Interface Policy

A policy function that returns true if a resource definition violates some policy (e.g., "no public S3 buckets"), and a set of metadata useful for generating helpful messages when the policy is violated.

interface Policy {
    configSchema?: PolicyConfigSchema;
    description: string;
    enforcementLevel?: EnforcementLevel;
    name: string;
}

Hierarchy (view full)

Properties

configSchema? description enforcementLevel? name

Properties

Optional configSchema

configSchema?: PolicyConfigSchema

This policy's configuration schema.

For example:

{
    configSchema: {
        properties: {
            expiration: {
                type: "integer",
                default: 14,
            },
            identifier: {
                type: "string",
            },
        },
    },

    validateResource: (args, reportViolation) => {
        const { expiration, identifier } = args.getConfig<{ expiration: number; identifier?: string; }>();

        // ...
    }),
}

description

description: string

A brief description of the policy rule. e.g., "S3 buckets should have default encryption enabled."

Optional enforcementLevel

enforcementLevel?: EnforcementLevel

Indicates what to do on policy violation, e.g., block deployment but allow override with proper permissions.

name

name: string

An ID for the policy. Must be unique within the current policy set.

Settings

Member Visibility

Theme

On This Page

configSchemadescriptionenforcementLevelname

Generated using TypeDoc