Accelerator security configuration

Hierarchy

  • SecurityConfig

Implements

Constructors

  • Parameters

    • Optional values: {
          accessAnalyzer: { enable: boolean; };
          awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
          centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...;
          cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
          iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
          keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
          resourcePolicyEnforcement: undefined | ({ enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...);
      }
      • accessAnalyzer: { enable: boolean; }
      • awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
      • centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
      • cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
      • iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
      • keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
      • resourcePolicyEnforcement: undefined | ({ enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)

    Returns SecurityConfig

Properties

accessAnalyzer: AccessAnalyzerConfig = ...
awsConfig: AwsConfig = ...
centralSecurityServices: CentralSecurityServicesConfig = ...

Central security configuration

cloudWatch: CloudWatchConfig = ...
iamPasswordPolicy: IamPasswordPolicyConfig = ...
keyManagementService: KeyManagementServiceConfig = ...
resourcePolicyEnforcement: undefined | ResourcePolicyEnforcementConfig
FILENAME: "security-config.yaml" = 'security-config.yaml'

Security configuration file name, this file must be present in accelerator config repository

Methods

  • Return delegated-admin-account name

    Returns string

  • Load from string content

    Parameters

    • content: string

    Returns undefined | SecurityConfig

Generated using TypeDoc