import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Distribution {
    /**
     * Checks that any CloudFront distributions have access logging configured.
     *
     * @severity medium
     * @frameworks hitrust, iso27001, pcidss
     * @topics logging, network
     * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
     */
    const configureAccessLogging: ResourceValidationPolicy;
    /**
     * Checks that CloudFront distributions uses secure/modern TLS encryption.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, network
     * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html
     */
    const configureSecureTls: ResourceValidationPolicy;
    /**
     * Checks that CloudFront distributions communicate with custom origins using TLS 1.2 encryption only.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, network
     * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html
     */
    const configureSecureTlsToOrigin: ResourceValidationPolicy;
    /**
     * Checks that CloudFront distributions have a WAF ACL associated.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics network
     * @link https://docs.aws.amazon.com/waf/latest/developerguide/cloudfront-features.html
     */
    const configureWafAcl: ResourceValidationPolicy;
    /**
     * Checks that CloudFront distributions only allow encypted ingress traffic.
     *
     * @severity critical
     * @frameworks hitrust, iso27001, pcidss
     * @topics network
     * @link https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
     */
    const disallowUnencryptedTraffic: ResourceValidationPolicy;
    /**
     * Checks that any CloudFront distributions have access logging enabled.
     *
     * @severity medium
     * @frameworks hitrust, iso27001, pcidss
     * @topics logging, network
     * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
     */
    const enableAccessLogging: ResourceValidationPolicy;
    /**
     * Checks that CloudFront distributions communicate with custom origins using TLS encryption.
     *
     * @severity critical
     * @frameworks hitrust, iso27001, pcidss
     * @topics encryption, network
     * @link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-s3-origin.html
     */
    const enableTlsToOrigin: ResourceValidationPolicy;
}
export { Distribution };
