Aspects

Cross-cutting rules you can apply across constructs and stacks.

PermissionBoundaryAspect

Source: src/aspects/permission-boundary-aspect.ts

Purpose: Ensures every IAM Role has a permissions boundary; overrides the PermissionsBoundary property on AWS::IAM::Role resources.

API

  • new PermissionBoundaryAspect(permissionBoundaryArn: string)

Usage

import * as cdk from 'aws-cdk-lib';
import { PermissionBoundaryAspect } from '../aspects/permission-boundary-aspect';
 
cdk.Aspects.of(app).add(
  new PermissionBoundaryAspect(`arn:aws:iam::${accountId}:policy/base-permission-boundary`),
);

BucketEncryptionAspect

Source: src/aspects/s3-aspect.ts

Purpose: Validates S3 buckets have server‑side encryption; adds a synth error if missing.

API

  • new BucketEncryptionAspect()

Usage

import * as cdk from 'aws-cdk-lib';
import { BucketEncryptionAspect } from '../aspects/s3-aspect';
 
cdk.Aspects.of(app).add(new BucketEncryptionAspect());

BucketPublicAccessAspect

Source: src/aspects/s3-aspect.ts

Purpose: Validates S3 buckets have public access blocked; if not, it sets PublicAccessBlockConfiguration and adds a synth warning.

API

  • new BucketPublicAccessAspect()

Usage

import { BucketPublicAccessAspect } from '../aspects/s3-aspect';
cdk.Aspects.of(app).add(new BucketPublicAccessAspect());

vpcCidrAspect

Source: src/aspects/vpc-aspect.ts

Purpose: Validates VPC CIDRs are within RFC1918 private ranges; adds a synth error otherwise.

API

  • new vpcCidrAspect()

Usage

import { vpcCidrAspect } from '../aspects/vpc-aspect';
cdk.Aspects.of(app).add(new vpcCidrAspect());
ProjenConstructs