Skip to content

Commit e4a6f01

Browse files
connoravo-nhsconnoravo-nhs
committed
Add required nag suppressions
Signed-off-by: Connor Avery <[email protected]>
1 parent 607ecc0 commit e4a6f01

File tree

1 file changed

+107
-0
lines changed

1 file changed

+107
-0
lines changed

packages/cdk/nagSuppressions.ts

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,113 @@ export const nagSuppressions = (stack: Stack) => {
135135
]
136136
)
137137

138+
safeAddNagSuppression(
139+
stack,
140+
"/VpcResourcesStack/vpc/ECRDockerEndpoint/SecurityGroup/Resource",
141+
[
142+
{
143+
id: "AwsSolutions-EC23",
144+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
145+
See https://github.com/cdklabs/cdk-nag/issues/817"
146+
}
147+
]
148+
)
149+
150+
safeAddNagSuppression(
151+
stack,
152+
"/VpcResourcesStack/vpc/ECREndpoint/SecurityGroup/Resource",
153+
[
154+
{
155+
id: "AwsSolutions-EC23",
156+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
157+
See https://github.com/cdklabs/cdk-nag/issues/817"
158+
}
159+
]
160+
)
161+
162+
safeAddNagSuppression(
163+
stack,
164+
"/VpcResourcesStack/vpc/SecretManagerEndpoint/SecurityGroup/Resource",
165+
[
166+
{
167+
id: "AwsSolutions-EC23",
168+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
169+
See https://github.com/cdklabs/cdk-nag/issues/817"
170+
}
171+
]
172+
)
173+
174+
safeAddNagSuppression(
175+
stack,
176+
"/VpcResourcesStack/vpc/CloudWatchEndpoint/SecurityGroup/Resource",
177+
[
178+
{
179+
id: "AwsSolutions-EC23",
180+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
181+
See https://github.com/cdklabs/cdk-nag/issues/817"
182+
}
183+
]
184+
)
185+
186+
safeAddNagSuppression(
187+
stack,
188+
"/VpcResourcesStack/vpc/CloudWatchLogsEndpoint/SecurityGroup/Resource",
189+
[
190+
{
191+
id: "AwsSolutions-EC23",
192+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
193+
See https://github.com/cdklabs/cdk-nag/issues/817"
194+
}
195+
]
196+
)
197+
198+
safeAddNagSuppression(
199+
stack,
200+
"/VpcResourcesStack/vpc/CloudWatchEventsEndpoint/SecurityGroup/Resource",
201+
[
202+
{
203+
id: "AwsSolutions-EC23",
204+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
205+
See https://github.com/cdklabs/cdk-nag/issues/817"
206+
}
207+
]
208+
)
209+
210+
safeAddNagSuppression(
211+
stack,
212+
"/VpcResourcesStack/vpc/SSMEndpoint/SecurityGroup/Resource",
213+
[
214+
{
215+
id: "AwsSolutions-EC23",
216+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
217+
See https://github.com/cdklabs/cdk-nag/issues/817"
218+
}
219+
]
220+
)
221+
222+
safeAddNagSuppression(
223+
stack,
224+
"/VpcResourcesStack/vpc/LambdaEndpoint/SecurityGroup/Resource",
225+
[
226+
{
227+
id: "AwsSolutions-EC23",
228+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
229+
See https://github.com/cdklabs/cdk-nag/issues/817"
230+
}
231+
]
232+
)
233+
234+
safeAddNagSuppression(
235+
stack,
236+
"/VpcResourcesStack/vpc/apiGatewayEndpoint/SecurityGroup/Resource",
237+
[
238+
{
239+
id: "AwsSolutions-EC23",
240+
reason: "Suppress error for lack of CDK validation of supplied open CIDR being that of VPC. This is fine here. \
241+
See https://github.com/cdklabs/cdk-nag/issues/817"
242+
}
243+
]
244+
)
138245
}
139246

140247
const safeAddNagSuppression = (stack: Stack, path: string, suppressions: Array<NagPackSuppression>) => {

0 commit comments

Comments
 (0)