UNPKG

raindancers-network

Version:

Extensions to the ec2.Vpc Constructs

github.com/raindancers/raindancers-network.raindancers-cdk

raindancers/raindancers-network.raindancers-cdk

115 lines (114 loc) 3.56 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
import { aws_ec2 as ec2 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import { DynamicTagResourceGroup, DynamicTagResourceGroupSet } from './resourceGroups'; import { StatefulRuleDatabase } from './statefuldatabase'; export declare enum StatefulAction { /** * Traffic will pass */ PASS = "pass", /** * Traffic will be droped silently. Note, When will cause a timeout for TCP, Consider using REJECT */ DROP = "drop", /** * Traffic will be dropped, and a TCP reset sent to the source */ REJECT = "reject", /** * Raises an alert according to the firewalls logging/alert */ ALERT = "alert" } export declare enum FWProtocol { TCP = "tcp", UPD = "udp", ICMP = "icmp", IP = "ip", HTTP = "http", TLS = "tls" } export declare enum Direction { /** * Traffic allowed from Src to destination only */ OUTBOUND = "->", /** * Traffic allowed in both directions */ BOTH = "<>" } export declare type SrcDstAddr = string | PrefixList | DynamicTagResourceGroup; export declare type SrcDstPort = string; export interface SuricataRuleProps { readonly name: string; readonly action: StatefulAction; readonly protocol: FWProtocol; readonly source: SrcDstAddr; readonly destination: SrcDstAddr; readonly srcPort: SrcDstPort; readonly destPort: SrcDstPort; readonly direction: Direction; } export interface FQDNStatefulRuleProps extends SuricataRuleProps { readonly fqdn: string; readonly priority?: number | undefined; readonly rulesDatabase?: StatefulRuleDatabase | undefined; } export interface PrefixListSetInterface { readonly arn: string; readonly name: string; } export interface ReferenceSet { readonly arn: string; readonly name: string; } declare type PrefixListSet = PrefixListSetInterface; export declare class FQDNStatefulRule extends constructs.Construct { uuid: string; prefixListSet: PrefixListSet[]; resourceGroupSets: DynamicTagResourceGroupSet[]; constructor(scope: constructs.Construct, id: string, props: FQDNStatefulRuleProps); } export declare enum IPAddressFamily { IPV4 = "IPv4", IPV6 = "IPv6" } export interface PrefixListProps { readonly addressFamily: IPAddressFamily; readonly prefixListName: string; readonly maxEntries: number; } export interface PrefixListEntry { readonly cidr: string; readonly description: string; } export declare class PrefixList extends constructs.Construct { readonly prefixlist: ec2.CfnPrefixList; readonly prefixlistArn: string; readonly prefixListSet: PrefixListSet; private entries; constructor(scope: constructs.Construct, id: string, props: PrefixListProps); addEC2Instance(props: ec2.Instance): void; } export interface NWFWRulesEngine { readonly firewallAccount: string; readonly rulesDatabase: StatefulRuleDatabase; } export interface SuricataRuleGroupProps { readonly ruleGroupName: string; readonly description?: string | undefined; readonly suricataRules?: FQDNStatefulRule[]; readonly capacity: number; readonly networkFirewallEngine: NWFWRulesEngine; } export declare class SuricataRuleGroup extends constructs.Construct { ruleGroupArn: string; private ruleReferenceSets; private ruleuuidlist; private rulesDatabase; private crLambda; constructor(scope: constructs.Construct, id: string, props: SuricataRuleGroupProps); addRule(props: FQDNStatefulRuleProps): void; } export {};