UNPKG

@sheplu/aws-safe-modules

Version:

A collection of CDKTF modules for AWS, with security and compliance in mind

58 lines 7.56 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.ManagedWAF = void 0; const constructs_1 = require("constructs"); const main_1 = require("../main"); class ManagedWAF extends constructs_1.Construct { constructor(scope, id, config) { super(scope, id); const myWaf = new main_1.Wafv2WebAcl(this, 'wafv2', config.waf); this.instance = myWaf; const cwlg = new main_1.CloudwatchLogGroup(this, `wafv2-cloudwatch`, { name: `aws-waf-logs-${config.logGroup}-cw`, retentionInDays: 30, }); new main_1.Wafv2WebAclLoggingConfiguration(this, `wafv2-logging-configuration`, { logDestinationConfigs: [cwlg.arn], resourceArn: myWaf.arn, loggingFilter: { defaultBehavior: 'DROP', filter: [ { behavior: 'KEEP', requirement: 'MEETS_ANY', condition: [ { actionCondition: { action: 'COUNT', }, }, { actionCondition: { action: 'BLOCK', }, }, ], }, ], }, }); const cloudwatchPolicyDocument = new main_1.DataAwsIamPolicyDocument(this, `wafv2-cloudwatch-iam-policy`, { statement: [{ effect: 'Allow', actions: ['logs:CreateLogStream', 'logs:PutLogEvents'], resources: [`${cwlg.arn}:*`], principals: [{ type: 'Service', identifiers: ['delivery.logs.amazonaws.com'], }], }], }); new main_1.CloudwatchLogResourcePolicy(this, `wafv2-cloudwatch-resource-policy`, { policyDocument: cloudwatchPolicyDocument.json, policyName: `wafv2-${config.logPolicy}-cwlp`, }); } } exports.ManagedWAF = ManagedWAF; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiV0FGdjIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9tYW5hZ2VkL1dBRnYyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDJDQUF1QztBQUN2QyxrQ0FBa0o7QUFTbEosTUFBYSxVQUFXLFNBQVEsc0JBQVM7SUFJeEMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxNQUF3QjtRQUNqRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRVgsTUFBTSxLQUFLLEdBQUcsSUFBSSxrQkFBVyxDQUFDLElBQUksRUFBRSxPQUFPLEVBQUUsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBRTlELElBQUksQ0FBQyxRQUFRLEdBQUcsS0FBSyxDQUFDO1FBRXRCLE1BQU0sSUFBSSxHQUFHLElBQUkseUJBQWtCLENBQUMsSUFBSSxFQUFFLGtCQUFrQixFQUFFO1lBQ3BELElBQUksRUFBRSxnQkFBZ0IsTUFBTSxDQUFDLFFBQVEsS0FBSztZQUMxQyxlQUFlLEVBQUUsRUFBRTtTQUN0QixDQUFDLENBQUM7UUFFSCxJQUFJLHNDQUErQixDQUFDLElBQUksRUFBRSw2QkFBNkIsRUFBRTtZQUNyRSxxQkFBcUIsRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUM7WUFDakMsV0FBVyxFQUFFLEtBQUssQ0FBQyxHQUFHO1lBQ3RCLGFBQWEsRUFBRTtnQkFDWCxlQUFlLEVBQUUsTUFBTTtnQkFDdkIsTUFBTSxFQUFFO29CQUNKO3dCQUNJLFFBQVEsRUFBRSxNQUFNO3dCQUNoQixXQUFXLEVBQUUsV0FBVzt3QkFDeEIsU0FBUyxFQUFFOzRCQUNQO2dDQUNJLGVBQWUsRUFBRTtvQ0FDYixNQUFNLEVBQUUsT0FBTztpQ0FDbEI7NkJBQ0o7NEJBQ0Q7Z0NBQ0ksZUFBZSxFQUFFO29DQUNiLE1BQU0sRUFBRSxPQUFPO2lDQUNsQjs2QkFDSjt5QkFDSjtxQkFDSjtpQkFDSjthQUNKO1NBQ0osQ0FBQyxDQUFDO1FBRUgsTUFBTSx3QkFBd0IsR0FBRyxJQUFJLCtCQUF3QixDQUFDLElBQUksRUFBRSw2QkFBNkIsRUFBRTtZQUMvRixTQUFTLEVBQUUsQ0FBQztvQkFDUixNQUFNLEVBQUUsT0FBTztvQkFDZixPQUFPLEVBQUUsQ0FBQyxzQkFBc0IsRUFBRSxtQkFBbUIsQ0FBQztvQkFDdEQsU0FBUyxFQUFFLENBQUMsR0FBRyxJQUFJLENBQUMsR0FBRyxJQUFJLENBQUM7b0JBQzVCLFVBQVUsRUFBRSxDQUFDOzRCQUNULElBQUksRUFBRSxTQUFTOzRCQUNmLFdBQVcsRUFBRSxDQUFDLDZCQUE2QixDQUFDO3lCQUMvQyxDQUFDO2lCQUNMLENBQUM7U0FDTCxDQUFDLENBQUM7UUFFSCxJQUFJLGtDQUEyQixDQUFDLElBQUksRUFBRSxrQ0FBa0MsRUFBRTtZQUN0RSxjQUFjLEVBQUUsd0JBQXdCLENBQUMsSUFBSTtZQUM3QyxVQUFVLEVBQUUsU0FBUyxNQUFNLENBQUMsU0FBUyxPQUFPO1NBQy9DLENBQUMsQ0FBQztJQUNWLENBQUM7Q0FDRDtBQTNERCxnQ0EyREMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IENsb3Vkd2F0Y2hMb2dHcm91cCwgQ2xvdWR3YXRjaExvZ1Jlc291cmNlUG9saWN5LCBEYXRhQXdzSWFtUG9saWN5RG9jdW1lbnQsIFdhZnYyV2ViQWNsLCBXYWZ2MldlYkFjbExvZ2dpbmdDb25maWd1cmF0aW9uIH0gZnJvbSAnLi4vbWFpbic7XG5pbXBvcnQgeyBXYWZ2MldlYkFjbENvbmZpZyB9IGZyb20gJ0BjZGt0Zi9wcm92aWRlci1hd3MvbGliL3dhZnYyLXdlYi1hY2wnO1xuXG5leHBvcnQgdHlwZSBNYW5hZ2VkV0FGQ29uZmlnID0ge1xuXHRsb2dHcm91cDogc3RyaW5nO1xuXHRsb2dQb2xpY3k6IHN0cmluZztcblx0d2FmOiBXYWZ2MldlYkFjbENvbmZpZyxcbn1cblxuZXhwb3J0IGNsYXNzIE1hbmFnZWRXQUYgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuXHQvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuXHRwdWJsaWMgcmVhZG9ubHkgaW5zdGFuY2U6IGFueTtcblxuXHRjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBjb25maWc6IE1hbmFnZWRXQUZDb25maWcpIHtcblx0XHRzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgICAgIGNvbnN0IG15V2FmID0gbmV3IFdhZnYyV2ViQWNsKHRoaXMsICd3YWZ2MicsIGNvbmZpZy53YWYpXG5cblx0XHR0aGlzLmluc3RhbmNlID0gbXlXYWY7XG5cblx0XHRjb25zdCBjd2xnID0gbmV3IENsb3Vkd2F0Y2hMb2dHcm91cCh0aGlzLCBgd2FmdjItY2xvdWR3YXRjaGAsIHtcbiAgICAgICAgICAgIG5hbWU6IGBhd3Mtd2FmLWxvZ3MtJHtjb25maWcubG9nR3JvdXB9LWN3YCxcbiAgICAgICAgICAgIHJldGVudGlvbkluRGF5czogMzAsXG4gICAgICAgIH0pO1xuXG4gICAgICAgIG5ldyBXYWZ2MldlYkFjbExvZ2dpbmdDb25maWd1cmF0aW9uKHRoaXMsIGB3YWZ2Mi1sb2dnaW5nLWNvbmZpZ3VyYXRpb25gLCB7XG4gICAgICAgICAgICBsb2dEZXN0aW5hdGlvbkNvbmZpZ3M6IFtjd2xnLmFybl0sXG4gICAgICAgICAgICByZXNvdXJjZUFybjogbXlXYWYuYXJuLFxuICAgICAgICAgICAgbG9nZ2luZ0ZpbHRlcjoge1xuICAgICAgICAgICAgICAgIGRlZmF1bHRCZWhhdmlvcjogJ0RST1AnLFxuICAgICAgICAgICAgICAgIGZpbHRlcjogW1xuICAgICAgICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgICAgICAgICBiZWhhdmlvcjogJ0tFRVAnLFxuICAgICAgICAgICAgICAgICAgICAgICAgcmVxdWlyZW1lbnQ6ICdNRUVUU19BTlknLFxuICAgICAgICAgICAgICAgICAgICAgICAgY29uZGl0aW9uOiBbXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhY3Rpb25Db25kaXRpb246IHtcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFjdGlvbjogJ0NPVU5UJyxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICAgICAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWN0aW9uQ29uZGl0aW9uOiB7XG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhY3Rpb246ICdCTE9DSycsXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgfSxcbiAgICAgICAgICAgICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAgICAgXSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgIH0pO1xuXG4gICAgICAgIGNvbnN0IGNsb3Vkd2F0Y2hQb2xpY3lEb2N1bWVudCA9IG5ldyBEYXRhQXdzSWFtUG9saWN5RG9jdW1lbnQodGhpcywgYHdhZnYyLWNsb3Vkd2F0Y2gtaWFtLXBvbGljeWAsIHtcbiAgICAgICAgICAgIHN0YXRlbWVudDogW3tcbiAgICAgICAgICAgICAgICBlZmZlY3Q6ICdBbGxvdycsXG4gICAgICAgICAgICAgICAgYWN0aW9uczogWydsb2dzOkNyZWF0ZUxvZ1N0cmVhbScsICdsb2dzOlB1dExvZ0V2ZW50cyddLFxuICAgICAgICAgICAgICAgIHJlc291cmNlczogW2Ake2N3bGcuYXJufToqYF0sXG4gICAgICAgICAgICAgICAgcHJpbmNpcGFsczogW3tcbiAgICAgICAgICAgICAgICAgICAgdHlwZTogJ1NlcnZpY2UnLFxuICAgICAgICAgICAgICAgICAgICBpZGVudGlmaWVyczogWydkZWxpdmVyeS5sb2dzLmFtYXpvbmF3cy5jb20nXSxcbiAgICAgICAgICAgICAgICB9XSxcbiAgICAgICAgICAgIH1dLFxuICAgICAgICB9KTtcblxuICAgICAgICBuZXcgQ2xvdWR3YXRjaExvZ1Jlc291cmNlUG9saWN5KHRoaXMsIGB3YWZ2Mi1jbG91ZHdhdGNoLXJlc291cmNlLXBvbGljeWAsIHtcbiAgICAgICAgICAgIHBvbGljeURvY3VtZW50OiBjbG91ZHdhdGNoUG9saWN5RG9jdW1lbnQuanNvbixcbiAgICAgICAgICAgIHBvbGljeU5hbWU6IGB3YWZ2Mi0ke2NvbmZpZy5sb2dQb2xpY3l9LWN3bHBgLFxuICAgICAgICB9KTtcblx0fVxufVxuIl19