Skip to content

Commit c2e5a14

Browse files
author
Daniel Lorch
committed
chore: add reasoning for cfn_nag
1 parent b05827c commit c2e5a14

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

plugins/dynamic-few-shot-lambda/template.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -127,14 +127,14 @@ Resources:
127127
cfn_nag:
128128
rules_to_suppress:
129129
- id: W89
130-
reason: "Demo function - does not require VPC access"
130+
reason: "Function does not require VPC access as it only interacts with AWS services via APIs"
131131
- id: W92
132-
reason: "Demo function - does not require reserved concurrency as it scales based on demand"
132+
reason: "Function does not require reserved concurrency as it scales based on demand"
133133
- id: W58
134-
reason: "Demo function - DLQ not required"
134+
reason: "Function does not require DLQ as processing and retries are handled by the IDP framework"
135135
- id: W11
136-
reason: "Demo function - allow * resource on its permissions policy"
137-
# checkov:skip=CKV_AWS_116: "DLQ not required for AppSync resolver function as GraphQL handles retries"
136+
reason: "Allow * resource on its permissions policy for CloudWatch metrics"
137+
# checkov:skip=CKV_AWS_116: "Function does not require DLQ"
138138
# checkov:skip=CKV_AWS_117: "Function does not require VPC access as it only interacts with AWS services via APIs"
139139
# checkov:skip=CKV_AWS_115: "Function does not require reserved concurrency as it scales based on demand"
140140
# checkov:skip=CKV_AWS_173: "Environment variables do not contain sensitive data - only configuration values like feature flags and non-sensitive settings"

0 commit comments

Comments
 (0)