GS2-Deploy/CDK Reference of GS2-Guard
Entities
Namespace
Namespace
Namespace is a mechanism that allows multiple uses of the same service for different purposes within a single project. Basically, GS2 services have a layer called namespace, and different namespaces are treated as completely different data spaces, even for the same service.
Therefore, it is necessary to create a namespace before starting to use each service.
Type | Require | Default | Limitation | Description | |
---|---|---|---|---|---|
name | string | ✓ | ~ 128 chars | Namespace name | |
description | string | ~ 1024 chars | Description | ||
blockingPolicy | BlockingPolicyModel | ✓ | Blocking Policy |
GetAttr
Type | Description | |
---|---|---|
Item | Namespace | Namespace created |
Implementation Example
Type: GS2::Guard::Namespace
Properties:
Name: namespace1
Description: null
BlockingPolicy:
PassServices:
- account
DefaultRestriction: Deny
IpAddresses:
- 192.168.0.0/24
IpAddressRestriction: Allow
from gs2_cdk import Stack, core, guard
class SampleStack(Stack):
def __init__(self):
super().__init__()
guard.Namespace(
stack=self,
name="namespace-0001",
blocking_policy=guard.BlockingPolicyModel(
pass_services=['account'],,
default_restriction='Deny',,
options=guard.BlockingPolicyModelOptions(
locations=,
location_restriction=,
anonymous_ip_restriction=,
hosting_provider_ip_restriction=,
reputation_ip_restriction=,
ip_addresses=['192.168.0.0/24'],
ip_address_restriction='Allow',
)
),
)
print(SampleStack().yaml()) # Generate Template
class SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Guard\Model\Namespace_(
stack: $this,
name: "namespace-0001",
blockingPolicy: (new \Gs2Cdk\Guard\Model\BlockingPolicyModel(
passServices: ['account']
defaultRestriction: "Deny",
options: new \Gs2Cdk\Guard\Model\Options\BlockingPolicyModelOptions(
locations: ,
locationRestriction: ,
anonymousIpRestriction: ,
hostingProviderIpRestriction: ,
reputationIpRestriction: ,
ipAddresses: ['192.168.0.0/24'],
ipAddressRestriction: "Allow"
)
)
);
}
}
print((new SampleStack())->yaml()); // Generate Template
class SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.guard.model.Namespace(
this,
"namespace-0001",
new io.gs2.cdk.guard.model.BlockingPolicyModel(
passServices = ['account'],
defaultRestriction = "Deny",,
new io.gs2.cdk.guard.model.options.BlockingPolicyModelOptions(
,
,
,
,
,
['192.168.0.0/24'],
"Allow"
)
)
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Template
import core from "@/gs2cdk/core";
import guard from "@/gs2cdk/guard";
class SampleStack extends core.Stack
{
public constructor() {
super();
new guard.model.Namespace(
this,
"namespace-0001",
new guard.model.BlockingPolicyModel(
['account'],
"Deny",
,
,
,
,
,,
{
,
,
,
,
,
['192.168.0.0/24'],
"Allow"
}
)
);
}
}
console.log(new SampleStack().yaml()); // Generate Template
public class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Guard.Model.Namespace(
this,
"namespace-0001",
new Gs2Cdk.Gs2Guard.Model.BlockingPolicyModel(
PassServices = ['account'],
DefaultRestriction = "Deny",,
new Gs2Cdk.Gs2Guard.Model.Options.BlockingPolicyModelOptions {
Locations = ,
LocationRestriction = ,
AnonymousIpRestriction = ,
HostingProviderIpRestriction = ,
ReputationIpRestriction = ,
IpAddresses = ['192.168.0.0/24'],
IpAddressRestriction = "Allow"
}
)
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Template
BlockingPolicyModel
Blocking Policy
Type | Require | Default | Limitation | Description | |
---|---|---|---|---|---|
passServices | List<string> | ✓ | 1 ~ 100 items | List of GS2 services that can be accessed | |
defaultRestriction | enum { “Allow”, “Deny” } | ✓ | “Allow” | ~ 128 chars | Default restriction |
locationDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Location detection |
locations | List<string> | {locationDetection} == “Enable” | [] | 1 ~ 100 items | List of countries to detect access |
locationRestriction | enum { “Allow”, “Deny” } | {locationDetection} == “Enable” | ~ 128 chars | Behavior when matched with the country list | |
anonymousIpDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Anonymous IP Service Detection |
anonymousIpRestriction | enum { “Deny” } | {anonymousIpDetection} == “Enable” | “Deny” | ~ 128 chars | Behavior when detected anonymous IP service |
hostingProviderIpDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Hosting Service Detection |
hostingProviderIpRestriction | enum { “Deny” } | {hostingProviderIpDetection} == “Enable” | “Deny” | ~ 128 chars | Behavior when detected hosting service |
reputationIpDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Reputation access IP Detection |
reputationIpRestriction | enum { “Deny” } | {reputationIpDetection} == “Enable” | “Deny” | ~ 128 chars | Behavior when detected malicious access source IP |
ipAddressesDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Access source IP detection |
ipAddresses | List<string> | {ipAddressesDetection} == “Enable” | ~ 100 items | List of ip addresses | |
ipAddressRestriction | enum { “Allow”, “Deny” } | {ipAddressesDetection} == “Enable” | ~ 128 chars | Behavior when matched with the IP address list |
Enumeration type definition to specify as defaultRestriction
Enumerator String Definition | Description |
---|---|
Allow | Allow access from a predetermined access source |
Deny | Deny access from a predetermined access source |
Enumeration type definition to specify as locationDetection
Enumerator String Definition | Description |
---|---|
Enable | Enable |
Disable | Disable |
Enumeration type definition to specify as locationRestriction
Enumerator String Definition | Description |
---|---|
Allow | Allow |
Deny | Deny |
Enumeration type definition to specify as anonymousIpDetection
Enumerator String Definition | Description |
---|---|
Enable | Enable |
Disable | Disable |
Enumeration type definition to specify as anonymousIpRestriction
Enumerator String Definition | Description |
---|---|
Deny | Deny |
Enumeration type definition to specify as hostingProviderIpDetection
Enumerator String Definition | Description |
---|---|
Enable | Enable |
Disable | Disable |
Enumeration type definition to specify as hostingProviderIpRestriction
Enumerator String Definition | Description |
---|---|
Deny | Deny |
Enumeration type definition to specify as reputationIpDetection
Enumerator String Definition | Description |
---|---|
Enable | Enable |
Disable | Disable |
Enumeration type definition to specify as reputationIpRestriction
Enumerator String Definition | Description |
---|---|
Deny | Deny |
Enumeration type definition to specify as ipAddressesDetection
Enumerator String Definition | Description |
---|---|
Enable | Enable |
Disable | Disable |
Enumeration type definition to specify as ipAddressRestriction
Enumerator String Definition | Description |
---|---|
Allow | Allow |
Deny | Deny |