UNPKG

cdk-nag

Version:

Check CDK v2 applications for best practices using a combination on available rule packs.

github.com/cdklabs/cdk-nag

cdklabs/cdk-nag

60 lines (59 loc) 2.17 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import { CfnResource } from 'aws-cdk-lib'; import { NagMessageLevel } from './nag-rules'; /** * Information about the NagRule and the relevant NagSuppression for the INagSuppressionIgnore * @param resource The resource the suppression is applied to. * @param reason The reason given for the suppression. * @param ruleId The id of the rule to ignore. * @param findingId The id of the finding that is being checked. * @param ruleLevel The severity level of the rule. */ export interface SuppressionIgnoreInput { readonly resource: CfnResource; readonly reason: string; readonly ruleId: string; readonly findingId: string; readonly ruleLevel: NagMessageLevel; } /** * Interface for creating NagSuppression Ignores */ export interface INagSuppressionIgnore { createMessage(input: SuppressionIgnoreInput): string; } /** * Ignore the suppression if all of the given INagSuppressionIgnore return a non-empty message */ export declare class SuppressionIgnoreAnd implements INagSuppressionIgnore { private andSuppressionIgnores; constructor(...SuppressionIgnoreAnds: INagSuppressionIgnore[]); createMessage(input: SuppressionIgnoreInput): string; } /** * Ignore the suppression if any of the given INagSuppressionIgnore return a non-empty message */ export declare class SuppressionIgnoreOr implements INagSuppressionIgnore { private SuppressionIgnoreOrs; constructor(...orSuppressionIgnores: INagSuppressionIgnore[]); createMessage(input: SuppressionIgnoreInput): string; } /** * Always ignore the suppression */ export declare class SuppressionIgnoreAlways implements INagSuppressionIgnore { private triggerMessage; constructor(triggerMessage: string); createMessage(_input: SuppressionIgnoreInput): string; } /** * Don't ignore the suppression */ export declare class SuppressionIgnoreNever implements INagSuppressionIgnore { createMessage(_input: SuppressionIgnoreInput): string; } /** * Ignore Suppressions for Rules with a NagMessageLevel.ERROR */ export declare class SuppressionIgnoreErrors implements INagSuppressionIgnore { createMessage(input: SuppressionIgnoreInput): string; }