Class ResourcePolicyEnforcementConfig

SecurityConfig / ResourcePolicyEnforcementConfig

Resource Policy Enforcement Config. The configuration allows you to deploy AWS Config rules to automatically apply resource-based policies to AWS resources including S3 buckets, IAM roles, and KMS keys etc. AWS Organization is required to support it.

Here are a list of supported service resourceTypeEnum

Example


resourcePolicyEnforcement:
  enable: true
  remediation:
      automatic: false
      retryAttemptSeconds: 60
      maximumAutomaticAttempts: 5
  policySets:
    - resourcePolicies:
        - resourceType: KMS
          document: resource-policies/kms-workload.json
      inputParameters:
        SourceAccount: 123456789012,987654321098
        allowedAccountList: {{ ALLOWED_EXTERNAL_ACCOUNTS }}   # The parameter `ALLOWED_EXTERNAL_ACCOUNTS` is defined in replacement config.
      deploymentTargets:
        accounts:
          - Root

Hierarchy

  • ResourcePolicyEnforcementConfig

Implements

Constructors

constructor

Properties

enable networkPerimeter policySets remediation DEFAULT_RULE_NAME DEFAULT_SSM_DOCUMENT_NAME

Constructors

constructor

Properties

Readonly enable

enable: false = false

Readonly networkPerimeter

networkPerimeter: undefined | NetworkPerimeterConfig = undefined

Readonly policySets

policySets: ResourcePolicySetConfig[] = []

Readonly remediation

remediation: ResourcePolicyRemediation = ...

Static Readonly DEFAULT_RULE_NAME

DEFAULT_RULE_NAME: "Resource-Policy-Compliance-Check" = 'Resource-Policy-Compliance-Check'

Static Readonly DEFAULT_SSM_DOCUMENT_NAME

DEFAULT_SSM_DOCUMENT_NAME: "Attach-Resource-Based-Policy" = ...

Settings

Member Visibility

Theme

Generated using TypeDoc