Skip to content

IDP Blueprint: Four Factor Secure Web App #15717

New issue
New issue
Open
Enhancement
#15802
Open
IDP Blueprint: Four Factor Secure Web App#15717
Enhancement
#15802
Assignees
thoward
Labels
area/docsImprovements or additions to documentationkind/enhancementImprovements or new features
@thoward

Description

@thoward
thoward
opened on Aug 12, 2025

Overview

Create documentation and implementation for the Four Factor Secure Web App IDP Blueprint.

Use Case: Enable product teams to quickly deploy secure, compliant web applications with minimal configuration.

Blueprint Components

This blueprint consists of four key components that work together:

Component: WebAppComponent

  • Provisions AWS ECS service behind a load balancer
  • Automatic TLS via ACM
  • Logging via CloudWatch
  • IAM roles configured for least privilege

Template: secure-webapp

  • Uses the WebAppComponent
  • Parameterized by app name, domain, and container image
  • Provides simple developer interface

Policy Pack: Secure Web App Policies

  • Enforces TLS usage for all web apps
  • Requires approved base images only
  • Prevents exposure of public S3 buckets
  • Other security best practices

Environment: Secure Web App Environment

  • Contains secrets like TLS cert ARNs
  • Logging destinations configuration
  • Production database credentials
  • Other environment-specific config

Implementation Tasks

Code Development

  • Create WebAppComponent in all supported Pulumi languages (TypeScript, Python, Go, C#, Java, YAML)
  • Create secure-webapp template for each language
  • Implement Policy Pack with required security rules
  • Create ESC environment configuration template
  • Write comprehensive tests for all components
  • Validate cross-language compatibility

Documentation Tasks

  • Create main blueprint page at /content/docs/idp/best-practices/blueprints/secure-web-app.md
  • Write integration guide for platform teams
  • Create user documentation for developers
  • Add code examples for all supported languages
  • Document configuration options and customization points
  • Create troubleshooting section

Integration Tasks

  • Add blueprint to landing page links
  • Cross-reference from relevant IDP documentation
  • Link to from security best practices where appropriate
  • Update any relevant tutorial or getting started content

Content Structure

The documentation should follow this structure:

  1. Overview & Use Case
  2. Architecture Diagram
  3. Component Details
  4. Getting Started
    • Prerequisites
    • Installation steps
    • First deployment
  5. Configuration Reference
  6. Customization Guide
  7. Security Considerations
  8. Troubleshooting
  9. Related Resources

Acceptance Criteria

  • All four IDP building blocks implemented and tested
  • Code available in all supported Pulumi languages
  • Comprehensive documentation following style guide
  • Working examples that can be deployed
  • Integration tests pass
  • Security review completed for policy pack
  • Cross-links added to relevant existing documentation

Expected Result: Developers can spin up secure, compliant web apps in minutes with one command, without needing to know about IAM, networking, or certificate management.

Related to parent issue #15661

Metadata

Metadata

Assignees

Labels

area/docsImprovements or additions to documentationkind/enhancementImprovements or new features

Type

Enhancement

Projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions