Optional
configThis policy's configuration schema.
For example:
{
configSchema: {
properties: {
expiration: {
type: "integer",
default: 14,
},
identifier: {
type: "string",
},
},
},
validateResource: (args, reportViolation) => {
const { expiration, identifier } = args.getConfig<{ expiration: number; identifier?: string; }>();
// ...
}),
}
A brief description of the policy rule. e.g., "S3 buckets should have default encryption enabled."
Optional
enforcementIndicates what to do on policy violation, e.g., block deployment but allow override with proper permissions.
An ID for the policy. Must be unique within the current policy set.
Optional
remediateTakes a resource as input and optionally returns a remediated set of properties. Remediations run prior to validations, and give a policy a chance to fix the issue rather than just flag it.
Optional
validateA callback function that validates if a resource definition violates a policy (e.g. "S3 buckets can't be public"). A single callback function can be specified, or multiple functions, which are called in order.
Generated using TypeDoc
ResourceValidationPolicy is a policy that validates a resource definition.
For example: