Add policy validation to CDK #477
Assignees
Labels
management/rfc
management/tracking
status/api-approved
API Bar Raiser signed-off the API of this RFC
status/done
Implementation complete
Comments
iliapolo
added
status/review
iliapolo
added
the
status/api-approved
otaviomacedo
added
status/final-comment-period
otaviomacedo
added
status/implementing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Add a new feature to the AWS CDK, that allows users to validate their CDK applications against externally defined policies. These policies are constraints on the properties and shape of the resources that can be created in an AWS account. For instance, a policy may specify that all S3 buckets should be encrypted using a customer managed KMS key, and that the KMS key, in turn, must have certain policies attached to it.
There are many tools in the market that allow customers to define these policies using a domain specific language (DSL) or a library written in a general purpose programming language. Taking a set of CloudFormation templates and a set of policies, these tools check whether any template violates any policy and report the violations to the user accordingly. This launch allows users to integrate one or more of these tools in the CDK synthesis flow, so that, if their application produces a non-compliant CloudFormation template, they get the feedback immediately.
This feature should be extensible, to allow any user to integrate with their own tools, without depending on changes to the CDK CLI or framework.
Roles
Workflow
status/proposed)status/review)api-approvedapplied to pull request)status/final-comments-period)status/approved)status/planning)status/implementing)status/done)The text was updated successfully, but these errors were encountered: