Skip to content

Commit

Permalink
Nag suppression add resource suppressions after creation of Ora Conta…
Browse files Browse the repository at this point in the history 
…iner Image
  • Loading branch information
@alexiswl
alexiswl committed Nov 2, 2024
1 parent c467161 commit 79d54a4
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 18 deletions.
34 changes: 17 additions & 17 deletions lib/workload/components/ora-file-decompression-fq-pair-sfn/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,23 +59,6 @@ export class OraDecompressionConstruct extends Construct {
},
});

// FIXME - cdk nag error on fargate task definition role
// {
// "Action": "ecr:GetAuthorizationToken",
// "Effect": "Allow",
// "Resource": "*"
// },
NagSuppressions.addResourceSuppressions(
taskDefinition,
[
{
id: 'AwsSolutions-IAM5',
reason: 'Fargate has GetAuthorizationToken permission on all resources by default',
},
],
true
);

// Add permission to task role
const icav2SecretObj = secretsManager.Secret.fromSecretNameV2(
this,
Expand Down Expand Up @@ -119,6 +102,23 @@ export class OraDecompressionConstruct extends Construct {
// Allow step function to run the ECS task
taskDefinition.grantRun(this.sfnObject);

// FIXME - cdk nag error on fargate task definition role
// {
// "Action": "ecr:GetAuthorizationToken",
// "Effect": "Allow",
// "Resource": "*"
// },
NagSuppressions.addResourceSuppressions(
taskDefinition,
[
{
id: 'AwsSolutions-IAM5',
reason: 'Fargate has GetAuthorizationToken permission on all resources by default',
},
],
true
);

/* Grant the state machine access to monitor the tasks */
this.sfnObject.addToRolePolicy(
new iam.PolicyStatement({
Expand Down
1 change: 0 additions & 1 deletion lib/workload/stateless/stacks/ora-decompression-manager/deploy/index.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as ssm from 'aws-cdk-lib/aws-ssm';
import * as events from 'aws-cdk-lib/aws-events';
import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager';
import { OraDecompressionConstruct } from '../../../../components/ora-file-decompression-fq-pair-sfn';
Expand Down

0 comments on commit 79d54a4

Please sign in to comment.