PermissionBoundaryAspect
Source: src/aspects/permission-boundary-aspect.ts
Ensures every IAM Role has a permissions boundary; overrides the PermissionsBoundary property on AWS::IAM::Role resources.
Initializers
new PermissionBoundaryAspect(permissionBoundaryArn: string)
Parameters
| Name | Type | Description |
|---|---|---|
| permissionBoundaryArn | string | ARN of the IAM permissions boundary policy to attach to all roles. |
Usage
import * as cdk from 'aws-cdk-lib';
import { PermissionBoundaryAspect } from '../aspects/permission-boundary-aspect';
cdk.Aspects.of(app).add(
new PermissionBoundaryAspect(`arn:aws:iam::${accountId}:policy/base-permission-boundary`),
);
BucketEncryptionAspect
Source: src/aspects/s3-aspect.ts
Validates S3 buckets have server‑side encryption; adds a synth error if missing.
Initializers
new BucketEncryptionAspect()
No parameters required.
Usage
import * as cdk from 'aws-cdk-lib';
import { BucketEncryptionAspect } from '../aspects/s3-aspect';
cdk.Aspects.of(app).add(new BucketEncryptionAspect());
BucketPublicAccessAspect
Source: src/aspects/s3-aspect.ts
Validates S3 buckets have public access blocked; if not, it sets PublicAccessBlockConfiguration and adds a synth warning.
Initializers
new BucketPublicAccessAspect()
No parameters required.
Usage
import { BucketPublicAccessAspect } from '../aspects/s3-aspect';
cdk.Aspects.of(app).add(new BucketPublicAccessAspect());
vpcCidrAspect
Source: src/aspects/vpc-aspect.ts
Validates VPC CIDRs are within RFC1918 private ranges; adds a synth error otherwise.
Initializers
new vpcCidrAspect()
No parameters required.
Usage
import { vpcCidrAspect } from '../aspects/vpc-aspect';
cdk.Aspects.of(app).add(new vpcCidrAspect());