UNPKG

@pulumi/aws-compliance-policies

Version:

This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

68 lines (67 loc) 2.71 kB
import { ResourceValidationPolicy } from "@pulumi/policy"; declare namespace Distribution { /** * Checks that any CloudFront distributions have access logging configured. * * @severity medium * @frameworks hitrust, iso27001, pcidss * @topics logging, network * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html */ const configureAccessLogging: ResourceValidationPolicy; /** * Checks that CloudFront distributions uses secure/modern TLS encryption. * * @severity high * @frameworks hitrust, iso27001, pcidss * @topics encryption, network * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html */ const configureSecureTls: ResourceValidationPolicy; /** * Checks that CloudFront distributions communicate with custom origins using TLS 1.2 encryption only. * * @severity high * @frameworks hitrust, iso27001, pcidss * @topics encryption, network * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html */ const configureSecureTlsToOrigin: ResourceValidationPolicy; /** * Checks that CloudFront distributions have a WAF ACL associated. * * @severity high * @frameworks hitrust, iso27001, pcidss * @topics network * @link https://docs.aws.amazon.com/waf/latest/developerguide/cloudfront-features.html */ const configureWafAcl: ResourceValidationPolicy; /** * Checks that CloudFront distributions only allow encypted ingress traffic. * * @severity critical * @frameworks hitrust, iso27001, pcidss * @topics network * @link https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol */ const disallowUnencryptedTraffic: ResourceValidationPolicy; /** * Checks that any CloudFront distributions have access logging enabled. * * @severity medium * @frameworks hitrust, iso27001, pcidss * @topics logging, network * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html */ const enableAccessLogging: ResourceValidationPolicy; /** * Checks that CloudFront distributions communicate with custom origins using TLS encryption. * * @severity critical * @frameworks hitrust, iso27001, pcidss * @topics encryption, network * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html */ const enableTlsToOrigin: ResourceValidationPolicy; } export { Distribution };