cdk-nag icon indicating copy to clipboard operation
cdk-nag copied to clipboard

Published 20 hours ago verified publisher icon cdklabs

feat: force a rule to never allow suppression

Open polothy opened this issue 1 year ago • 1 comments

Description

When deploying into a more restricted environment, we may have some rules that can never be suppressed. This way, cdk-nag could be used to preemptively block insecure infrastructure and it cannot be bypassed via suppressions.

Use Case

To prevent insecure infrastructure from being deployed in a CI/CD pipeline (before it reaches AWS/CloudFormation).

Proposed Solution

Add a flag to IApplyRule that prevents the rule from being suppressed. The default should be how it currently works so it doesn't break everyone.

Other information

No response

Acknowledge

  • [ ] I may be able to implement this feature request
  • [ ] This feature might incur a breaking change

polothy avatar Sep 13 '22 16:09 polothy

Seems like a good feature to have! Happy to take a PR

dontirun avatar Sep 13 '22 19:09 dontirun