGUgYXV0byBmaXhpbmcgb2YgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3NlY3VyaXR5aHViL2xhdGVzdC91c2VyZ3VpZGUvc2VjdXJpdHlodWItc3RhbmRhcmRzLWZzYnAtY29udHJvbHMuaHRtbCNmc2JwLXMzLTIgd2hpY2ggaXMgaGFuZGxlZCB3aXRoaW4gRW5mbyBtYW5hZ2VkIGFjY291bnRzXG4gKiBAcGFyYW0gYnVja2V0XG4gKiBDREsgQnVja2V0IENvbnN0cnVjdFxuICovXG5leHBvcnQgY29uc3QgZXhlbXB0QnVja2V0RnJvbUJsb2NrUHVibGljQXV0b0ZpeCA9IChidWNrZXQ6IEJ1Y2tldCk6IHZvaWQgPT4ge1xuICBUYWdzLm9mKGJ1Y2tldCkuYWRkKCdCbG9ja1B1YmxpY0FjY2Vzc0F1dG9tYXRpb24nLCBFeGVtcHRpb25WYWx1ZSlcbn1cblxuLyoqXG4gKiBUYWdzIGEgQnVja2V0IGFzIGV4ZW1wdCBmcm9tIHRoZSBhdXRvIGZpeGluZyBvZiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vc2VjdXJpdHlodWIvbGF0ZXN0L3VzZXJndWlkZS9zZWN1cml0eWh1Yi1zdGFuZGFyZHMtZnNicC1jb250cm9scy5odG1sI2ZzYnAtczMtNSB3aGljaCBpcyBoYW5kbGVkIHdpdGhpbiBFbmZvIG1hbmFnZWQgYWNjb3VudHNcbiAqIEBwYXJhbSBidWNrZXRcbiAqIENESyBCdWNrZXQgQ29uc3RydWN0XG4gKi9cbmV4cG9ydCBjb25zdCBleGVtcHRCdWNrZXRGcm9tU3NsQXV0b0ZpeCA9IChidWNrZXQ6IEJ1Y2tldCk6IHZvaWQgPT4ge1xuICBUYWdzLm9mKGJ1Y2tldCkuYWRkKCdTZWN1cmVUcmFuc3BvcnRBdXRvbWF0aW9uJywgRXhlbXB0aW9uVmFsdWUpXG59XG4iXX0=