AWS cdk documentation change
Summary
Added sections on AWS Shared Responsibility Model, security of default generated infrastructure, execution in trusted environments, and compliance verification requirements.
Security assessment
Added comprehensive security documentation about CDK's security model and responsibilities, but no evidence of addressing a specific vulnerability.
Diff
diff --git a/cdk/v2/guide/security.md b/cdk/v2/guide/security.md index 93e94a542..42fd7ed8f 100644 --- a//cdk/v2/guide/security.md +++ b//cdk/v2/guide/security.md @@ -6,0 +7,2 @@ +The AWS Shared Responsibility ModelSecurity of the AWS CDK + @@ -10,0 +13,2 @@ This is the AWS CDK v2 Developer Guide. The older CDK v1 entered maintenance on +## The AWS Shared Responsibility Model + @@ -18,0 +23,22 @@ The AWS CDK follows the [shared responsibility model](https://aws.amazon.com/com +## Security of the AWS CDK + +Given a program written in a general purpose programming language that describes the shape of your desired infrastructure, the AWS CDK generates a set of deployable artifacts that will create that infrastructure. + +### Security of default generated infrastructure + +_(AWS' responsibility)_ Constructs in the AWS Construct Library are designed to generate infrastructure that does not allow data disclosure, data manipulation, elevation of privilege or other tampering by unauthorized third parties (unless explicitly configured otherwise, which is in line with the [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/)). + +Any violation of this expectation can be reported [through the company-wide vulnerability reporting mechanisms](https://aws.amazon.com/security/vulnerability-reporting/). + +### Execution in a trusted environment + +_(Your responsibility)_ CDK is designed to run in a _trusted environment_ with _trusted inputs_. It is your responsibility to ensure user code, any libraries loaded into memory (including those downloaded from the Internet via a package manager like NPM or pip), or inputs into the CDK construct libraries are trustworthy. The CDK cannot protect you from malicious intent. + +You should not use CDK in an environment where untrusted authors write parts of the code that drives a CDK application, or where untrusted parties control inputs to CDK constructs without validation. + +### Compliance verification is an external process + +_(Your responsibility)_ Because of the unlimited expressivity afforded by a general purpose programming language, custom CDK constructs cannot _guarantee_ an unbypassable compliance with security policies. CDK has mechanisms to [shift left compliance checks](./compliance-validation.html), and mechanisms that can [help developers meet compliance requirements with minimal effort](./blueprints.html); but a determined enough developer will always be able to bypass the output of the specially designed constructs. + +If you need compliance guarantees, impose them via a process external to the CDK application like [CloudFormation Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/what-is-cloudformation-hooks.html), or a separate CloudFormation template validation step in the CI Pipeline. + @@ -27 +53 @@ Use tools with the CDK -Identity and access management +AWS CDK troubleshooting