How to add Metadata to IAM Policy using AWS CDK?

Question

I'm need to add some Metadata into Cloudformation for a IAM Policy. How can I do this with CDK ?

I'm using the CDK to synth a cloudformation and I need to include a metadata to suppress cfn-nag (https://github.com/stelligent/cfn_nag) warnings.

I did the policy generation with the following statement:

const cfnCustomPolicy = new iam.CfnPolicy(scope,
    'cfnCustomPolicy', 
    {
        policyName: "CustomPolicy",                
        policyDocument: {
            Version: "2012-10-17",
            Statement: [
                {
                    Effect: "Allow",
                    Action: "apigateway:GET",
                    Resource: [
                        "arn:aws:apigateway:us-east-1::/restapis/*/stages/*/exports/*"
                    ]
                }
            ]
        }
    }
);

cfnCustomPolicy.cfnOptions.metadata = {
    cfn_nag: {
        rules_to_suppress: [
            {
                id: "W12",
                reason: "The lambda need access to export documents from any API"
            }
        ]
    }            
}

There is a better way to do this using CDK, without using the L1 interface ?

Yang Xiao · Answer 1 · 2020-04-04T01:41:10.700

Yes, that's the only way according to the documentation

https://docs.aws.amazon.com/cdk/latest/guide/cfn_layer.html

However, this doesn't mean you can only create the construct using CfnXXX, you could do this with CDK constructs

cfn_policy = self.policy.node.default_child
cfn_policy.cfn_options.metadata = {
        "cfn_nag": {
            "rules_to_suppress": [
                {"id": "W9"},
                {"id": "W2"}
            ]
        }
    }

I've tried node.add_metadata but apparently it only adds internal cdk metadata

How to add Metadata to IAM Policy using AWS CDK?

1 Answers1