Security-restricted environments

Question

Security-restricted environments

eladb opened this issue 4 years ago · comments

PR	Champion
#

Description

Permission Boundaries
Bootstrapping Privileges
Enforcement of policy during synth (aspects?), during deployment (CFN hooks?) and at runtime (AWS Config?)

Progress

Richard H Boyd · Answer 1 · Thu Jan 30 2020 13:00:30 GMT+0800 (China Standard Time)

Slightly related to Permissions Boundaries, but I'd also like to see Resource Boundaries. CDK is in a great position to enforce "no EC2 resources may be created" or "no IAM resources may be imported" to accommodate some highly regulated environments.

Momo Kornher · Answer 2 · Sat Oct 14 2023 03:43:40 GMT+0800 (China Standard Time)

All supported now:
https://aws.amazon.com/about-aws/whats-new/2023/04/aws-cloud-development-kit-cdk-policies-validations/
https://aws.amazon.com/blogs/devops/secure-cdk-deployments-with-iam-permission-boundaries/