From d373b2805adbaf892e48a655f902e5ffe7188afb Mon Sep 17 00:00:00 2001 From: Jim Thario Date: Thu, 4 Mar 2021 09:31:02 -0800 Subject: [PATCH] Fix cfn-nag violations #204 --- .../build/msam-iam-roles-release.template | 41 +++++++++++++++---- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/source/msam/build/msam-iam-roles-release.template b/source/msam/build/msam-iam-roles-release.template index a0c34958..6b547ff0 100644 --- a/source/msam/build/msam-iam-roles-release.template +++ b/source/msam/build/msam-iam-roles-release.template @@ -219,9 +219,14 @@ "Metadata": { "cfn_nag": { "rules_to_suppress": [{ - "id": "W11", - "reason": "This role is used by a scanner requiring access to all resources within these services." - }] + "id": "W11", + "reason": "This role is used by a scanner requiring access to all resources within these services." + }, + { + "id": "W76", + "reason": "This role is used by a scanner requiring access to all resources within these services." + } + ] } } }, @@ -305,9 +310,18 @@ "Metadata": { "cfn_nag": { "rules_to_suppress": [{ - "id": "W12", - "reason": "Resource ARNs are not known in advance." - }] + "id": "W12", + "reason": "Resource ARNs are not known in advance." + }, + { + "id": "F39", + "reason": "Resource ARNs are not known in advance." + }, + { + "id": "F4", + "reason": "This policy is used by compartmentalized teams to install the solution." + } + ] } } }, @@ -340,9 +354,18 @@ "Metadata": { "cfn_nag": { "rules_to_suppress": [{ - "id": "W13", - "reason": "Resource ARNs are not known in advance." - }] + "id": "W13", + "reason": "Resource ARNs are not known in advance." + }, + { + "id": "F5", + "reason": "This policy is used by compartmentalized teams to install the solution." + }, + { + "id": "F39", + "reason": "This policy is used by compartmentalized teams to install the solution." + } + ] } } }