GS2-Deploy/CDK Reference of GS2-Guard
Template format used to create GS2-Deploy stacks and examples of template output implementation in various languages using CDK
Entities
Namespace
Namespace
Namespace is a mechanism that allows multiple uses of the same service for different purposes within a single project. Basically, GS2 services have a layer called namespace, and different namespaces are treated as completely different data spaces, even for the same service.
Therefore, it is necessary to create a namespace before starting to use each service.
| Type | Require | Default | Limitation | Description | |
|---|---|---|---|---|---|
| name | string | ✓ | ~ 128 chars | Namespace name | |
| description | string | ~ 1024 chars | Description | ||
| blockingPolicy | BlockingPolicyModel | ✓ | Blocking Policy |
GetAttr
| Type | Description | |
|---|---|---|
| Item | Namespace | Namespace created |
Implementation Example
Type: GS2::Guard::Namespace
Properties:
Name: namespace-0001
Description: null
BlockingPolicy:
PassServices:
- account
DefaultRestriction: Deny
IpAddresses:
- 192.168.0.0/24
IpAddressRestriction: Allowimport "github.com/gs2io/gs2-golang-cdk/core"
import "github.com/gs2io/gs2-golang-cdk/guard"
import "github.com/openlyinc/pointy"
SampleStack := core.NewStack()
guard.NewNamespace(
&SampleStack,
"namespace-0001",
guard.BlockingPolicyModel{
PassServices: []string{
"account",
},
DefaultRestriction: "Deny",
IpAddresses: []string{
"192.168.0.0/24",
},
IpAddressRestriction: "Allow",
},
)
println(SampleStack.Yaml()) // Generate Template
class SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Guard\Model\Namespace_(
stack: $this,
name: "namespace-0001",
blockingPolicy: new \Gs2Cdk\Guard\Model\BlockingPolicyModel(
passServices: [
"account",
]
defaultRestriction: "Deny",
options: new \Gs2Cdk\Guard\Model\Options\BlockingPolicyModelOptions(
ipAddresses: [
"192.168.0.0/24",
],
ipAddressRestriction: "Allow"
)
)
);
}
}
print((new SampleStack())->yaml()); // Generate Template
class SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.guard.model.Namespace(
this,
"namespace-0001",
new io.gs2.cdk.guard.model.BlockingPolicyModel(
Arrays.asList(
"account"
),
"Deny",,
new io.gs2.cdk.guard.model.options.BlockingPolicyModelOptions()
.withIpAddresses(
Arrays.asList(
"192.168.0.0/24"
),
.withIpAddressRestriction(
"Allow"
)
)
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Guard.Model.Namespace(
stack: this,
name: "namespace-0001",
blockingPolicy: new Gs2Cdk.Gs2Guard.Model.BlockingPolicyModel(
passServices: new string[]
{
"account"
},
defaultRestriction: "Deny",
options: new Gs2Cdk.Gs2Guard.Model.Options.BlockingPolicyModelOptions
{
ipAddresses = new string[]
{
"192.168.0.0/24"
},
ipAddressRestriction = "Allow"
}
)
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import guard from "@/gs2cdk/guard";
class SampleStack extends core.Stack
{
public constructor() {
super();
new guard.model.Namespace(
this,
"namespace-0001",
new guard.model.BlockingPolicyModel(
[
"account",
],
"Deny",
,
,
,
,
,,
{
[
"192.168.0.0/24",
],
"Allow"
}
)
);
}
}
console.log(new SampleStack().yaml()); // Generate Template
from gs2_cdk import Stack, core, guard
class SampleStack(Stack):
def __init__(self):
super().__init__()
guard.Namespace(
stack=self,
name='namespace-0001',
blocking_policy=guard.BlockingPolicyModel(
pass_services=[
'account',
],,
default_restriction='Deny',,
options=guard.BlockingPolicyModelOptions(
ip_addresses=[
'192.168.0.0/24',
],
ip_address_restriction='Allow',
)
),
)
print(SampleStack().yaml()) # Generate TemplateBlockingPolicyModel
Blocking Policy
| Type | Require | Default | Limitation | Description | |
|---|---|---|---|---|---|
| passServices | List<string> | ✓ | 1 ~ 100 items | List of GS2 services that can be accessed | |
| defaultRestriction | enum { “Allow”, “Deny” } | ✓ | “Allow” | ~ 128 chars | Default restriction |
| locationDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Location detection |
| locations | List<string> | {locationDetection} == “Enable” | [] | 1 ~ 100 items | List of countries to detect access |
| locationRestriction | enum { “Allow”, “Deny” } | {locationDetection} == “Enable” | ~ 128 chars | Behavior when matched with the country list | |
| anonymousIpDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Anonymous IP Service Detection |
| anonymousIpRestriction | enum { “Deny” } | {anonymousIpDetection} == “Enable” | “Deny” | ~ 128 chars | Behavior when detected anonymous IP service |
| hostingProviderIpDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Hosting Service Detection |
| hostingProviderIpRestriction | enum { “Deny” } | {hostingProviderIpDetection} == “Enable” | “Deny” | ~ 128 chars | Behavior when detected hosting service |
| reputationIpDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Reputation access IP Detection |
| reputationIpRestriction | enum { “Deny” } | {reputationIpDetection} == “Enable” | “Deny” | ~ 128 chars | Behavior when detected malicious access source IP |
| ipAddressesDetection | enum { “Enable”, “Disable” } | ✓ | “Disable” | ~ 128 chars | Access source IP detection |
| ipAddresses | List<string> | {ipAddressesDetection} == “Enable” | ~ 100 items | List of ip addresses | |
| ipAddressRestriction | enum { “Allow”, “Deny” } | {ipAddressesDetection} == “Enable” | ~ 128 chars | Behavior when matched with the IP address list |
Enumeration type definition to specify as defaultRestriction
| Enumerator String Definition | Description |
|---|---|
| Allow | Allow access from a predetermined access source |
| Deny | Deny access from a predetermined access source |
Enumeration type definition to specify as locationDetection
| Enumerator String Definition | Description |
|---|---|
| Enable | Enable |
| Disable | Disable |
Enumeration type definition to specify as locationRestriction
| Enumerator String Definition | Description |
|---|---|
| Allow | Allow |
| Deny | Deny |
Enumeration type definition to specify as anonymousIpDetection
| Enumerator String Definition | Description |
|---|---|
| Enable | Enable |
| Disable | Disable |
Enumeration type definition to specify as anonymousIpRestriction
| Enumerator String Definition | Description |
|---|---|
| Deny | Deny |
Enumeration type definition to specify as hostingProviderIpDetection
| Enumerator String Definition | Description |
|---|---|
| Enable | Enable |
| Disable | Disable |
Enumeration type definition to specify as hostingProviderIpRestriction
| Enumerator String Definition | Description |
|---|---|
| Deny | Deny |
Enumeration type definition to specify as reputationIpDetection
| Enumerator String Definition | Description |
|---|---|
| Enable | Enable |
| Disable | Disable |
Enumeration type definition to specify as reputationIpRestriction
| Enumerator String Definition | Description |
|---|---|
| Deny | Deny |
Enumeration type definition to specify as ipAddressesDetection
| Enumerator String Definition | Description |
|---|---|
| Enable | Enable |
| Disable | Disable |
Enumeration type definition to specify as ipAddressRestriction
| Enumerator String Definition | Description |
|---|---|
| Allow | Allow |
| Deny | Deny |