@pulumi/aws-compliance-policies
Version:
This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.
50 lines (49 loc) • 1.8 kB
TypeScript
import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Repository {
/**
* Checks that ECR repositories use a customer-managed KMS key.
*
* @severity low
* @frameworks hitrust, iso27001, pcidss
* @topics container, encryption, storage
* @link https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html
*/
const configureCustomerManagedKey: ResourceValidationPolicy;
/**
* Checks that ECR repositories have 'scan-on-push' configured.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics container, vulnerability
* @link https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html
*/
const configureImageScan: ResourceValidationPolicy;
/**
* Checks that ECR Repositories have immutable images enabled.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics container
* @link https://sysdig.com/blog/toctou-tag-mutability/
*/
const disallowMutableImage: ResourceValidationPolicy;
/**
* Checks that ECR Repositories are encrypted.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics container, encryption, storage
* @link https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html
*/
const disallowUnencryptedRepository: ResourceValidationPolicy;
/**
* Checks that ECR repositories have 'scan-on-push' enabled.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics container, vulnerability
* @link https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html
*/
const enableImageScan: ResourceValidationPolicy;
}
export { Repository };