[Enhancement] Ability to integrate with the AWS CDK validate phase

[0xjjoyy]

Is your feature request related to a problem? Please describe. I would like to validate my CloudFormation against my defined CloudFormation Guard checks before synthesizing when using the AWS CDK.

Describe the solution you'd like Ability for CloudFormation Guard to integrate into the AWS CDK validate phase in the lifecycle. Synth should halt if validation fails. The validation should return CloudFormation Guard's messages.

Describe alternatives you've considered

Additional context

[smaud]

I've just been trying to run cfn-guard cli to test the cloudformation generated by CDK and it is failing so the integration between these tools is important.

[neilkuan]

Now I use this way to check cdk.out/*template.json.

for i in `ls cdk.out/*template.json`;do cfn-guard validate  -r [some_rules].rules -o yaml --data $i ";done

more see this repo

[smaud]

@neilkuan bit of a hack but yeah you could do that. Should somehow be integrated into CDK rather than ls cdk.out

[neilkuan]

yes @smaud . you are right . Use this way, before cfn-guard native support it. lol

[alexpulver]

There is https://aws.amazon.com/blogs/mt/accelerating-development-with-aws-cdk-plugin-cfnguardvalidator/ now, seems that it does the above.

[joshfried-aws]

Hi @0xjjoyy I am going to close this out now since https://github.com/cdklabs/cdk-validator-cfnguard exists.

Feel free to reopen if necessary