The Level 2 construct can be used to set up your AWS account with the reasonably secure configuration baseline. Internally it uses the Terraform CDK and the AWS Provider.
- Account password policies
- Cloudtrail
- Guardduty
- EBS encrypt default
- VPC flow log
- Security Hub
- Enable Config rules above
Just the constructs
npm install cdktf-aws-secure
import { Construct } from 'constructs';
import { Resource } from 'cdktf';
import { secure } from 'cdktf-aws-secure';
export class AwsSecure extends Resource {
constructor(scope: Construct, name: string ) {
super(scope, name);
////// Samples
const policy = new secure.EnableAccountPasswordPolicy(this, 'DefaultAccountPwdPolicy', {})
policy.addConfigRule() // and also add Config rule.
// enable guardduty
new secure.EnableGuardduty(this, 'EnableGuardduty', {});
// enable cloudtrail
new secure.EnableCloudTrail(this, 'EnableCloudTrail', {});
// enable ebs encrypt default
new secure.EnableEbsEncryption(this, 'EnableEbsEncryption', {});new secure.EnableGuardduty(this, 'EnableGuardduty');
// enable vpc flow log
new secure.EnableVpcFlowLog(this, 'EnableVpcFlowLog', {
vpcId: 'vpc-0123456789'
});
// enable security hub
new secure.EnableSecurityHub(this, 'EnableSecurityHub');
}
}See API Docs