Interface StackValidationPolicy

StackValidationPolicy is a policy that validates a stack.

interface StackValidationPolicy {
    configSchema?: PolicyConfigSchema;
    description: string;
    enforcementLevel?: EnforcementLevel;
    name: string;
    validateStack: StackValidation;
}

Hierarchy (view full)

Properties

configSchema? description enforcementLevel? name validateStack

Properties

Optional configSchema

configSchema?: PolicyConfigSchema

This policy's configuration schema.

For example:

{
    configSchema: {
        properties: {
            expiration: {
                type: "integer",
                default: 14,
            },
            identifier: {
                type: "string",
            },
        },
    },

    validateResource: (args, reportViolation) => {
        const { expiration, identifier } = args.getConfig<{ expiration: number; identifier?: string; }>();

        // ...
    }),
}

description

description: string

A brief description of the policy rule. e.g., "S3 buckets should have default encryption enabled."

Optional enforcementLevel

enforcementLevel?: EnforcementLevel

Indicates what to do on policy violation, e.g., block deployment but allow override with proper permissions.

name

name: string

An ID for the policy. Must be unique within the current policy set.

validateStack

validateStack: StackValidation

A callback function that validates if a stack violates a policy.

Settings

Member Visibility

Theme

On This Page

configSchemadescriptionenforcementLevelnamevalidateStack

Generated using TypeDoc