diff --git a/lib/bastion-host-forward.ts b/lib/bastion-host-forward.ts index 3e193ab..ba30078 100644 --- a/lib/bastion-host-forward.ts +++ b/lib/bastion-host-forward.ts @@ -11,7 +11,7 @@ limitations under the License. */ -import { Fn} from 'aws-cdk-lib'; +import { Fn } from 'aws-cdk-lib'; import { AmazonLinuxCpuType, AmazonLinuxGeneration, diff --git a/test/generic-bastion-host-forward.test.ts b/test/generic-bastion-host-forward.test.ts index 0e67265..73a8ee5 100644 --- a/test/generic-bastion-host-forward.test.ts +++ b/test/generic-bastion-host-forward.test.ts @@ -37,7 +37,7 @@ test('Bastion Host created for normal access', () => { template.hasResourceProperties('AWS::EC2::Instance', { UserData: { 'Fn::Base64': - 'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:6379\n timeout connect 10s\n timeout client 20m\n timeout server 50m\n mode tcp\n server service 127.0.0.1:6379\n" > /etc/haproxy/haproxy.cfg\nservice haproxy restart\n--//', + 'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n bind 0.0.0.0:6379\n timeout connect 10s\n timeout client 20m\n timeout server 50m\n mode tcp\n server service 127.0.0.1:6379\n" > /etc/haproxy/haproxy.cfg\nservice haproxy restart\n--//', }, Tags: [ { @@ -72,3 +72,23 @@ test('Bastion Host with own securityGroup', () => { assert.equal(securityGroup.securityGroupId, bastionHostSecurityGroup.securityGroupId); assert.equal(securityGroup.allowAllOutbound, bastionHostSecurityGroup.allowAllOutbound); }); + +test('Bastion Host has encrypted EBS', () => { + const app = new App(); + const stack = new Stack(app, 'TestStack'); + const testVpc = new Vpc(stack, 'TestVpc'); + + // WHEN + new GenericBastionHostForward(stack, 'MyTestConstruct', { + vpc: testVpc, + address: '127.0.0.1', + port: '6379', + }); + + const template = Template.fromStack(stack); + + // THEN + template.hasResourceProperties('AWS::EC2::Volume', { + Encrypted: true, + }); +}); diff --git a/tsconfig.json b/tsconfig.json index 47a9749..26f56a3 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -7,9 +7,7 @@ "declaration": true, "experimentalDecorators": true, "incremental": true, - "lib": [ - "es2020" - ], + "lib": ["es2020"], "module": "CommonJS", "noEmitOnError": true, "noFallthroughCasesInSwitch": true, @@ -28,12 +26,7 @@ "composite": false, "tsBuildInfoFile": "tsconfig.tsbuildinfo" }, - "include": [ - "**/*.ts" - ], - "exclude": [ - "node_modules", - ".types-compat" - ], + "include": ["**/*.ts"], + "exclude": ["node_modules", ".types-compat"], "_generated_by_jsii_": "Generated by jsii - safe to delete, and ideally should be in .gitignore" -} \ No newline at end of file +}