Class SecurityConfigValidator
Methods
Private
getAccountNames
- getAccountNames(accountsConfig: AccountsConfig): string[]
-
Returns string[]
Private
getSnsTopicNames
- getSnsTopicNames(globalConfig: GlobalConfig): string[]
-
Returns string[]
Private
getSsmDocuments
- getSsmDocuments(values: SecurityConfig): {
name: string;
template: string;
}[]
-
Returns {
name: string;
template: string;
}[]
Private
guarddutyLifecycleRules
- guarddutyLifecycleRules(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
errors: string[]
Returns void
hasDuplicates
- hasDuplicates(arr: string[]): boolean
-
Returns boolean
Private
macieLifecycleRules
- macieLifecycleRules(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
errors: string[]
Returns void
Private
validateAwsCloudWatchLogGroups
- validateAwsCloudWatchLogGroups(values: SecurityConfig, errors: string[]): void
-
Returns void
Private
validateAwsCloudWatchLogGroupsRetention
- validateAwsCloudWatchLogGroupsRetention(values: SecurityConfig, errors: string[]): void
-
Returns void
Private
validateAwsConfigAggregation
- validateAwsConfigAggregation(globalConfig: GlobalConfig, accountNames: string[], values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, errors: string[]): void
-
Parameters
-
-
accountNames: string[]
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
errors: string[]
Returns void
Private
validateCloudWatchAlarmsDeploymentTargetAccounts
- validateCloudWatchAlarmsDeploymentTargetAccounts(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, accountNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
accountNames: string[]
-
errors: string[]
Returns void
Private
validateCloudWatchAlarmsDeploymentTargetOUs
- validateCloudWatchAlarmsDeploymentTargetOUs(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, ouIdNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
ouIdNames: string[]
-
errors: string[]
Returns void
Private
validateCloudWatchLogGroupsDeploymentTargetAccounts
- validateCloudWatchLogGroupsDeploymentTargetAccounts(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, accountNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
accountNames: string[]
-
errors: string[]
Returns void
Private
validateCloudWatchMetricsDeploymentTargetAccounts
- validateCloudWatchMetricsDeploymentTargetAccounts(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, accountNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
accountNames: string[]
-
errors: string[]
Returns void
Private
validateCloudWatchMetricsDeploymentTargetOUs
- validateCloudWatchMetricsDeploymentTargetOUs(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, ouIdNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
ouIdNames: string[]
-
errors: string[]
Returns void
Private
validateConfigRuleAssets
- validateConfigRuleAssets(configDir: string, ruleSet: {
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; };
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[];
}, errors: string[]): void
-
Parameters
-
configDir: string
-
ruleSet: {
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; };
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[];
}
-
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }
-
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[]
-
errors: string[]
Returns void
Private
validateConfigRuleDeploymentTargetAccounts
- validateConfigRuleDeploymentTargetAccounts(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, accountNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
accountNames: string[]
-
errors: string[]
Returns void
Private
validateConfigRuleDeploymentTargetOUs
- validateConfigRuleDeploymentTargetOUs(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, ouIdNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
ouIdNames: string[]
-
errors: string[]
Returns void
Private
validateConfigRuleRemediationAccountNames
- validateConfigRuleRemediationAccountNames(ruleSet: AwsConfigRuleSet, accountNames: string[], errors: string[]): void
-
Parameters
-
-
accountNames: string[]
-
errors: string[]
Returns void
Private
validateConfigRuleRemediationAssumeRoleFile
- validateConfigRuleRemediationAssumeRoleFile(configDir: string, ruleSet: {
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; };
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[];
}, errors: string[]): void
-
Parameters
-
configDir: string
-
ruleSet: {
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; };
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[];
}
-
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }
-
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[]
-
errors: string[]
Returns void
Private
validateConfigRuleRemediationTargetAssets
- validateConfigRuleRemediationTargetAssets(configDir: string, ruleSet: {
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; };
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[];
}, ssmDocuments: {
name: string;
template: string;
}[], errors: string[]): void
-
Parameters
-
configDir: string
-
ruleSet: {
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; };
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[];
}
-
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }
-
rules: ({ name: string; description: string | undefined; identifier: string | undefined; inputParameters: { [x: string]: string; } | undefined; complianceResourceTypes: string[] | undefined; type: string | undefined; customRule: { ...; } | undefined; remediation: { ...; } | undefined; tags: { ...; }[] | undefined; })[]
-
ssmDocuments: {
name: string;
template: string;
}[]
-
errors: string[]
Returns void
Private
validateCustomKeyName
- validateCustomKeyName(values: SecurityConfig, keyNames: string[], errors: string[]): void
-
Parameters
-
-
keyNames: string[]
-
errors: string[]
Returns void
Private
validateDelegatedAdminAccount
- validateDelegatedAdminAccount(values: SecurityConfig, accountNames: string[], errors: string[]): void
-
Parameters
-
-
accountNames: string[]
-
errors: string[]
Returns void
Private
validateDeploymentTargetAccountNames
- validateDeploymentTargetAccountNames(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, accountNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
accountNames: string[]
-
errors: string[]
Returns void
Private
validateDeploymentTargetOUs
- validateDeploymentTargetOUs(values: SecurityConfig, ouIdNames: string[], errors: string[]): void
-
Parameters
-
-
ouIdNames: string[]
-
errors: string[]
Returns void
Private
validateKeyPolicyFiles
- validateKeyPolicyFiles(values: SecurityConfig, configDir: string, errors: string[]): void
-
Parameters
-
-
configDir: string
-
errors: string[]
Returns void
Private
validateSecurityHubNotifications
- validateSecurityHubNotifications(snsTopicNames: string[], snsTopicName: undefined | string, notificationLevel: undefined | string, errors: string[]): void
-
Parameters
-
snsTopicNames: string[]
-
snsTopicName: undefined | string
-
notificationLevel: undefined | string
-
errors: string[]
Returns void
Private
validateSnsTopics
- validateSnsTopics(globalConfig: GlobalConfig, alarmSet: {
alarms: ({ alarmName: string; alarmDescription: string; snsAlertLevel: string | undefined; snsTopicName: string | undefined; metricName: string; namespace: string; comparisonOperator: string; ... 4 more ...; treatMissingData: string; })[];
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; };
regions: undefined | string[];
}, snsTopicNames: string[], errors: string[]): void
-
Parameters
-
-
alarmSet: {
alarms: ({ alarmName: string; alarmDescription: string; snsAlertLevel: string | undefined; snsTopicName: string | undefined; metricName: string; namespace: string; comparisonOperator: string; ... 4 more ...; treatMissingData: string; })[];
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; };
regions: undefined | string[];
}
-
alarms: ({ alarmName: string; alarmDescription: string; snsAlertLevel: string | undefined; snsTopicName: string | undefined; metricName: string; namespace: string; comparisonOperator: string; ... 4 more ...; treatMissingData: string; })[]
-
deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }
-
regions: undefined | string[]
-
snsTopicNames: string[]
-
errors: string[]
Returns void
Private
validateSsmDocumentDeploymentTargetOUs
- validateSsmDocumentDeploymentTargetOUs(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, ouIdNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
ouIdNames: string[]
-
errors: string[]
Returns void
Private
validateSsmDocumentFiles
- validateSsmDocumentFiles(configDir: string, ssmDocuments: {
name: string;
template: string;
}[], errors: string[]): void
-
Parameters
-
configDir: string
-
ssmDocuments: {
name: string;
template: string;
}[]
-
errors: string[]
Returns void
Private
validateSsmDocumentsDeploymentTargetAccounts
- validateSsmDocumentsDeploymentTargetAccounts(values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}, accountNames: string[], errors: string[]): void
-
Parameters
-
values: {
accessAnalyzer: { enable: boolean; };
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; };
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; };
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; };
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; };
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; });
}
-
accessAnalyzer: { enable: boolean; }
-
awsConfig: { enableConfigurationRecorder: boolean; enableDeliveryChannel: boolean | undefined; overrideExisting: boolean | undefined; aggregation: { enable: boolean; delegatedAdminAccount: string | undefined; } | undefined; ruleSets: { ...; }[]; }
-
centralSecurityServices: { delegatedAdminAccount: string; ebsDefaultVolumeEncryption: { enable: boolean; kmsKey: string | undefined; excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | ... 29 more ... | "ap-southeast-4")[] | undefined; }; ... 7 more ...; ssmAutomation: { ...; }; }
-
cloudWatch: { metricSets: { regions: string[] | undefined; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; metrics: { ...; }[]; }[]; alarmSets: { ...; }[]; logGroups: { ...; }[] | undefined; }
-
iamPasswordPolicy: { allowUsersToChangePassword: boolean; hardExpiry: boolean; requireUppercaseCharacters: boolean; requireLowercaseCharacters: boolean; requireSymbols: boolean; requireNumbers: boolean; minimumPasswordLength: number; passwordReusePrevention: number; maxPasswordAge: number; }
-
keyManagementService: undefined | ({ keySets: { name: string; alias: string | undefined; policy: string | undefined; description: string | undefined; enableKeyRotation: boolean | undefined; enabled: boolean | undefined; removalPolicy: string | undefined; deploymentTargets: { ...; }; }[]; })
-
accountNames: string[]
-
errors: string[]
Returns void
Prepare list of Account names from account config file
Returns