@pulumi/aws-compliance-policies
Version:
This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.
140 lines (139 loc) • 5.07 kB
TypeScript
import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Instance {
/**
* Checks that EC2 instances do not have a public IP address.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics network
* @link none
*/
const disallowPublicIp: ResourceValidationPolicy;
/**
* Checks that EC2 instances do not have unencrypted block devices.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
*/
const disallowUnencryptedBlockDevice: ResourceValidationPolicy;
/**
* Checks that EC2 instances does not have unencrypted root volumes.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html
*/
const disallowUnencryptedRootBlockDevice: ResourceValidationPolicy;
}
export { Instance };
declare namespace LaunchConfiguration {
/**
* Checks that EC2 Launch Configurations do not have a public IP address.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics network
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
*/
const disallowPublicIp: ResourceValidationPolicy;
/**
* Checks that EC2 Launch Configurations do not have unencrypted block devices.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
*/
const disallowUnencryptedBlockDevice: ResourceValidationPolicy;
/**
* Checks that EC2 launch configuration do not have unencrypted root block device.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html
*/
const disallowUnencryptedRootBlockDevice: ResourceValidationPolicy;
}
export { LaunchConfiguration };
declare namespace LaunchTemplate {
/**
* Check that encrypted EBS volume uses a customer-managed KMS key.
*
* @severity low
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
*/
const configureCustomerManagedKey: ResourceValidationPolicy;
/**
* Checks that EC2 Launch Templates do not have public IP addresses.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics network
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
*/
const disallowPublicIp: ResourceValidationPolicy;
/**
* Checks that EC2 Launch Templates do not have unencrypted block device.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
*/
const disallowUnencryptedBlockDevice: ResourceValidationPolicy;
}
export { LaunchTemplate };
declare namespace SecurityGroup {
/**
* Check that EC2 Security Groups do not allow inbound HTTP traffic.
*
* @severity critical
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, network
* @link https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
*/
const disallowInboundHttpTraffic: ResourceValidationPolicy;
/**
* Check that EC2 Security Groups do not allow ingress traffic from the Internet.
*
* @severity critical
* @frameworks hitrust, iso27001, pcidss
* @topics network
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
*/
const disallowPublicInternetIngress: ResourceValidationPolicy;
/**
* Checks that all security groups have a description.
*
* @severity low
* @frameworks none
* @topics documentation
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html
*/
const missingDescription: ResourceValidationPolicy;
/**
* Checks that all Egress Security Groups rules have a description.
*
* @severity low
* @frameworks none
* @topics documentation
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html
*/
const missingEgressRuleDescription: ResourceValidationPolicy;
/**
* Checks that all Ingress Security Groups rules have a description.
*
* @severity low
* @frameworks none
* @topics documentation
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html
*/
const missingIngressRuleDescription: ResourceValidationPolicy;
}
export { SecurityGroup };