Class SecurityConfig

Accelerator security configuration

Hierarchy

SecurityConfig

Implements

TypeOf<typeof securityConfig>

Index

Constructors

constructor

new SecurityConfig(values?: {
    accessAnalyzer: { enable: boolean; };
    awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
    centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...;
    cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
    iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
    keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
    resourcePolicyEnforcement: undefined | ({ enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...);
}): SecurityConfig
Parameters
- Optional values: {
      accessAnalyzer: { enable: boolean; };
      awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
      centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...;
      cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
      iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
      keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
      resourcePolicyEnforcement: undefined | ({ enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...);
  }
  - accessAnalyzer: { enable: boolean; }
  - awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
  - centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
  - cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
  - iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
  - keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
  - resourcePolicyEnforcement: undefined | ({ enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
Returns SecurityConfig

Properties

`Readonly` accessAnalyzer

accessAnalyzer: AccessAnalyzerConfig = ...

`Readonly` awsConfig

awsConfig: AwsConfig = ...

`Readonly` centralSecurityServices

centralSecurityServices: CentralSecurityServicesConfig = ...

Central security configuration

`Readonly` cloudWatch

cloudWatch: CloudWatchConfig = ...

`Readonly` iamPasswordPolicy

iamPasswordPolicy: IamPasswordPolicyConfig = ...

`Readonly` keyManagementService

keyManagementService: KeyManagementServiceConfig = ...

`Readonly` resourcePolicyEnforcement

resourcePolicyEnforcement: undefined | ResourcePolicyEnforcementConfig

`Static` `Readonly` FILENAME

FILENAME: "security-config.yaml" = 'security-config.yaml'

Security configuration file name, this file must be present in accelerator config repository

Methods

getDelegatedAccountName

getDelegatedAccountName(): string
Return delegated-admin-account name

Returns string

`Static` load

load(dir: string, replacementsConfig?: ReplacementsConfig): SecurityConfig
Returns
Parameters
- dir: string
- Optional replacementsConfig: ReplacementsConfig
Returns SecurityConfig

`Static` loadFromString

loadFromString(content: string): undefined | SecurityConfig
Load from string content
Parameters
- content: string
Returns undefined | SecurityConfig

Class SecurityConfig

Hierarchy

Implements

Index

Constructors

Properties

Methods

Constructors

constructor

Parameters

accessAnalyzer: { enable: boolean; }

awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }

iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }

keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })

Returns SecurityConfig

Properties

`Readonly` accessAnalyzer

`Readonly` awsConfig

`Readonly` centralSecurityServices

`Readonly` cloudWatch

`Readonly` iamPasswordPolicy

`Readonly` keyManagementService

`Readonly` resourcePolicyEnforcement

`Static` `Readonly` FILENAME

Methods

getDelegatedAccountName

Returns string

`Static` load

Returns

Parameters

dir: string

`Optional` replacementsConfig: ReplacementsConfig

Returns SecurityConfig

`Static` loadFromString

Parameters

content: string

Returns undefined | SecurityConfig

Settings

Member Visibility

Theme

Class SecurityConfig

Hierarchy

Implements

Index

Constructors

Properties

Methods

Constructors

constructor

Parameters

accessAnalyzer: { enable: boolean; }

awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }

iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }

keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })

Returns SecurityConfig

Properties

Readonly accessAnalyzer

Readonly awsConfig

Readonly centralSecurityServices

Readonly cloudWatch

Readonly iamPasswordPolicy

Readonly keyManagementService

Readonly resourcePolicyEnforcement

Static Readonly FILENAME

Methods

getDelegatedAccountName

Returns string

Static load

Returns

Parameters

dir: string

Optional replacementsConfig: ReplacementsConfig

Returns SecurityConfig

Static loadFromString

Parameters

content: string

Returns undefined | SecurityConfig

Settings

Member Visibility

Theme

`Readonly` accessAnalyzer

`Readonly` awsConfig

`Readonly` centralSecurityServices

`Readonly` cloudWatch

`Readonly` iamPasswordPolicy

`Readonly` keyManagementService

`Readonly` resourcePolicyEnforcement

`Static` `Readonly` FILENAME

`Static` load

`Optional` replacementsConfig: ReplacementsConfig

`Static` loadFromString