@renovosolutions/cdk-aspects-library-security-group
v2.1.115
Published
A library of CDK aspects applying to security groups.
Downloads
579
Readme
cdk-aspects-library-security-group
A CDK library containing EC2 security group related CDK Aspects and the ability to define custom aspects.
Features
- Utilize built in aspects for common cases:
- Disallow public access to any port
- Disallow public access to AWS Restricted Common ports (per the AWS Config rule)
- Disallow public access to SSH or RDP per CIS Benchmark guidelines and general good practice
- Disallow public or ALL access to common management ports like SSH, RDP, WinRM, WinRM over HTTPS
- Disallow public or ALL access common relational DB ports like MSSQL, MySQL, PostgreSQL, and Oracle
- Disallow public or ALL common web ports like HTTP (80, 8080) and HTTPS (443, 8443)
- Create any other aspect using the base security group aspect class.
- By default aspects generate errors in the CDK metadata which the deployment or synth process will find, but this can be changed with the
annotationType
property - All default provided aspects restrict based on the public access CIDRs (
0.0.0.0/0
and::/0
) but you can also defined aspects with any set of restricted CIDRs or security group IDs you like
API Doc
See API
Examples
Typescript
// Add an existing aspect to your stack
Aspects.of(stack).add(new NoPublicIngressAspect());
// Add a custom aspect to your stack
Aspects.of(stack).add(new SecurityGroupAspectBase({
annotationText: 'This is a custom message warning you how you should not do what you are doing.',
annotationType: AnnotationType.WARNING,
ports: [5985],
restrictedCidrs: ['10.1.0.0/16'],
}));
// Change an existing aspects message and type
Aspects.of(stack).add(new NoPublicIngressAspect(
annotationText: 'This is custom text.',
annotationType: AnnotationType.WARNING
));