@pulumi/aws-compliance-policies
Version:
This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.
32 lines (31 loc) • 1.13 kB
TypeScript
import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace FileSystem {
/**
* Check that encrypted EFS File system uses a customer-managed KMS key.
*
* @severity low
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
*/
const configureCustomerManagedKey: ResourceValidationPolicy;
/**
* Check that EFS File system doesn't use single availability zone.
*
* @severity high
* @frameworks none
* @topics availability, storage
* @link https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html
*/
const disallowSingleAvailabilityZone: ResourceValidationPolicy;
/**
* Checks that EFS File Systems do not have an unencrypted file system.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html
*/
const disallowUnencryptedFileSystem: ResourceValidationPolicy;
}
export { FileSystem };