UNPKG

@pulumi/aws-compliance-policies

Version:

This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

41 lines (40 loc) 1.56 kB
import { ResourceValidationPolicy } from "@pulumi/policy"; declare namespace FileSystem { /** * Check that encrypted EFS File system uses a customer-managed KMS key. * * @severity low * @frameworks hitrust, iso27001, pcidss * @topics encryption, storage * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html */ const configureCustomerManagedKey: ResourceValidationPolicy; /** * Checks that EFS File systems do not bypass the File System policy lockout safety check. * * @severity critical * @frameworks none * @topics encryption * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-bypasspolicylockoutsafetycheck */ const disallowBypassPolicyLockoutSafetyCheck: ResourceValidationPolicy; /** * Check that EFS File system doesn't use single availability zone. * * @severity high * @frameworks none * @topics availability, storage * @link https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html */ const disallowSingleAvailabilityZone: ResourceValidationPolicy; /** * Checks that EFS File Systems do not have an unencrypted file system. * * @severity high * @frameworks hitrust, iso27001, pcidss * @topics encryption, storage * @link https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html */ const disallowUnencryptedFileSystem: ResourceValidationPolicy; } export { FileSystem };