|
| 1 | +#!/usr/bin/env node |
| 2 | +/***************************************************************************** |
| 3 | + * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. * |
| 4 | + * * |
| 5 | + * Licensed under the Apache License, Version 2.0 (the "License"). You may * |
| 6 | + * not use this file except in compliance with the License. A copy of the * |
| 7 | + * License is located at * |
| 8 | + * * |
| 9 | + * http://www.apache.org/licenses/LICENSE-2.0 * |
| 10 | + * * |
| 11 | + * or in the 'license' file accompanying this file. This file is distributed * |
| 12 | + * on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, * |
| 13 | + * express or implied. See the License for the specific language governing * |
| 14 | + * permissions and limitations under the License. * |
| 15 | + *****************************************************************************/ |
| 16 | +import 'source-map-support/register'; |
| 17 | +import * as cdk from '@aws-cdk/core'; |
| 18 | +import { CisStack } from '../lib/cis-stack'; |
| 19 | +import { CisPermissionsStack } from '../lib/cis-permissions-stack'; |
| 20 | + |
| 21 | +// SOLUTION_* - set by solution_env.sh |
| 22 | +const SOLUTION_ID = process.env['SOLUTION_ID'] || 'undefined'; |
| 23 | +const SOLUTION_NAME = process.env['SOLUTION_NAME'] || 'undefined'; |
| 24 | +// DIST_* - set by build-s3-dist.sh |
| 25 | +const DIST_VERSION = process.env['DIST_VERSION'] || '%%VERSION%%'; |
| 26 | +const DIST_OUTPUT_BUCKET = process.env['DIST_OUTPUT_BUCKET'] || '%%BUCKET%%'; |
| 27 | +const DIST_SOLUTION_NAME = process.env['DIST_SOLUTION_NAME'] || '%%SOLUTION%%'; |
| 28 | + |
| 29 | +const app = new cdk.App(); |
| 30 | + |
| 31 | +const cisStack = new CisStack(app, 'CisStack', { |
| 32 | + description: '(' + SOLUTION_ID + ') ' + SOLUTION_NAME + |
| 33 | + ' CIS Compliance Pack, ' + DIST_VERSION, |
| 34 | + solutionId: SOLUTION_ID, |
| 35 | + solutionVersion: DIST_VERSION, |
| 36 | + solutionName: SOLUTION_NAME, |
| 37 | + solutionDistBucket: DIST_OUTPUT_BUCKET, |
| 38 | + solutionDistName: DIST_SOLUTION_NAME |
| 39 | +}); |
| 40 | + |
| 41 | +const cisPermStack = new CisPermissionsStack(app, 'CisPermissionsStack', { |
| 42 | + description: '(' + SOLUTION_ID + ') ' + SOLUTION_NAME + |
| 43 | + ' CIS Compliance Pack Permissions, ' + DIST_VERSION, |
| 44 | + solutionId: SOLUTION_ID, |
| 45 | + solutionVersion: DIST_VERSION, |
| 46 | + solutionName: SOLUTION_NAME, |
| 47 | + solutionDistBucket: DIST_OUTPUT_BUCKET, |
| 48 | + solutionDistName: DIST_SOLUTION_NAME |
| 49 | +}); |
| 50 | + |
| 51 | +const stackMedata = { |
| 52 | + "AWS::CloudFormation::Interface": { |
| 53 | + "ParameterGroups": [ |
| 54 | + { |
| 55 | + "Label": { "default": "Even if you do not enable fully automated remediation, you can still trigger a remediation action in the Security Hub console by selecting a specific finding, clicking the Action menu, and choosing the remediation action." }, |
| 56 | + "Parameters": ["CIS1314AutoRemediation", "CIS15111AutoRemediation", "CIS22AutoRemediation", "CIS23AutoRemediation", |
| 57 | + "CIS24AutoRemediation", "CIS26AutoRemediation", "CIS28AutoRemediation", "CIS29AutoRemediation", |
| 58 | + "CIS4142AutoRemediation", "CIS43AutoRemediation"] |
| 59 | + } |
| 60 | + ], |
| 61 | + } |
| 62 | +} |
| 63 | + |
| 64 | +cisStack.templateOptions.metadata = stackMedata; |
| 65 | + |
| 66 | +cisStack.templateOptions.templateFormatVersion = "2010-09-09" |
| 67 | +cisPermStack.templateOptions.templateFormatVersion = "2010-09-09" |
0 commit comments