Slide 28
Slide 28 text
CDKを使った安全なBastionの構築例
new cdk.CfnOutput(this, "BastionAzOutput", {
value: bastion.instanceAvailabilityZone,
exportName: `${hcEnv}-hc-vpc-bastion-az`
});
new cdk.CfnOutput(this, "BastionIdOutput", {
value: bastion.instanceId,
exportName: `${hcEnv}-hc-vpc-bastion-id`
});
new ssm.CfnPatchBaseline(this, "BastionPatchBaseline", {
name: `${hcEnv}-hc-vpc-bastion-patch-baseline`,
operatingSystem: 'AMAZON_LINUX_2',
patchGroups: [ `${hcEnv}-hc-vpc-bastion` ],
approvalRules: {
patchRules: [
{
approveAfterDays: 0,
enableNonSecurity: true,
patchFilterGroup: {
patchFilters: [
{ key: "PRODUCT", values: [ "*" ] },
{ key: "CLASSIFICATION", values: [ "*" ] },
{ key: "SEVERITY", values: [ "*" ] }
]
}
}
]
}
});
Page 28 / 32