cdk-nag
cdk-nag copied to clipboard
feat: force a rule to never allow suppression
Description
When deploying into a more restricted environment, we may have some rules that can never be suppressed. This way, cdk-nag could be used to preemptively block insecure infrastructure and it cannot be bypassed via suppressions.
Use Case
To prevent insecure infrastructure from being deployed in a CI/CD pipeline (before it reaches AWS/CloudFormation).
Proposed Solution
Add a flag to IApplyRule
that prevents the rule from being suppressed. The default should be how it currently works so it doesn't break everyone.
Other information
No response
Acknowledge
- [ ] I may be able to implement this feature request
- [ ] This feature might incur a breaking change
Seems like a good feature to have! Happy to take a PR