Options
All
  • Public
  • Public/Protected
  • All
Menu

Class SecurityConfig

Accelerator security configuration

Hierarchy

  • SecurityConfig

Implements

Index

Constructors

Properties

Methods

Constructors

constructor

  • new SecurityConfig(values?: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean; ruleSets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: { ...; }[]; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | ... 22 more ... | "us-isob-east-1")[] | undefined; }; ... 4 more ...; ssmAutomation: { ...; }; }; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; } }, configDir?: string): SecurityConfig

  • Parameters

    • Optional values: { accessAnalyzer: { enable: boolean; }; awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean; ruleSets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: { ...; }[]; }[]; }; centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | ... 22 more ... | "us-isob-east-1")[] | undefined; }; ... 4 more ...; ssmAutomation: { ...; }; }; cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; }; iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; } }
      • accessAnalyzer: { enable: boolean; }
      • awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean; ruleSets: { deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; rules: { ...; }[]; }[]; }
      • centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | ... 22 more ... | "us-isob-east-1")[] | undefined; }; ... 4 more ...; ssmAutomation: { ...; }; }
      • cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; }
      • iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
    • Optional configDir: string

    Returns SecurityConfig

Properties

Readonly accessAnalyzer

accessAnalyzer: AccessAnalyzerConfig = ...

Readonly awsConfig

awsConfig: AwsConfig = ...

Readonly centralSecurityServices

centralSecurityServices: CentralSecurityServicesConfig = ...

Central security configuration

Readonly cloudWatch

cloudWatch: CloudWatchConfig = ...

Readonly iamPasswordPolicy

iamPasswordPolicy: IamPasswordPolicyConfig = ...

Static Readonly FILENAME

FILENAME: "security-config.yaml" = 'security-config.yaml'

Security configuration file name, this file must be present in accelerator config repository

Methods

getDelegatedAccountName

  • getDelegatedAccountName(): string

  • Return delegated-admin-account name

    Returns string

Static load

Static loadFromString

  • Load from string content

    Parameters

    • content: string

    Returns undefined | SecurityConfig

Generated using TypeDoc