From fee442402168b4c4699399b872581f168fd1652d Mon Sep 17 00:00:00 2001 From: rtdurga Date: Wed, 31 Jul 2024 17:30:16 +0530 Subject: [PATCH] fixed mypy validation errors --- .../sagemaker/sagemaker-groundtruth/app.py | 52 +++++++++---------- .../sagemaker-groundtruth/lib/stacks/init.py | 14 ++--- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/modules/sagemaker/sagemaker-groundtruth/app.py b/modules/sagemaker/sagemaker-groundtruth/app.py index 182676d0..58d347ad 100644 --- a/modules/sagemaker/sagemaker-groundtruth/app.py +++ b/modules/sagemaker/sagemaker-groundtruth/app.py @@ -5,7 +5,7 @@ Stack, ) from constructs import Construct -from cdk_nag import NagSuppressions +from cdk_nag import NagSuppressions, NagPackSuppression from cdk_nag import AwsSolutionsChecks from lib.stacks.init import LabelingInitStack as InitStack from lib.stacks.labeling_pipeline import LabelingPipelineStack @@ -70,32 +70,32 @@ def to_dict(self) -> dict[str, Any]: def add_security_checks(app: cdk.App, stacks: list[Stack]) -> None: + suppressions = [ + NagPackSuppression( + id="AwsSolutions-IAM4", + reason="Suppress disallowed use of managed policies for increased simplicity as this is a sample. Scope down in production!", + ), + NagPackSuppression( + id="AwsSolutions-IAM5", + reason="Suppress disallowed use of wildcards in IAM policies for increased simplicity as this is a sample. Scope down in production!", + ), + NagPackSuppression( + id="AwsSolutions-L1", + reason="Using fixed python version for lambda functions as sample needs to be stable", + ), + NagPackSuppression( + id="AwsSolutions-CB3", + reason="Suppress warning for use of privileged mode for codebuild, as this is required for docker image build", + ), + NagPackSuppression( + id="AwsSolutions-CB4", + reason="Suppress required use of KMS for CodeBuild as it incurs additional cost. Consider using KMS for Codebuild in production", + ), + ] + for stack in stacks: - NagSuppressions.add_stack_suppressions( - stack, - [ - { - "id": "AwsSolutions-IAM4", - "reason": "Suppress disallowed use of managed policies for increased simplicity as this is a sample. Scope down in production!", - }, - { - "id": "AwsSolutions-IAM5", - "reason": "Suppress disallowed use of wildcards in IAM policies for increased simplicity as this is a sample. Scope down in production!", - }, - { - "id": "AwsSolutions-L1", - "reason": "Using fixed python version for lambda functions as sample needs to be stable", - }, - { - "id": "AwsSolutions-CB3", - "reason": "Suppress warning for use of privileged mode for codebuild, as this is required for docker image build", - }, - { - "id": "AwsSolutions-CB4", - "reason": "Suppress required use of KMS for CodeBuild as it incurs additional cost. Consider using KMS for Codebuild in production", - }, - ], - ) + NagSuppressions.add_stack_suppressions(stack, suppressions) + AwsSolutionsChecks(verbose=True) diff --git a/modules/sagemaker/sagemaker-groundtruth/lib/stacks/init.py b/modules/sagemaker/sagemaker-groundtruth/lib/stacks/init.py index d16c3479..1104267f 100644 --- a/modules/sagemaker/sagemaker-groundtruth/lib/stacks/init.py +++ b/modules/sagemaker/sagemaker-groundtruth/lib/stacks/init.py @@ -27,7 +27,7 @@ from aws_cdk.aws_lambda import Architecture from constructs import Construct import os -from cdk_nag import NagSuppressions +from cdk_nag import NagSuppressions, NagPackSuppression class LabelingInitStack(Stack): @@ -127,14 +127,14 @@ def create_assets_bucket(self) -> s3.Bucket: encryption=s3.BucketEncryption.S3_MANAGED, ) + suppression = NagPackSuppression( + id="AwsSolutions-S1", + reason="Artifact Bucket does not need access logs enabled for sample", + ) + NagSuppressions.add_resource_suppressions( data_bucket, - [ - { - "id": "AwsSolutions-S1", - "reason": "Artifact Bucket does not need access logs enabled for sample", - } - ], + [suppression], ) # Bucket policy to deny access to HTTP requests