From 0226991a90bcc1e9d268a16e171320c1bfe3248a Mon Sep 17 00:00:00 2001 From: Syl Taylor <99395375+sylnkt@users.noreply.github.com> Date: Fri, 20 May 2022 11:49:13 +0100 Subject: [PATCH] Make suppression message more descriptive --- .../egress_backend/egress_backend_stack.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/components/egress_app_backend/egress_backend/egress_backend_stack.py b/src/components/egress_app_backend/egress_backend/egress_backend_stack.py index b891f0b9..62a2d60a 100644 --- a/src/components/egress_app_backend/egress_backend/egress_backend_stack.py +++ b/src/components/egress_app_backend/egress_backend/egress_backend_stack.py @@ -1516,12 +1516,24 @@ def __init__( ) NagSuppressions.add_resource_suppressions( egress_webapp_redeploy_lambda_policy, - [{"id": "AwsSolutions-IAM5", "reason": "Wilcard permissions are expected"}], + [ + { + "id": "AwsSolutions-IAM5", + "reason": "Policy is already restricted to a specific resource and usage of \ + wildcard inside the resource is allowed.", + } + ], True, ) NagSuppressions.add_resource_suppressions( egress_webapp_redeploy_lambda_role, - [{"id": "AwsSolutions-IAM5", "reason": "Wilcard permissions are expected"}], + [ + { + "id": "AwsSolutions-IAM5", + "reason": "Policy is already restricted to a specific resource and usage of \ + wildcard inside the resource is allowed.", + } + ], True, ) NagSuppressions.add_resource_suppressions( @@ -1551,7 +1563,7 @@ def __init__( [ { "id": "AwsSolutions-IAM5", - "reason": "Wilcard permissions are required for S3 notifications", + "reason": "Wildcard permissions are required for S3 notifications", } ], True,