@release-gateway/aws-cdk-constructs
v1.3.1
Published
Enterprise ready CDK constructs that are CIS 1.4 and NIST800-53 Rev.5 standards compliant
Downloads
22
Maintainers
Readme
AWS CDK Constructs
Library of Enterprise ready CDK constructs that are standards compliant with the CIS 1.4, NIST 800-53 Rev5 and adopting the best practices set out in AWS Well Architected Reliability and Security Pillars.
This library follows the AWS CDK L1, L2 paradigms and where possible applies the minimum configuration needed to satisfy the cloud standards.
Installation
Use the package manager npm to install this package:
npm install @release-gateway/aws-cdk-constructs
Usage
import { RGApp, RGStack, RGStackProps } from "@release-gateway/aws-cdk-constructs"
class MyStackStack extends RGStack {
constructor(scope: RGApp, id: string, props: RGStackProps) {
super(scope, id, props);
// Define your stack...
}
}
// Build and synthesize
const app = new RGApp();
new MyStack(app, "my-stack", {
serviceName: "My Service Name",
version: "1.0.0"
})
app.synth()
Constructs
| Construct name | Base class | Description of changes | |:-----------------|:------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------| | RGApp | App | Includes RGGuardValidator as policy validator | | RGStack | Stack | Adds standard tags and creates shared KMS key for use by child resources | | RGGuardValidator | CfnGuardValidator | Policy validator configured to enforce CIS 1.4, NIST800-Rev53, Well Architecte Reliabilty Pillar and Well Architected Security Pillar best practices | | RGLogGroup | LogGroup | Applies kms log encryption, removal policy and sets retention to 1 week | | RGNodejsFunction | NodejsFunction | Makes VPC mandatory, creates lambda log group with encryption, configures DLQ and sets removal policy | | RGQueue | Queue | Sets KMS encryption, removal policy and configures DLQ | | RGTable | TableV2 | Sets KMS encryption,, removal policy | | RGHttpApi | HttpApi | Sets encrypted access logging and throttling defaults | | RGRestApi | RestApi | Sets encrypted access and execution logging, throttling defaults, regional endpoint type |
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
License
Attribution
Logo Icons
- Rocket by Gregor Cresnar from Noun Project (CC BY 3.0)
- Checklist by Kartika Sholehatin from Noun Project (CC BY 3.0)
- Code by Adiyogi from Noun Project (CC BY 3.0)