UNPKG

@pulumi/aws-compliance-policies

Version:

This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

32 lines (31 loc) 1.09 kB
import { ResourceValidationPolicy } from "@pulumi/policy"; declare namespace Key { /** * Checks that KMS Keys do not bypass the key policy lockout safety check. * * @severity critical * @frameworks none * @topics encryption * @link https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-bypass-policy-lockout-safety-check */ const disallowBypassPolicyLockoutSafetyCheck: ResourceValidationPolicy; /** * Checks that KMS Keys have key rotation enabled. * * @severity medium * @frameworks hitrust, iso27001, pcidss * @topics encryption * @link https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html */ const enableKeyRotation: ResourceValidationPolicy; /** * Checks that KMS Keys have a description. * * @severity low * @frameworks none * @topics documentation * @link https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html */ const missingDescription: ResourceValidationPolicy; } export { Key };