Class SecurityConfigValidator
Methods
Private
get Account Names
get Account Names( accountsConfig: AccountsConfig ) : string []
Returns string []
Private
get Sns Topic Names
get Sns Topic Names( globalConfig: GlobalConfig ) : string []
Returns string []
Private
get Ssm Documents
get Ssm Documents( values: SecurityConfig ) : { name: string ; template: string ; } []
Returns { name: string ; template: string ; } []
Private
guardduty Lifecycle Rules
guardduty Lifecycle Rules( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
errors: string []
Returns void
has Duplicates
has Duplicates( arr: string [] ) : boolean
Returns boolean
Private
is Config Rule Cmk Dependent
Private
macie Lifecycle Rules
macie Lifecycle Rules( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
errors: string []
Returns void
Private
validate Aws Cloud Watch Log Groups
validate Aws Cloud Watch Log Groups( values: SecurityConfig , errors: string [] ) : void
Returns void
Private
validate Aws Cloud Watch Log Groups Retention
validate Aws Cloud Watch Log Groups Retention( values: SecurityConfig , errors: string [] ) : void
Returns void
Private
validate Aws Config Aggregation
validate Aws Config Aggregation( globalConfig: GlobalConfig , accountNames: string [] , values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , errors: string [] ) : void
Parameters
accountNames: string []
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
errors: string []
Returns void
Private
validate Cloud Watch Alarms Deployment Target Accounts
validate Cloud Watch Alarms Deployment Target Accounts( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , accountNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
accountNames: string []
errors: string []
Returns void
Private
validate Cloud Watch Alarms Deployment TargetOUs
validate Cloud Watch Alarms Deployment TargetOUs( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , ouIdNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
ouIdNames: string []
errors: string []
Returns void
Private
validate Cloud Watch Log Groups Deployment Target Accounts
validate Cloud Watch Log Groups Deployment Target Accounts( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , accountNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
accountNames: string []
errors: string []
Returns void
Private
validate Cloud Watch Metrics Deployment Target Accounts
validate Cloud Watch Metrics Deployment Target Accounts( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , accountNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
accountNames: string []
errors: string []
Returns void
Private
validate Cloud Watch Metrics Deployment TargetOUs
validate Cloud Watch Metrics Deployment TargetOUs( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , ouIdNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
ouIdNames: string []
errors: string []
Returns void
Private
validate Config Rule Assets
validate Config Rule Assets( configDir: string , ruleSet: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) [] ; } , errors: string [] ) : void
Parameters
configDir: string
ruleSet: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) [] ; }
deployment Targets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }
rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) []
errors: string []
Returns void
Private
validate Config Rule Cmk Dependency
Private
validate Config Rule Deployment Target Accounts
validate Config Rule Deployment Target Accounts( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , accountNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
accountNames: string []
errors: string []
Returns void
Private
validate Config Rule Deployment TargetOUs
validate Config Rule Deployment TargetOUs( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , ouIdNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
ouIdNames: string []
errors: string []
Returns void
Private
validate Config Rule Names
validate Config Rule Names( configItem: { aggregation: undefined | ( { enable: boolean; delegatedAdminAccount: string | undefined; }) ; enableConfigurationRecorder: boolean ; enableDeliveryChannel: undefined | boolean ; overrideExisting: undefined | boolean ; ruleSets: ( { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: { ...; }[]; }) [] ; } , accountsConfig: AccountsConfig , globalConfig: GlobalConfig , errors: string [] ) : void
Parameters
configItem: { aggregation: undefined | ( { enable: boolean; delegatedAdminAccount: string | undefined; }) ; enableConfigurationRecorder: boolean ; enableDeliveryChannel: undefined | boolean ; overrideExisting: undefined | boolean ; ruleSets: ( { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: { ...; }[]; }) [] ; }
aggregation: undefined | ( { enable: boolean; delegatedAdminAccount: string | undefined; })
enable Configuration Recorder: boolean
enable Delivery Channel: undefined | boolean
override Existing: undefined | boolean
rule Sets: ( { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: { ...; }[]; }) []
errors: string []
Returns void
Private
validate Config Rule Remediation Account Names
validate Config Rule Remediation Account Names( ruleSet: AwsConfigRuleSet , accountNames: string [] , errors: string [] ) : void
Parameters
accountNames: string []
errors: string []
Returns void
Private
validate Config Rule Remediation Assume Role File
validate Config Rule Remediation Assume Role File( configDir: string , ruleSet: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) [] ; } , errors: string [] ) : void
Parameters
configDir: string
ruleSet: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) [] ; }
deployment Targets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }
rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) []
errors: string []
Returns void
Private
validate Config Rule Remediation Target Assets
validate Config Rule Remediation Target Assets( configDir: string , ruleSet: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) [] ; } , ssmDocuments: { name: string ; template: string ; } [] , errors: string [] ) : void
Parameters
configDir: string
ruleSet: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) [] ; }
deployment Targets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }
rules: ( { name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; }) []
ssmDocuments: { name: string ; template: string ; } []
errors: string []
Returns void
Private
validate Custom Key Name
validate Custom Key Name( values: SecurityConfig , keyNames: string [] , errors: string [] ) : void
Parameters
keyNames: string []
errors: string []
Returns void
Private
validate Delegated Admin Account
validate Delegated Admin Account( values: SecurityConfig , accountNames: string [] , errors: string [] ) : void
Parameters
accountNames: string []
errors: string []
Returns void
Private
validate Deployment Target Account Names
validate Deployment Target Account Names( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , accountNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
accountNames: string []
errors: string []
Returns void
Private
validate Deployment TargetOUs
validate Deployment TargetOUs( values: SecurityConfig , ouIdNames: string [] , errors: string [] ) : void
Parameters
ouIdNames: string []
errors: string []
Returns void
Private
validate Ebs Encryption Configuration
Private
validate Ebs Encryption Deployment Target Accounts
validate Ebs Encryption Deployment Target Accounts( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , accountNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
accountNames: string []
errors: string []
Returns void
Private
validate Ebs Encryption Deployment TargetOUs
validate Ebs Encryption Deployment TargetOUs( values: SecurityConfig , ouIdNames: string [] , errors: string [] ) : void
Parameters
ouIdNames: string []
errors: string []
Returns void
Private
validate Key Policy Files
validate Key Policy Files( values: SecurityConfig , configDir: string , errors: string [] ) : void
Parameters
configDir: string
errors: string []
Returns void
Private
validate Kms Key Config Deployment Target Accounts
validate Kms Key Config Deployment Target Accounts( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , accountNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
accountNames: string []
errors: string []
Returns void
Private
validate Kms Key Config Deployment TargetOUs
validate Kms Key Config Deployment TargetOUs( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , ouIdNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
ouIdNames: string []
errors: string []
Returns void
Private
validate Resource Policy Enforcement Config
validate Resource Policy Enforcement Config( securityConfig: SecurityConfig , ouIdNames: string [] , accountNames: string [] , errors: string [] ) : void
Parameters
ouIdNames: string []
accountNames: string []
errors: string []
Returns void
Private
validate Resource Policy Parameters
validate Resource Policy Parameters( configDir: string , securityConfig: SecurityConfig , replacementConfig: undefined | ReplacementsConfig , errors: string [] ) : void
Parameters
configDir: string
errors: string []
Returns void
Private
validate Security Hub Notifications
validate Security Hub Notifications( snsTopicNames: string [] , snsTopicName: undefined | string , notificationLevel: undefined | string , errors: string [] ) : void
Parameters
snsTopicNames: string []
snsTopicName: undefined | string
notificationLevel: undefined | string
errors: string []
Returns void
Private
validate Sns Topics
validate Sns Topics( globalConfig: GlobalConfig , alarmSet: { alarms: ( { alarmName: string; alarmDescription: string; snsAlertLevel: string | undefined; snsTopicName: string | undefined; metricName: string; namespace: string; comparisonOperator: string; ... 4 more ...; treatMissingData: string; }) [] ; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; regions: undefined | string [] ; } , snsTopicNames: string [] , errors: string [] ) : void
Parameters
alarmSet: { alarms: ( { alarmName: string; alarmDescription: string; snsAlertLevel: string | undefined; snsTopicName: string | undefined; metricName: string; namespace: string; comparisonOperator: string; ... 4 more ...; treatMissingData: string; }) [] ; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; regions: undefined | string [] ; }
alarms: ( { alarmName: string; alarmDescription: string; snsAlertLevel: string | undefined; snsTopicName: string | undefined; metricName: string; namespace: string; comparisonOperator: string; ... 4 more ...; treatMissingData: string; }) []
deployment Targets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }
regions: undefined | string []
snsTopicNames: string []
errors: string []
Returns void
Private
validate Ssm Document Deployment TargetOUs
validate Ssm Document Deployment TargetOUs( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , ouIdNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
ouIdNames: string []
errors: string []
Returns void
Private
validate Ssm Document Files
validate Ssm Document Files( configDir: string , ssmDocuments: { name: string ; template: string ; } [] , errors: string [] ) : void
Parameters
configDir: string
ssmDocuments: { name: string ; template: string ; } []
errors: string []
Returns void
Private
validate Ssm Document Names
validate Ssm Document Names( ssmDocuments: { name: string ; template: string ; } [] , errors: string [] ) : void
Parameters
ssmDocuments: { name: string ; template: string ; } []
errors: string []
Returns void
Private
validate Ssm Documents Deployment Target Accounts
validate Ssm Documents Deployment Target Accounts( values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; } , accountNames: string [] , errors: string [] ) : void
Parameters
values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }; keyManagementService: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; }) ; resourcePolicyEnforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...) ; }
access Analyzer: { enable: boolean; }
aws Config: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
central Security Services: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; } | undefined; excludeRegions: str...
cloud Watch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
iam Password Policy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
key Management Service: undefined | ( { keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
resource Policy Enforcement: undefined | ( { enable: boolean; remediation: { automatic: boolean; retryAttemptSeconds: number | undefined; maximumAutomaticAttempts: number | undefined; }; policySets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string...)
accountNames: string []
errors: string []
Returns void
Prepare list of Account names from account config file
Returns