@pulumi/aws-compliance-policies
Version:
This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.
68 lines (67 loc) • 2.64 kB
TypeScript
import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Bucket {
/**
* Checks that S3 Bucket have cross-region replication configured.
*
* @severity high
* @frameworks iso27001, pcidss
* @topics availability
* @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html
*/
const configureReplicationConfiguration: ResourceValidationPolicy;
/**
* Check that S3 Buckets Server-Side Encryption (SSE) is using a customer-managed KMS Key.
*
* @severity low
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/specifying-kms-encryption.html
*/
const configureServerSideEncryptionCustomerManagedKey: ResourceValidationPolicy;
/**
* Check that S3 Buckets Server-Side Encryption (SSE) uses AWS KMS.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html
*/
const configureServerSideEncryptionKms: ResourceValidationPolicy;
/**
* Checks that S3 Bucket ACLs don't allow 'PublicRead', 'PublicReadWrite' or 'AuthenticatedRead'.
*
* @severity critical
* @frameworks cis, hitrust, iso27001, pcidss
* @topics security, storage
* @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
*/
const disallowPublicRead: ResourceValidationPolicy;
/**
* Checks that S3 Bucket have cross-region replication enabled.
*
* @severity high
* @frameworks iso27001, pcidss
* @topics availability
* @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html
*/
const enableReplicationConfiguration: ResourceValidationPolicy;
/**
* Check that S3 Bucket Server-Side Encryption (SSE) is enabled.
*
* @severity high
* @frameworks hitrust, iso27001, pcidss
* @topics encryption, storage
* @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
*/
const enableServerSideEncryption: ResourceValidationPolicy;
/**
* Check that S3 Buckets Server-Side Encryption (SSE) is using a Bucket key.
*
* @severity medium
* @frameworks iso27001, pcidss
* @topics cost, encryption, storage
* @link https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html
*/
const enableServerSideEncryptionBucketKey: ResourceValidationPolicy;
}
export { Bucket };