Closed justinvp closed 4 years ago
This provides a nicer way to create and configure the AWS Guard policies:
const awsGuard = new AwsGuard();
The above is equivalent to:
const awsGuard = new AwsGuard({ all: "advisory" });
To make all policies mandatory rather than advisory:
const awsGuard = new AwsGuard({ all: "mandatory" });
To make all policies mandatory, but change a couple to be advisory:
const awsGuard = new AwsGuard({ all: "mandatory", ec2InstanceNoPublicIP: "advisory", elbAccessLoggingEnabled: "advisory", });
To disable a particular policy:
const awsGuard = new AwsGuard({ ec2InstanceNoPublicIP: "disabled", });
To disable all policies except ones explicitly enabled:
const awsGuard = new AwsGuard({ all: "disabled", ec2InstanceNoPublicIP: "mandatory", elbAccessLoggingEnabled: "mandatory", });
To specify configuration for policies that have it:
const awsGuard = new AwsGuard({ ec2VolumeInUseCheck: { checkDeletion: false }, encryptedVolumes: { enforcementLevel: "mandatory", kmsId: "id" }, redshiftClusterMaintenanceSettingsCheck: { preferredMaintenanceWindow: "Mon:09:30-Mon:10:00" }, acmCheckCertificateExpiration: { maxDaysUntilExpiration: 10 }, });
This provides a nicer way to create and configure the AWS Guard policies:
The above is equivalent to:
To make all policies mandatory rather than advisory:
To make all policies mandatory, but change a couple to be advisory:
To disable a particular policy:
To disable all policies except ones explicitly enabled:
To specify configuration for policies that have it: