Architectural analysis and security audits for Choreo.Infrastructure.
Provides automated audits for common cloud infrastructure configurations:
- Flagging direct internet connections to resources inside private subnets.
- Ensuring managed databases (
:managed_db) and storage are isolated inside private subnets. - Ensuring load balancers (
:load_balancer) are placed within public subnets. - Detecting compute nodes without subnet assignments.
Summary
Functions
Runs analysis checks on the topology and returns a list of {severity, message} tuples.
Functions
@spec validate(Choreo.Infrastructure.t()) :: [{:error | :warning, String.t()}]
Runs analysis checks on the topology and returns a list of {severity, message} tuples.
Examples
iex> infra = Choreo.Infrastructure.new()
iex> infra = infra
...> |> Choreo.Infrastructure.add_internet(:gateway)
...> |> Choreo.Infrastructure.add_subnet_private("subnet_app")
...> |> Choreo.Infrastructure.add_compute(:api, cluster: "subnet_app")
...> |> Choreo.Infrastructure.connect(:gateway, :api)
iex> Choreo.Infrastructure.Analysis.validate(infra)
[{:error, "Private resource 'api' is connected directly to public internet boundary 'gateway'."}]