From 4be4062ed8c953b1a56d680a59ae8c4550b5b991 Mon Sep 17 00:00:00 2001 From: Alexis Lucattini Date: Fri, 1 Nov 2024 20:37:23 +1100 Subject: [PATCH] Nag suppression should be on iam role --- .../part_2/cttso-v2-output-to-pieriandx-ready-event/index.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/workload/stateless/stacks/stacky-mcstackface/glue-constructs/nails/part_2/cttso-v2-output-to-pieriandx-ready-event/index.ts b/lib/workload/stateless/stacks/stacky-mcstackface/glue-constructs/nails/part_2/cttso-v2-output-to-pieriandx-ready-event/index.ts index 99c3888a3..193ff1d8b 100644 --- a/lib/workload/stateless/stacks/stacky-mcstackface/glue-constructs/nails/part_2/cttso-v2-output-to-pieriandx-ready-event/index.ts +++ b/lib/workload/stateless/stacks/stacky-mcstackface/glue-constructs/nails/part_2/cttso-v2-output-to-pieriandx-ready-event/index.ts @@ -15,6 +15,7 @@ import * as dynamodb from 'aws-cdk-lib/aws-dynamodb'; import path from 'path'; import { NagSuppressions } from 'cdk-nag'; import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; +import * as iam from 'aws-cdk-lib/aws-iam'; import * as ssm from 'aws-cdk-lib/aws-ssm'; import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager'; import * as events from 'aws-cdk-lib/aws-events'; @@ -163,7 +164,7 @@ export class Cttsov2CompleteToPieriandxConstruct extends Construct { Handle lambda permissions */ // FIXME - cannot get the 'current' version of an IFunction object - NagSuppressions.addResourceSuppressions(getDataFromRedCapPyLambdaObj, [ + NagSuppressions.addResourceSuppressions(getDataFromRedCapPyLambdaObj.role, [ { id: 'AwsSolutions-IAM5', reason: 'Cannot get latest version of redcap lambda function ($LATEST) will not work',