Construct Overview

Opinionated implementation of the Layer 2 CDK Constructs for EC2.

Security/Compliance

Ec2 Instances

• Enforce Instance Name
• Require the use of a Customer Managed KMS encryption key on all block devices
• Enforce termination protection
• Enforce retention of block devices on instance termination
• Enforce use of IMDSv2
• Enforce detailed monitoring

SSH KeyPairs

• Enforce KeyPair Name
• Enforces storage of private key in Secrets Manager with access limited to specified principals