A CDK Construct for setting up foundational security features on your AWS account. The construct is based on Terraform
AWS Secure Baseline. The focus is for the time being in
implementation of alarms on certain dangerous events. The alarm baseline follows the Terraform baseline with optional
extras which can be enabled with enableAlarmExtras.
NPM deployment will come at some point.
Basic usage is described below. There are multiple customizable properties in CdkSecurityBaselineProps.
import { App, Stack } from 'aws-cdk-lib';
import { LogGroup } from 'aws-cdk-lib/aws-logs';
import { CdkSecurityBaseline } from 'cdk-security-baseline';
import { Construct } from 'constructs';
class CdkSecurityBaselineStack extends Stack {
constructor(scope: Construct, id: string) {
super(scope, id);
const logGroup = new LogGroup(this, 'LogGroup');
new CdkSecurityBaseline(this, 'CdkSecurityBaseline', {
alarmProps: {
cloudTrailLogGroup: logGroup,
enableAlarmExtras: true,
},
});
}
}
const app = new App();
new CdkSecurityBaselineStack(app, 'CdkSecurityBaselineStack');
app.synth();