durkinza / cdk-networkfirewall-l2 Goto Github PK
View Code? Open in Web Editor NEWL2 constructs for the AWS CDK Network Firewall
Home Page: https://constructs.dev/packages/@durkinza/cdk-networkfirewall-l2/
License: Apache License 2.0
L2 constructs for the AWS CDK Network Firewall
Home Page: https://constructs.dev/packages/@durkinza/cdk-networkfirewall-l2/
License: Apache License 2.0
The README covers detailed steps of each portion of the Firewall documentation, but it fails to provide an easy to view example of what the firewall setup could look like.
Having an example/quickstart section that shows the basic setup of a firewall would be helpful to people that are looking at using this package.
The example only needs to represent the setup code for the Network Firewall, and any immediate dependencies such as the Firewall Policy class. But it doesn't need to show the whole CDK project structure.
The example could represent one of the two "opinionated" approaches that is described in the README, or possibly use the integration test example that is already written.
As a developer, I would like to know if a IaC deployment is invalid so the code can be re-worked/fixed before I submit it to a CI/CD pipeline for deployment.
Currently there is know way to know if a provided Suricata rule string is valid until it is deployed and the rule is parsed by the AWS Network Firewall.
If the rules could be parsed and validated in CDK, this would provide some additional assurance that the deployment process will work as expected and the stack will not be rejected or the firewall will fail to parse the rules.
Some issues with local validation:
The parser that is used in this library may not be the same parser used by AWS Network Firewall, and thus this library may not align with all issues seen by the AWS Network Firewall during deployment.
The parser will likely need to be a dependency for this library and creates a new dependency on a 3rd party library.
If the parser is unused (e.g. The CDK code does not use plain suricata rules) then the validation dependency is only bloat to the package size.
Would the addition of an integrated validation tool be worth the possible inaccuracy of reports, or should this effort be something a CI/CD pipeline is responsible for checking independently and before passing the rules to this library?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.