@pulumi/aws-compliance-policies
Version:
This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.
41 lines (40 loc) • 1.56 kB
TypeScript
import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace FileSystem {
/**
* Check that encrypted EFS File system uses a customer-managed KMS key.
*
* @severity low
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
*/
const configureCustomerManagedKey: ResourceValidationPolicy;
/**
* Checks that EFS File systems do not bypass the File System policy lockout safety check.
*
* @severity critical
* @frameworks none
* @topics encryption
* @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-bypasspolicylockoutsafetycheck
*/
const disallowBypassPolicyLockoutSafetyCheck: ResourceValidationPolicy;
/**
* Check that EFS File system doesn't use single availability zone.
*
* @severity high
* @frameworks none
* @topics availability, storage
* @link https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html
*/
const disallowSingleAvailabilityZone: ResourceValidationPolicy;
/**
* Checks that EFS File Systems do not have an unencrypted file system.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html
*/
const disallowUnencryptedFileSystem: ResourceValidationPolicy;
}
export { FileSystem };