GS2-Deploy/CDK Reference of GS2-Guard

Entities

Namespace

Namespace

Namespace is a mechanism that allows multiple uses of the same service for different purposes within a single project. Basically, GS2 services have a layer called namespace, and different namespaces are treated as completely different data spaces, even for the same service.

Therefore, it is necessary to create a namespace before starting to use each service.

TypeRequireDefaultLimitationDescription
namestring~ 128 charsNamespace name
descriptionstring~ 1024 charsDescription
blockingPolicyBlockingPolicyModelBlocking Policy

GetAttr

TypeDescription
ItemNamespaceNamespace created

Implementation Example

Type: GS2::Guard::Namespace
Properties:
  Name: namespace1
  Description: null
  BlockingPolicy: 
    PassServices: 
    - account
    DefaultRestriction: Deny
    IpAddresses: 
    - 192.168.0.0/24
    IpAddressRestriction: Allow
from gs2_cdk import Stack, core, guard

class SampleStack(Stack):

    def __init__(self):
        super().__init__()
        guard.Namespace(
            stack=self,
            name="namespace-0001",
            blocking_policy=guard.BlockingPolicyModel(
            pass_services=['account'],,
            default_restriction='Deny',,
            options=guard.BlockingPolicyModelOptions(
                locations=,
                location_restriction=,
                anonymous_ip_restriction=,
                hosting_provider_ip_restriction=,
                reputation_ip_restriction=,
                ip_addresses=['192.168.0.0/24'],
                ip_address_restriction='Allow',
            )
        ),
        )

print(SampleStack().yaml())  # Generate Template
class SampleStack extends \Gs2Cdk\Core\Model\Stack
{
    function __construct() {
        parent::__construct();
        new \Gs2Cdk\Guard\Model\Namespace_(
            stack: $this,
            name: "namespace-0001",
            blockingPolicy: (new \Gs2Cdk\Guard\Model\BlockingPolicyModel(
                passServices: ['account']
                defaultRestriction: "Deny",
                options: new \Gs2Cdk\Guard\Model\Options\BlockingPolicyModelOptions(
                    locations: ,
                    locationRestriction: ,
                    anonymousIpRestriction: ,
                    hostingProviderIpRestriction: ,
                    reputationIpRestriction: ,
                    ipAddresses: ['192.168.0.0/24'],
                    ipAddressRestriction: "Allow"
                )
            )
        );
    }
}

print((new SampleStack())->yaml());  // Generate Template
class SampleStack extends io.gs2.cdk.core.model.Stack
{
    public SampleStack() {
        super();
        new io.gs2.cdk.guard.model.Namespace(
            this,
            "namespace-0001",
            new io.gs2.cdk.guard.model.BlockingPolicyModel(
                passServices = ['account'],
                defaultRestriction = "Deny",,
                new io.gs2.cdk.guard.model.options.BlockingPolicyModelOptions(
                    ,
                    ,
                    ,
                    ,
                    ,
                    ['192.168.0.0/24'],
                    "Allow"
                )
            )
        );
    }
}

System.out.println(new SampleStack().yaml());  // Generate Template
import core from "@/gs2cdk/core";
import guard from "@/gs2cdk/guard";

class SampleStack extends core.Stack
{
    public constructor() {
        super();
        new guard.model.Namespace(
            this,
            "namespace-0001",
            new guard.model.BlockingPolicyModel(
                ['account'],
                "Deny",
                ,
                ,
                ,
                ,
                ,,
                {
                    ,
                    ,
                    ,
                    ,
                    ,
                    ['192.168.0.0/24'],
                    "Allow"
                }
            )
        );
    }
}

console.log(new SampleStack().yaml());  // Generate Template
public class SampleStack : Gs2Cdk.Core.Model.Stack
{
    public SampleStack() {
        new Gs2Cdk.Gs2Guard.Model.Namespace(
            this,
            "namespace-0001",
            new Gs2Cdk.Gs2Guard.Model.BlockingPolicyModel(
                PassServices = ['account'],
                DefaultRestriction = "Deny",,
                new Gs2Cdk.Gs2Guard.Model.Options.BlockingPolicyModelOptions {
                    Locations = ,
                    LocationRestriction = ,
                    AnonymousIpRestriction = ,
                    HostingProviderIpRestriction = ,
                    ReputationIpRestriction = ,
                    IpAddresses = ['192.168.0.0/24'],
                    IpAddressRestriction = "Allow"
                }
            )
        );
    }
}

Debug.Log(new SampleStack().Yaml());  // Generate Template

BlockingPolicyModel

Blocking Policy

TypeRequireDefaultLimitationDescription
passServicesList<string>1 ~ 100 itemsList of GS2 services that can be accessed
defaultRestrictionenum {
    “Allow”,
    “Deny”
}
“Allow”~ 128 charsDefault restriction
locationDetectionenum {
    “Enable”,
    “Disable”
}
“Disable”~ 128 charsLocation detection
locationsList<string>{locationDetection} == “Enable”[]1 ~ 100 itemsList of countries to detect access
locationRestrictionenum {
    “Allow”,
    “Deny”
}
{locationDetection} == “Enable”~ 128 charsBehavior when matched with the country list
anonymousIpDetectionenum {
    “Enable”,
    “Disable”
}
“Disable”~ 128 charsAnonymous IP Service Detection
anonymousIpRestrictionenum {
    “Deny”
}
{anonymousIpDetection} == “Enable”“Deny”~ 128 charsBehavior when detected anonymous IP service
hostingProviderIpDetectionenum {
    “Enable”,
    “Disable”
}
“Disable”~ 128 charsHosting Service Detection
hostingProviderIpRestrictionenum {
    “Deny”
}
{hostingProviderIpDetection} == “Enable”“Deny”~ 128 charsBehavior when detected hosting service
reputationIpDetectionenum {
    “Enable”,
    “Disable”
}
“Disable”~ 128 charsReputation access IP Detection
reputationIpRestrictionenum {
    “Deny”
}
{reputationIpDetection} == “Enable”“Deny”~ 128 charsBehavior when detected malicious access source IP
ipAddressesDetectionenum {
    “Enable”,
    “Disable”
}
“Disable”~ 128 charsAccess source IP detection
ipAddressesList<string>{ipAddressesDetection} == “Enable”~ 100 itemsList of ip addresses
ipAddressRestrictionenum {
    “Allow”,
    “Deny”
}
{ipAddressesDetection} == “Enable”~ 128 charsBehavior when matched with the IP address list

Enumeration type definition to specify as defaultRestriction

Enumerator String DefinitionDescription
AllowAllow access from a predetermined access source
DenyDeny access from a predetermined access source

Enumeration type definition to specify as locationDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Enumeration type definition to specify as locationRestriction

Enumerator String DefinitionDescription
AllowAllow
DenyDeny

Enumeration type definition to specify as anonymousIpDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Enumeration type definition to specify as anonymousIpRestriction

Enumerator String DefinitionDescription
DenyDeny

Enumeration type definition to specify as hostingProviderIpDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Enumeration type definition to specify as hostingProviderIpRestriction

Enumerator String DefinitionDescription
DenyDeny

Enumeration type definition to specify as reputationIpDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Enumeration type definition to specify as reputationIpRestriction

Enumerator String DefinitionDescription
DenyDeny

Enumeration type definition to specify as ipAddressesDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Enumeration type definition to specify as ipAddressRestriction

Enumerator String DefinitionDescription
AllowAllow
DenyDeny