@pulumi/aws-compliance-policies
Version:
This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.
68 lines (67 loc) • 2.71 kB
TypeScript
import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Distribution {
/**
* Checks that any CloudFront distributions have access logging configured.
*
* @severity medium
* @frameworks hitrust, iso27001, pcidss
* @topics logging, network
* @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
*/
const configureAccessLogging: ResourceValidationPolicy;
/**
* Checks that CloudFront distributions uses secure/modern TLS encryption.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, network
* @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html
*/
const configureSecureTls: ResourceValidationPolicy;
/**
* Checks that CloudFront distributions communicate with custom origins using TLS 1.2 encryption only.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, network
* @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html
*/
const configureSecureTlsToOrigin: ResourceValidationPolicy;
/**
* Checks that any CloudFront distribution has a WAF ACL associated.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics network
* @link https://docs.aws.amazon.com/waf/latest/developerguide/cloudfront-features.html
*/
const configureWaf: ResourceValidationPolicy;
/**
* Checks that CloudFront distributions only allow encypted ingress traffic.
*
* @severity critical
* @frameworks hitrust, iso27001, pcidss
* @topics network
* @link https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
*/
const disallowUnencryptedTraffic: ResourceValidationPolicy;
/**
* Checks that any CloudFront distributions have access logging enabled.
*
* @severity medium
* @frameworks hitrust, iso27001, pcidss
* @topics logging, network
* @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
*/
const enableAccessLogging: ResourceValidationPolicy;
/**
* Checks that CloudFront distributions communicate with custom origins using TLS encryption.
*
* @severity critical
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, network
* @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html
*/
const enableTlsToOrigin: ResourceValidationPolicy;
}
export { Distribution };