Class GlobalConfigValidator

Hierarchy

GlobalConfigValidator

Index

Constructors

Methods

checkForArray checkSchema getAccountNames getOuIdNames isDynamicLogType validateAcceleratorMetadata validateAccessLogsBucketConfigDeploymentTargetAccounts validateAccessLogsBucketConfigDeploymentTargetOUs validateAccessLogsS3Policy validateAwsBackup validateBudgetDeploymentTargetOUs validateBudgetNotificationEmailIds validateBudgetSubscriberAddress validateCdkOptions validateCentralLogsBucketRegionName validateCentralLogsKmsResourcePolicyFileExists validateCentralLogsS3Policy validateCentralLogsS3ResourcePolicyFileExists validateCloudTrailSettings validateCloudWatch validateCloudWatchDynamicPartition validateCloudWatchExclusions validateCloudWatchExclusionsTargets validateCloudWatchLogsEncryptionConfigDeploymentTargetAccounts validateCloudWatchLogsEncryptionDeploymentTargetOUs validateCmkExistsInManagementAccount validateControlTowerControls validateDeploymentTargetAccountNames validateDeploymentTargetOUs validateElbLogsS3Policy validateImportedAccessLogsBucketPolicies validateImportedAssetBucketConfig validateImportedAssetBucketKmsPolicies validateImportedAssetBucketPolicies validateImportedCentralLogsBucketKmsPolicies validateImportedCentralLogsBucketPolicies validateImportedElbLogsBucketPolicies validateLambdaEncryptionConfigDeploymentTargetAccounts validateLambdaEncryptionConfigDeploymentTargetOUs validateLifecycleRuleExpirationForAccessLogBucket validateLifecycleRuleExpirationForCentralLogBucket validateLifecycleRuleExpirationForReports validateLoggingAccountName validateMaxConcurrency validateS3ConfigDeploymentTargetAccounts validateS3ConfigDeploymentTargetOUs validateServiceLimitQuotas validateSessionManager validateSnsTopics

Constructors

constructor

new GlobalConfigValidator(values: GlobalConfig, accountsConfig: AccountsConfig, iamConfig: IamConfig, organizationConfig: OrganizationConfig, securityConfig: SecurityConfig, configDir: string): GlobalConfigValidator
Parameters
- values: GlobalConfig
- accountsConfig: AccountsConfig
- iamConfig: IamConfig
- organizationConfig: OrganizationConfig
- securityConfig: SecurityConfig
- configDir: string
Returns GlobalConfigValidator

Methods

`Private` checkForArray

checkForArray(inputStr: string, errorMessage: string, errors: string[]): void
Parameters
- inputStr: string
- errorMessage: string
- errors: string[]
Returns void

`Private` checkSchema

checkSchema(inputStr: string, errorMessage: string, errors: string[]): void
Parameters
- inputStr: string
- errorMessage: string
- errors: string[]
Returns void

`Private` getAccountNames

getAccountNames(accountsConfig: AccountsConfig): string[]
Prepare list of Account names from account config file

Returns
Parameters
- accountsConfig: AccountsConfig
Returns string[]

`Private` getOuIdNames

getOuIdNames(organizationConfig: OrganizationConfig): string[]
Prepare list of OU ids from organization config file

Returns
Parameters
- organizationConfig: OrganizationConfig
Returns string[]

`Private` isDynamicLogType

isDynamicLogType(o: any): o is {
logGroupPattern: string;
s3Prefix: string;
}
Parameters
- o: any
Returns o is {
logGroupPattern: string;
s3Prefix: string;
}

`Private` validateAcceleratorMetadata

validateAcceleratorMetadata(values: GlobalConfig, accountNames: string[], errors: string[]): void
Parameters
- values: GlobalConfig
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateAccessLogsBucketConfigDeploymentTargetAccounts

validateAccessLogsBucketConfigDeploymentTargetAccounts(values: GlobalConfig, accountNames: string[], errors: string[]): void
Function to validate existence of AccessLogs bucket configuration deployment target Accounts Make sure deployment target Accounts are part of account config file
Parameters
- values: GlobalConfig
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateAccessLogsBucketConfigDeploymentTargetOUs

validateAccessLogsBucketConfigDeploymentTargetOUs(values: GlobalConfig, ouIdNames: string[], errors: string[]): void
Function to validate existence of AccessLogs bucket config deployment target OUs Make sure deployment target OUs are part of Organization config file
Parameters
- values: GlobalConfig
- ouIdNames: string[]
- errors: string[]
Returns void

`Private` validateAccessLogsS3Policy

validateAccessLogsS3Policy(configDir: string, values: GlobalConfig, errors: string[]): void
Validate Access Log S3 bucket policy for AWS Principal if block public access is enabled.

Returns
Parameters
- configDir: string
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateAwsBackup

validateAwsBackup(configDir: string, values: GlobalConfig, errors: string[]): void
Parameters
- configDir: string
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateBudgetDeploymentTargetOUs

validateBudgetDeploymentTargetOUs(values: GlobalConfig, ouIdNames: string[], errors: string[]): void
Function to validate existence of budget deployment target OUs Make sure deployment target OUs are part of Organization config file
Parameters
- values: GlobalConfig
- ouIdNames: string[]
- errors: string[]
Returns void

`Private` validateBudgetNotificationEmailIds

validateBudgetNotificationEmailIds(values: GlobalConfig, errors: string[]): void
Function to validate budget notification email address
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateBudgetSubscriberAddress

validateBudgetSubscriberAddress(values: GlobalConfig, errors: string[]): void
Function to validate budget subscriber address
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateCdkOptions

validateCdkOptions(values: GlobalConfig, errors: string[]): void
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateCentralLogsBucketRegionName

validateCentralLogsBucketRegionName(values: GlobalConfig, errors: string[]): void
Function to validate existence of central logs bucket region in enabled region list CentralLogs bucket region name must part of pipeline enabled region
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateCentralLogsKmsResourcePolicyFileExists

validateCentralLogsKmsResourcePolicyFileExists(configDir: string, values: GlobalConfig, errors: string[]): void
Validate s3 resource policy file existence

Returns
Parameters
- configDir: string
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateCentralLogsS3Policy

validateCentralLogsS3Policy(configDir: string, values: GlobalConfig, errors: string[]): void
Validate Central S3 bucket policy for AWS Principal if block public access is enabled.

Returns
Parameters
- configDir: string
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateCentralLogsS3ResourcePolicyFileExists

validateCentralLogsS3ResourcePolicyFileExists(configDir: string, values: GlobalConfig, errors: string[]): void
Validate s3 resource policy file existence

Returns
Parameters
- configDir: string
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateCloudTrailSettings

validateCloudTrailSettings(values: GlobalConfig, errors: string[]): void
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateCloudWatch

validateCloudWatch(values: GlobalConfig, configDir: string, ouIdNames: string[], accountNames: string[], errors: string[]): void
Validate CloudWatch Logs replication
Parameters
- values: GlobalConfig
- configDir: string
- ouIdNames: string[]
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateCloudWatchDynamicPartition

validateCloudWatchDynamicPartition(values: GlobalConfig, configDir: string, errors: string[]): void
Function to validate CloudWatch Logs Dynamic Partition and enforce format, key-value provided
Parameters
- values: GlobalConfig
- configDir: string
- errors: string[]
Returns void

`Private` validateCloudWatchExclusions

validateCloudWatchExclusions(values: GlobalConfig, ouIdNames: string[], accountNames: string[], errors: string[]): void
Validate Cloudwatch logs exclusion inputs
Parameters
- values: GlobalConfig
- ouIdNames: string[]
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateCloudWatchExclusionsTargets

validateCloudWatchExclusionsTargets(inputList: string[], globalList: string[], errors: string[]): void
Parameters
- inputList: string[]
- globalList: string[]
- errors: string[]
Returns void

`Private` validateCloudWatchLogsEncryptionConfigDeploymentTargetAccounts

validateCloudWatchLogsEncryptionConfigDeploymentTargetAccounts(values: GlobalConfig, accountNames: string[], errors: string[]): void
Function to validate existence of CloudWatch log group encryption configuration deployment target Accounts Make sure deployment target Accounts are part of account config file
Parameters
- values: GlobalConfig
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateCloudWatchLogsEncryptionDeploymentTargetOUs

validateCloudWatchLogsEncryptionDeploymentTargetOUs(values: GlobalConfig, ouIdNames: string[], errors: string[]): void
Function to validate existence of CloudWatch encryption deployment target OUs Make sure deployment target OUs are part of Organization config file
Parameters
- values: GlobalConfig
- ouIdNames: string[]
- errors: string[]
Returns void

`Private` validateCmkExistsInManagementAccount

validateCmkExistsInManagementAccount(accountsConfig: AccountsConfig, values: GlobalConfig, errors: string[]): void
Function to validate if S3 CMK exists in Management Account when using an imported Asset S3 Bucket

Returns
Parameters
- accountsConfig: AccountsConfig
  
  AccountsConfig
- values: GlobalConfig
  
  GlobalConfig
- errors: string[]
  
  string[]
Returns void

`Private` validateControlTowerControls

validateControlTowerControls(values: GlobalConfig, errors: string[]): void
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateDeploymentTargetAccountNames

validateDeploymentTargetAccountNames(values: GlobalConfig, accountNames: string[], errors: string[]): void
Function to validate Deployment targets account name for security services
Parameters
- values: GlobalConfig
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateDeploymentTargetOUs

validateDeploymentTargetOUs(values: GlobalConfig, ouIdNames: string[], errors: string[]): void
Function to validate Deployment targets OU name for security services
Parameters
- values: GlobalConfig
- ouIdNames: string[]
- errors: string[]
Returns void

`Private` validateElbLogsS3Policy

validateElbLogsS3Policy(configDir: string, values: GlobalConfig, errors: string[]): void
Validate ELB Log S3 bucket policy for AWS Principal if block public access is enabled.

Returns
Parameters
- configDir: string
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateImportedAccessLogsBucketPolicies

validateImportedAccessLogsBucketPolicies(configDir: string, values: GlobalConfig, errors: string[]): void
Function to validate imported AccessLogs bucket policies

Returns
Parameters
- configDir: string
  
  string
- values: GlobalConfig
  
  GlobalConfig
- errors: string[]
  
  string[]
Returns void

`Private` validateImportedAssetBucketConfig

validateImportedAssetBucketConfig(configDir: string, accountsConfig: AccountsConfig, values: GlobalConfig, errors: string[]): void
Function to validate imported Assets bucket config

Returns
Parameters
- configDir: string
  
  string
- accountsConfig: AccountsConfig
- values: GlobalConfig
  
  GlobalConfig
- errors: string[]
  
  string[]
Returns void

`Private` validateImportedAssetBucketKmsPolicies

validateImportedAssetBucketKmsPolicies(configDir: string, values: GlobalConfig, errors: string[]): void
Function to validate imported CentralLogs bucket kms policies

Returns
Parameters
- configDir: string
  
  string
- values: GlobalConfig
  
  GlobalConfig
- errors: string[]
  
  string[]
Returns void

`Private` validateImportedAssetBucketPolicies

validateImportedAssetBucketPolicies(configDir: string, values: GlobalConfig, errors: string[]): void
Function to validate imported Assets S3 bucket policies

Returns
Parameters
- configDir: string
  
  string
- values: GlobalConfig
  
  GlobalConfig
- errors: string[]
  
  string[]
Returns void

`Private` validateImportedCentralLogsBucketKmsPolicies

validateImportedCentralLogsBucketKmsPolicies(configDir: string, values: GlobalConfig, errors: string[]): void
Function to validate imported CentralLogs bucket kms policies

Returns
Parameters
- configDir: string
  
  string
- values: GlobalConfig
  
  GlobalConfig
- errors: string[]
  
  string[]
Returns void

`Private` validateImportedCentralLogsBucketPolicies

validateImportedCentralLogsBucketPolicies(configDir: string, values: GlobalConfig, errors: string[]): void
Function to validate imported CentralLogs bucket policies

Returns
Parameters
- configDir: string
  
  string
- values: GlobalConfig
  
  GlobalConfig
- errors: string[]
  
  string[]
Returns void

`Private` validateImportedElbLogsBucketPolicies

validateImportedElbLogsBucketPolicies(configDir: string, values: GlobalConfig, errors: string[]): void
Function to validate imported ElbLogs bucket policies

Returns
Parameters
- configDir: string
  
  string
- values: GlobalConfig
  
  GlobalConfig
- errors: string[]
  
  string[]
Returns void

`Private` validateLambdaEncryptionConfigDeploymentTargetAccounts

validateLambdaEncryptionConfigDeploymentTargetAccounts(values: GlobalConfig, accountNames: string[], errors: string[]): void
Function to validate existence of Lambda encryption configuration deployment target Accounts Make sure deployment target Accounts are part of account config file
Parameters
- values: GlobalConfig
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateLambdaEncryptionConfigDeploymentTargetOUs

validateLambdaEncryptionConfigDeploymentTargetOUs(values: GlobalConfig, ouIdNames: string[], errors: string[]): void
Function to validate existence of Lambda encryption configuration deployment target OUs Make sure deployment target OUs are part of Organization config file
Parameters
- values: GlobalConfig
- ouIdNames: string[]
- errors: string[]
Returns void

`Private` validateLifecycleRuleExpirationForAccessLogBucket

validateLifecycleRuleExpirationForAccessLogBucket(values: GlobalConfig, errors: string[]): void
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateLifecycleRuleExpirationForCentralLogBucket

validateLifecycleRuleExpirationForCentralLogBucket(values: GlobalConfig, errors: string[]): void
Function to validate S3 lifecycle rules Central Log Bucket
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateLifecycleRuleExpirationForReports

validateLifecycleRuleExpirationForReports(values: GlobalConfig, errors: string[]): void
Function to validate S3 lifecycle rules for Cost Reporting
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateLoggingAccountName

validateLoggingAccountName(values: GlobalConfig, accountNames: string[], errors: string[]): void
Function to validate existence of logging target account name Make sure deployment target accounts are part of account config file
Parameters
- values: GlobalConfig
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateMaxConcurrency

validateMaxConcurrency(values: GlobalConfig, errors: string[]): void
validateMaxConcurrency
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateS3ConfigDeploymentTargetAccounts

validateS3ConfigDeploymentTargetAccounts(values: GlobalConfig, accountNames: string[], errors: string[]): void
Function to validate existence of S3 configuration deployment target Accounts Make sure deployment target Accounts are part of account config file
Parameters
- values: GlobalConfig
- accountNames: string[]
- errors: string[]
Returns void

`Private` validateS3ConfigDeploymentTargetOUs

validateS3ConfigDeploymentTargetOUs(values: GlobalConfig, ouIdNames: string[], errors: string[]): void
Function to validate existence of S3 bucket config deployment target OUs Make sure deployment target OUs are part of Organization config file
Parameters
- values: GlobalConfig
- ouIdNames: string[]
- errors: string[]
Returns void

`Private` validateServiceLimitQuotas

validateServiceLimitQuotas(values: GlobalConfig, errors: string[]): void
Parameters
- values: GlobalConfig
- errors: string[]
Returns void

`Private` validateSessionManager

validateSessionManager(values: GlobalConfig, iamConfig: IamConfig, errors: string[]): void
Parameters
- values: GlobalConfig
- iamConfig: IamConfig
- errors: string[]
Returns void

`Private` validateSnsTopics

validateSnsTopics(values: GlobalConfig, logger: Logger, errors: string[]): void
Parameters
- values: GlobalConfig
- logger: Logger
- errors: string[]
Returns void

Generated using TypeDoc