Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

secure-cdk

Package Overview
Dependencies
Maintainers
1
Versions
24
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

secure-cdk

Security abstraction for AWS CDK library. Create AWS resources with best security practices applied for you.

  • 0.1.11-alpha.1
  • npm
  • Socket score

Version published
Weekly downloads
26
increased by550%
Maintainers
1
Weekly downloads
 
Created
Source

Security abstraction for AWS CDK library. Create AWS resources with best security practices applied for you.

npm version npm

Description

The purpose of this package is to enforce best security practices for AWS services. It uses AWS CDK under the hood to create resources and won't work without it.

You may find that some of the rules are too strict for your use cases, but you always have a possibility of explicitly overriding them. If you do that, you will get a warning that will remind you about the security violations.

Installation

npm i secure-cdk --save-dev

or

yarn add secure-cdk -D

Usage

S3 Bucket

By using SecureBucket class instead of the AWS's Bucket construct, you are getting the following properties set by default.

PropertyValueDescriptionAWS CDK Default
enforceSSLtrueEnforces SSL for requests.false
publicReadAccessfalseGrants public read access to all objects in the bucket.false
encryptionEncrypted (S3 managed)The kind of server-side encryption to apply to this bucket.Unencrypted
import { SecureBucket } from 'secure-cdk';

const mySiteBucket = new SecureBucket(this, 'my-bucket', {
  bucketName: 'my-bucket-name',
  websiteIndexDocument: 'index.html'
});

CloudFront Distribution

Security wrapper for Distribution construct.

PropertyValueDescriptionAWS CDK Default
minimumProtocolVersionTLS_V1_2_2021The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.TLS_V1_2_2021

createSecureBehavior is a function used to create preconfigured behaviors for CloudFront distributions.

PropertyValueDescriptionAWS CDK Default
viewerProtocolPolicyHTTPS_ONLYThe protocol that viewers can use to access the files controlled by this behavior.ALLOW_ALL
import { createSecureBehavior, SecureDistribution } from 'secure-cdk';

const distribution = new SecureDistribution(this, 'my-distribution', {
  defaultBehavior: createSecureBehavior({
    origin: new S3Origin(mySiteBucket)
  })
});

IAM Role (PolicyStatement)

Security wrapper for PolicyStatement construct. Does not set default properties, however warns when:

  • * passed in actions property;
  • <resource>:* passed in actions property;
  • * passed in resources property;
  • .addResources called with *;
  • .addActions called with * or <resource>:*;
import { Effect } from '@aws-cdk/aws-iam';
import { SecurePolicyStatement } from 'secure-cdk';

const policyStatement = new SecurePolicyStatement(this, 'my-policy-statement', {
  actions: ['cloudfront:*'],
  resources: ['*'],
  effect: Effect.ALLOW
});
// or
policyStatement.addActions('*');
policyStatement.addResources('*');

TODO

  • Alternative automatic checker (extensions of a Stack);
  • Centralized warning system to awoid warning duplication;
  • Inclusion of resource identifier in warning;

Keywords

FAQs

Package last updated on 31 Oct 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc