Company guardrails

The project shows an approach to company guardrails for AWS CDK applications. It implements a landing page frontend component that uses Amazon S3 for hosting.

Create development environment

See Getting Started With the AWS CDK for additional details and prerequisites

Clone the code

git clone https://github.com/alexpulver/company-guardrails
cd company-guardrails

Create Python virtual environment and install the dependencies

python3.7 -m venv .venv
source .venv/bin/activate
# [Optional] Needed to upgrade dependencies and cleanup unused packages
pip install pip-tools==6.2.0
./scripts/install-deps.sh
./scripts/run-tests.sh

[Optional] Upgrade AWS CDK Toolkit version

vi package.json  # Update "aws-cdk" package version
./scripts/install-deps.sh
./scripts/run-tests.sh

[Optional] Upgrade dependencies (ordered by constraints)

Consider AWS CDK Toolkit (CLI) compatibility when upgrading AWS CDK packages version.

pip-compile --upgrade requirements.in
pip-compile --upgrade requirements-dev.in
./scripts/install-deps.sh
# [Optional] Cleanup unused packages
pip-sync requirements.txt requirements-dev.txt
./scripts/run-tests.sh

Run compliance checks

The checks are performed using cdk-nag library when synthesizing the application.

npx cdk synth

If cdk-nag finds issues, you can use company's policy library to remediate, or suppress the rule if needed. Follow the instructions in cdk-nag webpage for how to suppress a rule.

See website infrastructure construct for an example of applying NIST 800-53 rules to the website bucket, while suppressing the rule for the logs bucket used to make the website bucket compliant.

Deploy the component to development environment

The LandingPageFrontend stack uses your default AWS account and region.

npx cdk deploy LandingPageFrontend

Delete the component

Do not forget to delete the component to avoid unexpected charges

npx cdk destroy LandingPageFrontend