import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Instance {
    /**
     * Checks that EC2 instances do not have a public IP address.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics network
     * @link none
     */
    const disallowPublicIp: ResourceValidationPolicy;
    /**
     * Checks that EC2 instances do not have unencrypted block devices.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
     */
    const disallowUnencryptedBlockDevice: ResourceValidationPolicy;
    /**
     * Checks that EC2 instances does not have unencrypted root volumes.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html
     */
    const disallowUnencryptedRootBlockDevice: ResourceValidationPolicy;
}
export { Instance };
declare namespace LaunchConfiguration {
    /**
     * Checks that EC2 Launch Configurations do not have a public IP address.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics network
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
     */
    const disallowPublicIp: ResourceValidationPolicy;
    /**
     * Checks that EC2 Launch Configurations do not have unencrypted block devices.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
     */
    const disallowUnencryptedBlockDevice: ResourceValidationPolicy;
    /**
     * Checks that EC2 launch configuration do not have unencrypted root block device.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html
     */
    const disallowUnencryptedRootBlockDevice: ResourceValidationPolicy;
}
export { LaunchConfiguration };
declare namespace LaunchTemplate {
    /**
     * Check that encrypted EBS volume uses a customer-managed KMS key.
     *
     * @severity low
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
     */
    const configureCustomerManagedKey: ResourceValidationPolicy;
    /**
     * Checks that EC2 Launch Templates do not have public IP addresses.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics network
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
     */
    const disallowPublicIp: ResourceValidationPolicy;
    /**
     * Checks that EC2 Launch Templates do not have unencrypted block device.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, storage
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
     */
    const disallowUnencryptedBlockDevice: ResourceValidationPolicy;
}
export { LaunchTemplate };
declare namespace SecurityGroup {
    /**
     * Check that EC2 Security Groups do not allow inbound HTTP traffic.
     *
     * @severity critical
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, network
     * @link https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
     */
    const disallowInboundHttpTraffic: ResourceValidationPolicy;
    /**
     * Check that EC2 Security Groups do not allow ingress traffic from the Internet.
     *
     * @severity critical
     * @frameworks hitrust, iso27001, pcidss
     * @topics network
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
     */
    const disallowPublicInternetIngress: ResourceValidationPolicy;
    /**
     * Checks that all security groups have a description.
     *
     * @severity low
     * @frameworks none
     * @topics documentation
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html
     */
    const missingDescription: ResourceValidationPolicy;
    /**
     * Checks that all Egress Security Groups rules have a description.
     *
     * @severity low
     * @frameworks none
     * @topics documentation
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html
     */
    const missingEgressRuleDescription: ResourceValidationPolicy;
    /**
     * Checks that all Ingress Security Groups rules have a description.
     *
     * @severity low
     * @frameworks none
     * @topics documentation
     * @link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html
     */
    const missingIngressRuleDescription: ResourceValidationPolicy;
}
export { SecurityGroup };
