GS2-Deploy/CDK Reference of GS2-Guard

Template format used to create GS2-Deploy stacks and examples of template output implementation in various languages using CDK

Entities

Namespace

Namespace

Namespace is a mechanism that allows multiple uses of the same service for different purposes within a single project. Basically, GS2 services have a layer called namespace, and different namespaces are treated as completely different data spaces, even for the same service.

Therefore, it is necessary to create a namespace before starting to use each service.

TypeConditionRequireDefaultLimitationDescription
namestring
~ 128 charsNamespace name
descriptionstring~ 1024 charsDescription
blockingPolicyBlockingPolicyModel
Blocking Policy

GetAttr

Generation results of resources that can be obtained with the !GetAttr tag

TypeDescription
ItemNamespaceNamespace created

Implementation Example

Type: GS2::Guard::Namespace
Properties:
  Name: namespace-0001
  Description: null
  BlockingPolicy: 
    PassServices: 
    - account
    DefaultRestriction: Deny
    LocationDetection: Disable
    AnonymousIpDetection: Disable
    HostingProviderIpDetection: Disable
    ReputationIpDetection: Disable
    IpAddressesDetection: Enable
    IpAddresses: 
    - 192.168.0.0/24
    IpAddressRestriction: Allow
import (
    "github.com/gs2io/gs2-golang-cdk/core"
    "github.com/gs2io/gs2-golang-cdk/guard"
    "github.com/openlyinc/pointy"
)

SampleStack := core.NewStack()
guard.NewNamespace(
    &SampleStack,
    "namespace-0001",
    guard.BlockingPolicyModel{
        PassServices: []string{
            "account",
        },
        DefaultRestriction: guard.BlockingPolicyModelDefaultRestrictionDeny,
        LocationDetection: guard.BlockingPolicyModelLocationDetectionDisable,
        AnonymousIpDetection: guard.BlockingPolicyModelAnonymousIpDetectionDisable,
        HostingProviderIpDetection: guard.BlockingPolicyModelHostingProviderIpDetectionDisable,
        ReputationIpDetection: guard.BlockingPolicyModelReputationIpDetectionDisable,
        IpAddressesDetection: guard.BlockingPolicyModelIpAddressesDetectionEnable,
        IpAddresses: []string{
            "192.168.0.0/24",
        },
        IpAddressRestriction: guard.BlockingPolicyModelIpAddressRestrictionAllow.Pointer(),
    },
    guard.NamespaceOptions{},
)

println(SampleStack.Yaml())  // Generate Template
class SampleStack extends \Gs2Cdk\Core\Model\Stack
{
    function __construct() {
        parent::__construct();
        new \Gs2Cdk\Guard\Model\Namespace_(
            stack: $this,
            name: "namespace-0001",
            blockingPolicy: new \Gs2Cdk\Guard\Model\BlockingPolicyModel(
                passServices: [
                    "account",
                ],
                defaultRestriction: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelDefaultRestriction::DENY,
                locationDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelLocationDetection::DISABLE,
                anonymousIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelAnonymousIpDetection::DISABLE,
                hostingProviderIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelHostingProviderIpDetection::DISABLE,
                reputationIpDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelReputationIpDetection::DISABLE,
                ipAddressesDetection: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelIpAddressesDetection::ENABLE,
                options: new \Gs2Cdk\Guard\Model\Options\BlockingPolicyModelOptions(
                    ipAddresses: [
                        "192.168.0.0/24",
                    ],
                    ipAddressRestriction: Gs2Cdk\Guard\Model\Enums\BlockingPolicyModelIpAddressRestriction::ALLOW
                )
            )
        );
    }
}

print((new SampleStack())->yaml());  // Generate Template
class SampleStack extends io.gs2.cdk.core.model.Stack
{
    public SampleStack() {
        super();
        new io.gs2.cdk.guard.model.Namespace(
                this,
                "namespace-0001",
                new io.gs2.cdk.guard.model.BlockingPolicyModel(
                Arrays.asList(
                    "account"
                ),
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelDefaultRestriction.DENY,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelLocationDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelAnonymousIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelReputationIpDetection.DISABLE,
                io.gs2.cdk.guard.model.enums.BlockingPolicyModelIpAddressesDetection.ENABLE,
                new io.gs2.cdk.guard.model.options.BlockingPolicyModelOptions()
                    .withIpAddresses(
                        Arrays.asList(
                            "192.168.0.0/24"
                        )
                    )
                    .withIpAddressRestriction(
                        io.gs2.cdk.guard.model.enums.BlockingPolicyModelIpAddressRestriction.ALLOW
                    )
            )
        );
    }
}

System.out.println(new SampleStack().yaml());  // Generate Template
public class SampleStack : Gs2Cdk.Core.Model.Stack
{
    public SampleStack() {
        new Gs2Cdk.Gs2Guard.Model.Namespace(
            stack: this,
            name: "namespace-0001",
            blockingPolicy: new Gs2Cdk.Gs2Guard.Model.BlockingPolicyModel(
                passServices: new string[]
                {
                    "account"
                },
                defaultRestriction: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelDefaultRestriction.Deny,
                locationDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelLocationDetection.Disable,
                anonymousIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelAnonymousIpDetection.Disable,
                hostingProviderIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelHostingProviderIpDetection.Disable,
                reputationIpDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelReputationIpDetection.Disable,
                ipAddressesDetection: Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelIpAddressesDetection.Enable,
                options: new Gs2Cdk.Gs2Guard.Model.Options.BlockingPolicyModelOptions
                {
                    ipAddresses = new string[]
                    {
                        "192.168.0.0/24"
                    },
                    ipAddressRestriction = Gs2Cdk.Gs2Guard.Model.Enums.BlockingPolicyModelIpAddressRestriction.Allow
                }
            )
        );
    }
}

Debug.Log(new SampleStack().Yaml());  // Generate Template
import core from "@/gs2cdk/core";
import guard from "@/gs2cdk/guard";

class SampleStack extends core.Stack
{
    public constructor() {
        super();
        new guard.model.Namespace(
            this,
            "namespace-0001",
            new guard.model.BlockingPolicyModel(
                [
                    "account",
                ],
                guard.model.BlockingPolicyModelDefaultRestriction.DENY,
                guard.model.BlockingPolicyModelLocationDetection.DISABLE,
                guard.model.BlockingPolicyModelAnonymousIpDetection.DISABLE,
                guard.model.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
                guard.model.BlockingPolicyModelReputationIpDetection.DISABLE,
                guard.model.BlockingPolicyModelIpAddressesDetection.ENABLE,
                {
                    ipAddresses:
                    [
                        "192.168.0.0/24",
                    ],
                    ipAddressRestriction:
                    guard.model.BlockingPolicyModelIpAddressRestriction.ALLOW
                }
            )
        );
    }
}

console.log(new SampleStack().yaml());  // Generate Template
from gs2_cdk import Stack, core, guard

class SampleStack(Stack):

    def __init__(self):
        super().__init__()
        guard.Namespace(
            stack=self,
            name='namespace-0001',
            blocking_policy=guard.BlockingPolicyModel(
            pass_services=[
                'account',
            ],
            default_restriction=guard.BlockingPolicyModelDefaultRestriction.DENY,
            location_detection=guard.BlockingPolicyModelLocationDetection.DISABLE,
            anonymous_ip_detection=guard.BlockingPolicyModelAnonymousIpDetection.DISABLE,
            hosting_provider_ip_detection=guard.BlockingPolicyModelHostingProviderIpDetection.DISABLE,
            reputation_ip_detection=guard.BlockingPolicyModelReputationIpDetection.DISABLE,
            ip_addresses_detection=guard.BlockingPolicyModelIpAddressesDetection.ENABLE,
            options=guard.BlockingPolicyModelOptions(
                ip_addresses=[
                    '192.168.0.0/24',
                ],
                ip_address_restriction=guard.BlockingPolicyModelIpAddressRestriction.ALLOW,
            )
        ),
        )

print(SampleStack().yaml())  # Generate Template

BlockingPolicyModel

Blocking Policy

TypeConditionRequireDefaultLimitationDescription
passServicesList<string>
1 ~ 100 itemsList of GS2 services that can be accessed
defaultRestrictionenum {
  “Allow”,
  “Deny”
}
“Allow”~ 128 charsDefault restriction
[Definition of enumeration type to be specified for defaultRestriction](#definition-of-enumeration-type-to-be-specified-for-defaultrestriction
locationDetectionenum {
  “Enable”,
  “Disable”
}
“Disable”~ 128 charsLocation detection
[Definition of enumeration type to be specified for locationDetection](#definition-of-enumeration-type-to-be-specified-for-locationdetection
locationsList<string>{locationDetection} == “Enable”
[]1 ~ 100 itemsList of countries to detect access
If locationDetection is “Enable”, then required
locationRestrictionenum {
  “Allow”,
  “Deny”
}
{locationDetection} == “Enable”
~ 128 charsBehavior when matched with the country list
If locationDetection is “Enable”, then required
anonymousIpDetectionenum {
  “Enable”,
  “Disable”
}
“Disable”~ 128 charsAnonymous IP Service Detection
[Definition of enumeration type to be specified for anonymousIpDetection](#definition-of-enumeration-type-to-be-specified-for-anonymousipdetection
anonymousIpRestrictionenum {
  “Deny”
}
{anonymousIpDetection} == “Enable”
“Deny”~ 128 charsBehavior when detected anonymous IP service
If anonymousIpDetection is “Enable”, then required
hostingProviderIpDetectionenum {
  “Enable”,
  “Disable”
}
“Disable”~ 128 charsHosting Service Detection
[Definition of enumeration type to be specified for hostingProviderIpDetection](#definition-of-enumeration-type-to-be-specified-for-hostingprovideripdetection
hostingProviderIpRestrictionenum {
  “Deny”
}
{hostingProviderIpDetection} == “Enable”
“Deny”~ 128 charsBehavior when detected hosting service
If hostingProviderIpDetection is “Enable”, then required
reputationIpDetectionenum {
  “Enable”,
  “Disable”
}
“Disable”~ 128 charsReputation access IP Detection
[Definition of enumeration type to be specified for reputationIpDetection](#definition-of-enumeration-type-to-be-specified-for-reputationipdetection
reputationIpRestrictionenum {
  “Deny”
}
{reputationIpDetection} == “Enable”
“Deny”~ 128 charsBehavior when detected malicious access source IP
If reputationIpDetection is “Enable”, then required
ipAddressesDetectionenum {
  “Enable”,
  “Disable”
}
“Disable”~ 128 charsAccess source IP detection
[Definition of enumeration type to be specified for ipAddressesDetection](#definition-of-enumeration-type-to-be-specified-for-ipaddressesdetection
ipAddressesList<string>{ipAddressesDetection} == “Enable”~ 100 itemsList of ip addresses
If ipAddressesDetection is “Enable”, then enabled
ipAddressRestrictionenum {
  “Allow”,
  “Deny”
}
{ipAddressesDetection} == “Enable”
~ 128 charsBehavior when matched with the IP address list
If ipAddressesDetection is “Enable”, then required

Definition of enumeration type to be specified for defaultRestriction

Enumerator String DefinitionDescription
AllowAllow access from a predetermined access source
DenyDeny access from a predetermined access source

Definition of enumeration type to be specified for locationDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Definition of enumeration type to be specified for locationRestriction

Enumerator String DefinitionDescription
AllowAllow
DenyDeny

Definition of enumeration type to be specified for anonymousIpDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Definition of enumeration type to be specified for anonymousIpRestriction

Enumerator String DefinitionDescription
DenyDeny

Definition of enumeration type to be specified for hostingProviderIpDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Definition of enumeration type to be specified for hostingProviderIpRestriction

Enumerator String DefinitionDescription
DenyDeny

Definition of enumeration type to be specified for reputationIpDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Definition of enumeration type to be specified for reputationIpRestriction

Enumerator String DefinitionDescription
DenyDeny

Definition of enumeration type to be specified for ipAddressesDetection

Enumerator String DefinitionDescription
EnableEnable
DisableDisable

Definition of enumeration type to be specified for ipAddressRestriction

Enumerator String DefinitionDescription
AllowAllow
DenyDeny