HIPAA Security - Implement beanstalk-enhanced-health-reporting-enabled config rule

[dontirun]

Summary

As a developer

I would like to implement the beanstalk-enhanced-health-reporting-enabled config rule

So that I can check if qualified resources in my CDK app conforms to the following HIPAA Security control(s): 164.312(b)

Details

ruleId: HIPAA.Security-ElasticBeanstalkEnhancedHealthReportingEnabled

info: The Elastic Beanstalk environment does not have enhanced health reporting enabled - (Control IDs: 164.312(b))

Given Reason: AWS Elastic Beanstalk enhanced health reporting enables a more rapid response to changes in the health of the underlying infrastructure. These changes could result in a lack of availability of the application. Elastic Beanstalk enhanced health reporting provides a status descriptor to gauge the severity of the identified issues and identify possible causes to investigate.

Acceptance Criteria

If the rule can be implemented

Given a CDK app with a non-compliant resource

• When HIPAA Security Pack is enabled
• Then the CDK stack does not deploy and the user receives an ERROR with relevant Control ID information about the non compliant resource

Given a CDK app with a compliant resource

• When HIPAA Security Pack is enabled
• Then the CDK stack deploys and the user does not receive an ERROR about the compliant resource

Given the cdk-nag RULES file

• When the HIPAA.Security-ElasticBeanstalkEnhancedHealthReportingEnabled rule is added to the rule pack
• Then the HIPAA Security Errors section is updated with the rule information

If the rule cannot be implemented

Given the cdk-nag RULES file

• When the beanstalk-enhanced-health-reporting-enabled check is not added to the rule pack
• Then the HIPAA Security Excluded Rules section is updated with the check information