Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Set up CDK Nag #25

Merged
merged 17 commits into from
Mar 11, 2024
Merged

chore: Set up CDK Nag #25

merged 17 commits into from
Mar 11, 2024

Conversation

LeonLuttenberger
Copy link
Contributor

@LeonLuttenberger LeonLuttenberger commented Mar 7, 2024
edited
Loading

Describe your changes

  • Added CDK nag to modules that were missing CDK nag
  • In the modules that had CDK nag, I downscoped the suppressions to resource-level rather than stack-level
  • Modified unit tests so that we check for CDK nag violations when running the unit tests

Checklist before requesting a review

  • I updated CHANGELOG.MD with a description of my changes
  • If the change was to a module, I ran the code validation script (scripts/validate.sh)
  • If the change was to a module, I have added thorough tests
  • If the change was to a module, I have added/updated the module's README.md
  • If a module was added, I added a reference to the module to the repository's README.md
  • I verified that my code deploys successfully using seedfarmer apply

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@LeonLuttenberger LeonLuttenberger self-assigned this Mar 11, 2024
@LeonLuttenberger LeonLuttenberger marked this pull request as ready for review March 11, 2024 16:13
kukushking
kukushking reviewed Mar 11, 2024
View reviewed changes
modules/mlflow/mlflow-fargate/tests/test_stack.py


@pytest.mark.parametrize("use_rds", [False, True])
def test_no_cdk_nag_errors(stack: cdk.Stack, use_rds: bool) -> None:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this is great. CDK nag runs at synth, but we didn't have a way to capture those errors when PRs are raised unless we deploy the modules manually.

@kukushking kukushking merged commit ac5b229 into awslabs:main Mar 11, 2024
8 checks passed
@LeonLuttenberger LeonLuttenberger deleted the chore/cdk-nag branch March 11, 2024 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kukushking kukushking kukushking approved these changes

Assignees

@LeonLuttenberger LeonLuttenberger

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LeonLuttenberger @kukushking