@vptech/aws-security-baseline/dist/types.d.ts

Auto-generate AWS security baselines, IAM policies, and security groups from TypeScript interfaces

/**
 * Core types for AWS Security Baseline Generator
 */
export type ComplianceFramework = 'SOC2' | 'ISO27001' | 'HIPAA' | 'PCI-DSS' | 'GDPR' | 'CUSTOM';
export type SecurityLevel = 'basic' | 'enhanced' | 'strict';
export type ResourceAccessLevel = 'public' | 'internal' | 'private' | 'restricted';
export interface SecurityBaselineConfig {
    complianceFrameworks: ComplianceFramework[];
    securityLevel: SecurityLevel;
    organizationName: string;
    environmentType: 'development' | 'staging' | 'production';
    enableCloudTrail: boolean;
    enableConfigRules: boolean;
    enableGuardDuty: boolean;
    enableSecurityHub: boolean;
    customPolicies?: CustomPolicy[];
}
export interface CustomPolicy {
    name: string;
    description: string;
    statements: PolicyStatement[];
}
export interface PolicyStatement {
    effect: 'Allow' | 'Deny';
    actions: string[];
    resources: string[];
    conditions?: Record<string, any>;
    principals?: string[];
}
export interface ResourceAccess {
    resourceType: string;
    accessLevel: ResourceAccessLevel;
    allowedPrincipals?: string[];
    requiredConditions?: Record<string, any>;
    encryption?: EncryptionConfig;
}
export interface EncryptionConfig {
    enabled: boolean;
    keyRotation?: boolean;
    keyAlias?: string;
    algorithm?: 'AES256' | 'aws:kms';
}
export interface NetworkAccess {
    protocol: 'tcp' | 'udp' | 'icmp' | 'all';
    port: number | string;
    sourceType: 'cidr' | 'security-group' | 'prefix-list';
    source: string;
    description: string;
}
export interface SecurityGroupRule {
    type: 'ingress' | 'egress';
    protocol: string;
    fromPort?: number;
    toPort?: number;
    cidrBlocks?: string[];
    securityGroupIds?: string[];
    description: string;
}
export interface SecurityGroupConfig {
    name: string;
    description: string;
    vpcId?: string;
    tags?: Record<string, string>;
    rules: SecurityGroupRule[];
}
export interface IAMRoleConfig {
    roleName: string;
    description: string;
    assumedBy: string[];
    managedPolicies?: string[];
    inlinePolicies?: Record<string, PolicyDocument>;
    maxSessionDuration?: number;
    path?: string;
    tags?: Record<string, string>;
}
export interface PolicyDocument {
    version: '2012-10-17';
    statement: PolicyStatement[];
}
export interface SecurityAuditConfig {
    enableCloudTrail: boolean;
    enableConfigRules: boolean;
    enableAccessLogging: boolean;
    logRetentionDays: number;
    alertOnPolicyViolations: boolean;
    complianceChecks: ComplianceCheck[];
}
export interface ComplianceCheck {
    framework: ComplianceFramework;
    controlId: string;
    description: string;
    severity: 'low' | 'medium' | 'high' | 'critical';
    automatedCheck: boolean;
}
export interface GeneratedSecurityBaseline {
    iamPolicies: PolicyDocument[];
    iamRoles: IAMRoleConfig[];
    securityGroups: SecurityGroupConfig[];
    kmsKeys: KMSKeyConfig[];
    auditConfig: SecurityAuditConfig;
    complianceReport: ComplianceReport;
}
export interface KMSKeyConfig {
    alias: string;
    description: string;
    keyUsage: 'ENCRYPT_DECRYPT' | 'SIGN_VERIFY';
    keySpec: string;
    enableKeyRotation: boolean;
    deletionWindowInDays?: number;
    keyPolicy: PolicyDocument;
}
export interface ComplianceReport {
    framework: ComplianceFramework;
    controlsCovered: string[];
    controlsNotCovered: string[];
    recommendedActions: RecommendedAction[];
    riskAssessment: RiskAssessment;
}
export interface RecommendedAction {
    priority: 'low' | 'medium' | 'high' | 'critical';
    description: string;
    implementationSteps: string[];
    estimatedEffort: string;
    complianceImpact: string;
}
export interface RiskAssessment {
    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
    identifiedRisks: IdentifiedRisk[];
    mitigationStrategies: string[];
}
export interface IdentifiedRisk {
    category: 'data' | 'access' | 'network' | 'compliance' | 'operational';
    severity: 'low' | 'medium' | 'high' | 'critical';
    description: string;
    likelihood: 'low' | 'medium' | 'high';
    impact: string;
    mitigation: string;
}
export interface TypeScriptSecurityAnalysis {
    interfaceName: string;
    filePath: string;
    resourceAccess: ResourceAccess[];
    networkRequirements: NetworkAccess[];
    dataClassification: DataClassification;
    recommendedPolicies: string[];
}
export interface DataClassification {
    level: 'public' | 'internal' | 'confidential' | 'restricted';
    categories: DataCategory[];
    retentionRequirements: RetentionRequirement[];
    encryptionRequired: boolean;
}
export interface DataCategory {
    name: string;
    type: 'pii' | 'phi' | 'financial' | 'proprietary' | 'public';
    fields: string[];
    regulations: string[];
}
export interface RetentionRequirement {
    category: string;
    retentionPeriod: string;
    disposalMethod: string;
    legalBasis: string;
}
export interface SecurityBaselineGenerator {
    generateBaseline(config: SecurityBaselineConfig): GeneratedSecurityBaseline;
    analyzeTypeScriptInterface(filePath: string, interfaceName: string): TypeScriptSecurityAnalysis;
    generateIAMPolicy(resourceAccess: ResourceAccess[]): PolicyDocument;
    generateSecurityGroups(networkAccess: NetworkAccess[]): SecurityGroupConfig[];
    validateCompliance(baseline: GeneratedSecurityBaseline, framework: ComplianceFramework): ComplianceReport;
}
export interface CDKIntegration {
    generateCDKConstructs(baseline: GeneratedSecurityBaseline): string;
    createSecurityStack(baseline: GeneratedSecurityBaseline, stackName: string): string;
    generateDeploymentScript(stackName: string): string;
}
//# sourceMappingURL=types.d.ts.map