@richkang/cdk-construct-best-practices-config-conformance
TypeScript icon, indicating that this package has built-in type declarations

0.1.6 • Public • Published

CDK Construct to create AWS Config Conformance Pack for common best practices

A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations.

This CDK Construct included some Conformance Pack for best practices with Config managed rules.

Conformance Pack

RDS Best practices

Subset of security best practices for Amazon RDS Conformance Packs. Full set of the rules can be found in AWS Config github repository.

RDS_INSTANCE_PUBLIC_ACCESS_CHECK

Make sure the RDS is in the isolated subnet [1].

RDS_STORAGE_ENCRYPTED

RDS has encryption of data at rest [2].

Example usage

Conformance Pack Name: CdkConstructSecuredResourcesConfig.rdsBestPracticesComformancePack

const config = new CdkConstructSecuredResourcesConfig(this, `${stack_id}-config`,{
    conformancePacks: [CdkConstructSecuredResourcesConfig.rdsBestPracticesComformancePack],
    configDeliveryS3Bucket: cdk.aws_s3.Bucket.fromBucketArn(this, `${stack_id}-config-s3`, s3BucketForConfig)  
});

References

Package Sidebar

Install

npm i @richkang/cdk-construct-best-practices-config-conformance

Weekly Downloads

1

Version

0.1.6

License

MIT

Unpacked Size

472 kB

Total Files

16

Last publish

Collaborators

  • richkang