Fugue.AWS.EC2.Compliance

Module Members

disallowRouteTarget

(Function)

Throw an error when the predicate returns true.

Type Signature

 fun { routeTargetPredicate: fun (RouteTarget) -> Bool,
       references: Optional<List<String>> } -> fun (RouteTarget) -> Validation
Argument: routeTargetPredicate
Type: fun ( RouteTarget) -> Bool
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( RouteTarget) -> Validation

flowLogHasLogGroupEnabled

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (FlowLog) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( FlowLog) -> Validation

iamRolesUsedAWSResourceAccess

(Function)

Verify that IAM roles are used for resource access from EC2.

Type Signature

 fun { references: Optional<List<String>> } -> fun (Instance) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Instance) -> Validation

noExplicitAllowAllPorts

(Function)

Ensuring that there is no explicit allow of all inbound ports

Type Signature

 fun { references: Optional<List<String>> } -> fun (SecurityGroup) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( SecurityGroup) -> Validation

noIngressFromAnywhereToPort22

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (SecurityGroup) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( SecurityGroup) -> Validation

noIngressFromAnywhereToPort23

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (SecurityGroup) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( SecurityGroup) -> Validation

noIngressFromAnywhereToPort3389

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (SecurityGroup) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( SecurityGroup) -> Validation

noIngressFromAnywhereToPort5500

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (SecurityGroup) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( SecurityGroup) -> Validation

noIngressFromAnywhereToPort5800UnlessELB

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (NodeStream) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( NodeStream) -> Validation

noIngressFromAnywhereToPort5900

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (SecurityGroup) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( SecurityGroup) -> Validation

noIngressFromAnywhereToPort80UnlessELB

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (NodeStream) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( NodeStream) -> Validation

noInstances

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (Instance) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Instance) -> Validation

requireEncryptionForEBSVolume

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (Volume) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( Volume) -> Validation

requireIpsec

(Function)

Type Signature

 fun { references: Optional<List<String>> } -> fun (VpnGatewayType) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( VpnGatewayType) -> Validation

vpcLoggingEnabled

(Function)

Check that each VPC has a Reject flowlog associated with it.

Type Signature

 fun { references: Optional<List<String>> } -> fun (NodeStream) -> Validation
Argument: references
Type: Optional<List<String>>
Returns:
Type: fun ( NodeStream) -> Validation