SecurityConfig / ResourcePolicyEnforcementConfig

Resource Policy Enforcement Config. The configuration allows you to deploy AWS Config rules to automatically apply resource-based policies to AWS resources including S3 buckets, IAM roles, and KMS keys etc. AWS Organization is required to support it.

Here are a list of supported service resourceTypeEnum

Example


resourcePolicyEnforcement:
enable: true
remediation:
automatic: false
retryAttemptSeconds: 60
maximumAutomaticAttempts: 5
policySets:
- resourcePolicies:
- resourceType: KMS
document: resource-policies/kms-workload.json
inputParameters:
SourceAccount: 123456789012,987654321098
allowedAccountList: {{ ALLOWED_EXTERNAL_ACCOUNTS }} # The parameter `ALLOWED_EXTERNAL_ACCOUNTS` is defined in replacement config.
deploymentTargets:
accounts:
- Root

Hierarchy

  • ResourcePolicyEnforcementConfig

Implements

Constructors

Properties

enable: false = false
networkPerimeter: undefined | NetworkPerimeterConfig = undefined
policySets: ResourcePolicySetConfig[] = []
remediation: ResourcePolicyRemediation = ...
DEFAULT_RULE_NAME: "Resource-Policy-Compliance-Check" = 'Resource-Policy-Compliance-Check'
DEFAULT_SSM_DOCUMENT_NAME: "Attach-Resource-Based-Policy" = ...

Generated using TypeDoc