@pulumi/aws-compliance-policies
Version:
This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.
32 lines (31 loc) • 1.09 kB
TypeScript
import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Key {
/**
* Checks that KMS Keys do not bypass the key policy lockout safety check.
*
* @severity critical
* @frameworks none
* @topics encryption
* @link https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-bypass-policy-lockout-safety-check
*/
const disallowBypassPolicyLockoutSafetyCheck: ResourceValidationPolicy;
/**
* Checks that KMS Keys have key rotation enabled.
*
* @severity medium
* @frameworks hitrust, iso27001, pcidss
* @topics encryption
* @link https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
*/
const enableKeyRotation: ResourceValidationPolicy;
/**
* Checks that KMS Keys have a description.
*
* @severity low
* @frameworks none
* @topics documentation
* @link https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html
*/
const missingDescription: ResourceValidationPolicy;
}
export { Key };