0.0.8 • Published 3 years ago
cdk-compliant-dynamodb v0.0.8
cdk-compliant-dynamodb
cdk-compliant-dynamodb is an AWS CK construct that allows you to easily create an AWS DynamoDB that is fully compliant against the following AWS Config rules:
- BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED
- DYNAMODB_IN_BACKUP_PLAN
- DYNAMODB_PITR_ENABLED
- DYNAMODB_AUTOSCALING_ENABLED
- DYNAMODB_THROUGHPUT_LIMIT_CHECK
- DYNAMODB_TABLE_ENCRYPTED_KMS
Why
Use this construct to be compliant against the most common AWS Config rules without the need to even know them. Opt-out of rules for non production environments.
Sample
create a fully compliant DynamoDb table with imported AWS Backup vault
new CompliantDynamoDb(stack, 'MyCompliantDynamoDB', {
partitionKey: {
name: 'id',
type: dynamodb.AttributeType.STRING,
},
backupVaultName: 'my-dynamodb-backup-vault',
deleteBackupAfterDays: 90,
backupPlanStartTime: 6,
});Opt out of all rules (create a non compliant table)
new CompliantDynamoDb(stack, 'MyCompliantDynamoDB', {
partitionKey: {
name: 'id',
type: dynamodb.AttributeType.STRING,
},
disabledRules: [
'BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED',
'DYNAMODB_IN_BACKUP_PLAN',
'DYNAMODB_PITR_ENABLED',
'DYNAMODB_AUTOSCALING_ENABLED',
'DYNAMODB_THROUGHPUT_LIMIT_CHECK',
'DYNAMODB_TABLE_ENCRYPTED_KMS',
],
});