UNPKG

@pulumi/aws-compliance-policies

Version:

This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

68 lines (67 loc) 2.64 kB
import { ResourceValidationPolicy } from "@pulumi/policy"; declare namespace Bucket { /** * Checks that S3 Bucket have cross-region replication configured. * * @severity high * @frameworks iso27001, pcidss * @topics availability * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html */ const configureReplicationConfiguration: ResourceValidationPolicy; /** * Check that S3 Buckets Server-Side Encryption (SSE) is using a customer-managed KMS Key. * * @severity low * @frameworks hitrust, iso27001, pcidss * @topics encryption, storage * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/specifying-kms-encryption.html */ const configureServerSideEncryptionCustomerManagedKey: ResourceValidationPolicy; /** * Check that S3 Buckets Server-Side Encryption (SSE) uses AWS KMS. * * @severity high * @frameworks hitrust, iso27001, pcidss * @topics encryption, storage * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html */ const configureServerSideEncryptionKms: ResourceValidationPolicy; /** * Checks that S3 Bucket ACLs don't allow 'PublicRead', 'PublicReadWrite' or 'AuthenticatedRead'. * * @severity critical * @frameworks cis, hitrust, iso27001, pcidss * @topics security, storage * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html */ const disallowPublicRead: ResourceValidationPolicy; /** * Checks that S3 Bucket have cross-region replication enabled. * * @severity high * @frameworks iso27001, pcidss * @topics availability * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html */ const enableReplicationConfiguration: ResourceValidationPolicy; /** * Check that S3 Bucket Server-Side Encryption (SSE) is enabled. * * @severity high * @frameworks hitrust, iso27001, pcidss * @topics encryption, storage * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html */ const enableServerSideEncryption: ResourceValidationPolicy; /** * Check that S3 Buckets Server-Side Encryption (SSE) is using a Bucket key. * * @severity medium * @frameworks iso27001, pcidss * @topics cost, encryption, storage * @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html */ const enableServerSideEncryptionBucketKey: ResourceValidationPolicy; } export { Bucket };