Skip to main content

A library of CDK aspects applying to security groups.

Project description

cdk-aspects-library-security-group

build

A CDK library containing EC2 security group related CDK Aspects and the ability to define custom aspects.

Features

  • Utilize built in aspects for common cases:

    • Disallow public access to any port
    • Disallow public access to AWS Restricted Common ports (per the AWS Config rule)
    • Disallow public access to SSH or RDP per CIS Benchmark guidelines and general good practice
    • Disallow public or ALL access to common management ports like SSH, RDP, WinRM, WinRM over HTTPS
    • Disallow public or ALL access common relational DB ports like MSSQL, MySQL, PostgreSQL, and Oracle
    • Disallow public or ALL common web ports like HTTP (80, 8080) and HTTPS (443, 8443)
  • Create any other aspect using the base security group aspect class.

  • By default aspects generate errors in the CDK metadata which the deployment or synth process will find, but this can be changed with the annotationType property

  • All default provided aspects restrict based on the public access CIDRs (0.0.0.0/0 and ::/0) but you can also defined aspects with any set of restricted CIDRs or security group IDs you like

API Doc

See API

Examples

Typescript

// Add an existing aspect to your stack
Aspects.of(stack).add(new NoPublicIngressAspect());

// Add a custom aspect to your stack
Aspects.of(stack).add(new SecurityGroupAspectBase({
  annotationText: 'This is a custom message warning you how you should not do what you are doing.',
  annotationType: AnnotationType.WARNING,
  ports: [5985],
  restrictedCidrs: ['10.1.0.0/16'],
}));

// Change an existing aspects message and type
Aspects.of(stack).add(new NoPublicIngressAspect(
  annotationText: 'This is custom text.',
  annotationType: AnnotationType.WARNING
));

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

File details

Details for the file renovosolutions.aws-cdk-aspects-security-group-2.1.115.tar.gz.

File metadata

File hashes

Hashes for renovosolutions.aws-cdk-aspects-security-group-2.1.115.tar.gz
Algorithm Hash digest
SHA256 bc1cce8d633aa8ab8340e9c44b5c82c3bfb6dac7bb96a7ce426e56a7877947d4
MD5 bc25f5778f9c724d8914fe13464e6ca1
BLAKE2b-256 0766553e0d7f5fce2652cef46092ce35df3ebb24787ed05144a2828a2d1dee4b

See more details on using hashes here.

File details

Details for the file renovosolutions.aws_cdk_aspects_security_group-2.1.115-py3-none-any.whl.

File metadata

File hashes

Hashes for renovosolutions.aws_cdk_aspects_security_group-2.1.115-py3-none-any.whl
Algorithm Hash digest
SHA256 44a8e503d04fd5692d3c4caf977db78faeb6ec94508370105a28bb14ff128663
MD5 621e7731bf2fbf424152cd39be4c85e9
BLAKE2b-256 621ee2f943d659ae04789fee49d4e5dd7ec253cd63020e2da142d7a51800a085

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page