# API Reference ## Structs ### NagPackProps Interface for creating a NagPack. #### Initializer ```typescript import { NagPackProps } from 'cdk-nag' const nagPackProps: NagPackProps = { ... } ``` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | verbose | boolean | Whether or not to enable extended explanatory descriptions on warning, error, and logged ignore messages (default: false). | | writeSuppressionsToCloudFormation | boolean | Whether to write acknowledged rules into CfnResource CloudFormation Metadata as `cdk_nag: { rules_to_suppress: [...] }` for backwards compatibility with v2 audit trail tooling (default: false). | --- ##### `verbose`Optional ```typescript public readonly verbose: boolean; ``` - *Type:* boolean Whether or not to enable extended explanatory descriptions on warning, error, and logged ignore messages (default: false). --- ##### `writeSuppressionsToCloudFormation`Optional ```typescript public readonly writeSuppressionsToCloudFormation: boolean; ``` - *Type:* boolean Whether to write acknowledged rules into CfnResource CloudFormation Metadata as `cdk_nag: { rules_to_suppress: [...] }` for backwards compatibility with v2 audit trail tooling (default: false). --- ### NagReportLine A single line in a NagReport. #### Initializer ```typescript import { NagReportLine } from 'cdk-nag' const nagReportLine: NagReportLine = { ... } ``` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | compliance | string | *No description.* | | resourceId | string | *No description.* | | ruleId | string | *No description.* | | ruleInfo | string | *No description.* | | ruleLevel | string | *No description.* | --- ##### `compliance`Required ```typescript public readonly compliance: string; ``` - *Type:* string --- ##### `resourceId`Required ```typescript public readonly resourceId: string; ``` - *Type:* string --- ##### `ruleId`Required ```typescript public readonly ruleId: string; ``` - *Type:* string --- ##### `ruleInfo`Required ```typescript public readonly ruleInfo: string; ``` - *Type:* string --- ##### `ruleLevel`Required ```typescript public readonly ruleLevel: string; ``` - *Type:* string --- ### NagReportSchema Schema for the NagReport output. #### Initializer ```typescript import { NagReportSchema } from 'cdk-nag' const nagReportSchema: NagReportSchema = { ... } ``` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | lines | NagReportLine[] | *No description.* | --- ##### `lines`Required ```typescript public readonly lines: NagReportLine[]; ``` - *Type:* NagReportLine[] --- ## Classes ### AwsSolutionsChecks Check Best practices based on AWS Solutions Security Matrix. #### Initializers ```typescript import { AwsSolutionsChecks } from 'cdk-nag' new AwsSolutionsChecks(scope?: IConstruct, props?: NagPackProps) ``` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.IConstruct | *No description.* | | props | NagPackProps | *No description.* | --- ##### `scope`Optional - *Type:* constructs.IConstruct --- ##### `props`Optional - *Type:* NagPackProps --- #### Methods | **Name** | **Description** | | --- | --- | | validate | Entry point called by the CDK validation framework. | | validateScope | Validate a construct tree directly. | --- ##### `validate` ```typescript public validate(context: IPolicyValidationContext): PolicyValidationPluginReport ``` Entry point called by the CDK validation framework. Requires `appConstruct` to be present on the context (CDK core change). For testing or direct invocation, use `validateScope(scope)`. ###### `context`Required - *Type:* aws-cdk-lib.IPolicyValidationContext --- ##### `validateScope` ```typescript public validateScope(scope: IConstruct): PolicyValidationPluginReport ``` Validate a construct tree directly. This is the primary entry point for testing and for CDK versions that do not yet provide `appConstruct` on `IPolicyValidationContext`. ###### `scope`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the plugin that will be displayed in the validation report. | | readPackName | string | *No description.* | | ruleIds | string[] | The list of rule IDs that the plugin will evaluate. | | version | string | The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. | --- ##### `name`Required ```typescript public readonly name: string; ``` - *Type:* string The name of the plugin that will be displayed in the validation report. --- ##### `readPackName`Required ```typescript public readonly readPackName: string; ``` - *Type:* string --- ##### `ruleIds`Optional ```typescript public readonly ruleIds: string[]; ``` - *Type:* string[] The list of rule IDs that the plugin will evaluate. Used for analytics purposes. --- ##### `version`Optional ```typescript public readonly version: string; ``` - *Type:* string The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. --- ### HIPAASecurityChecks Check for HIPAA Security compliance. Based on the HIPAA Security AWS operational best practices: https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-hipaa_security.html #### Initializers ```typescript import { HIPAASecurityChecks } from 'cdk-nag' new HIPAASecurityChecks(scope?: IConstruct, props?: NagPackProps) ``` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.IConstruct | *No description.* | | props | NagPackProps | *No description.* | --- ##### `scope`Optional - *Type:* constructs.IConstruct --- ##### `props`Optional - *Type:* NagPackProps --- #### Methods | **Name** | **Description** | | --- | --- | | validate | Entry point called by the CDK validation framework. | | validateScope | Validate a construct tree directly. | --- ##### `validate` ```typescript public validate(context: IPolicyValidationContext): PolicyValidationPluginReport ``` Entry point called by the CDK validation framework. Requires `appConstruct` to be present on the context (CDK core change). For testing or direct invocation, use `validateScope(scope)`. ###### `context`Required - *Type:* aws-cdk-lib.IPolicyValidationContext --- ##### `validateScope` ```typescript public validateScope(scope: IConstruct): PolicyValidationPluginReport ``` Validate a construct tree directly. This is the primary entry point for testing and for CDK versions that do not yet provide `appConstruct` on `IPolicyValidationContext`. ###### `scope`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the plugin that will be displayed in the validation report. | | readPackName | string | *No description.* | | ruleIds | string[] | The list of rule IDs that the plugin will evaluate. | | version | string | The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. | --- ##### `name`Required ```typescript public readonly name: string; ``` - *Type:* string The name of the plugin that will be displayed in the validation report. --- ##### `readPackName`Required ```typescript public readonly readPackName: string; ``` - *Type:* string --- ##### `ruleIds`Optional ```typescript public readonly ruleIds: string[]; ``` - *Type:* string[] The list of rule IDs that the plugin will evaluate. Used for analytics purposes. --- ##### `version`Optional ```typescript public readonly version: string; ``` - *Type:* string The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. --- ### NagPack - *Implements:* aws-cdk-lib.IPolicyValidationPlugin Base class for all rule packs. Implements IPolicyValidationPlugin so that packs are registered via `Validations.of(app).addPlugins(new MyPack(app))` instead of `Aspects.of(app).add(...)`. #### Initializers ```typescript import { NagPack } from 'cdk-nag' new NagPack(scope?: IConstruct, props?: NagPackProps) ``` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.IConstruct | *No description.* | | props | NagPackProps | *No description.* | --- ##### `scope`Optional - *Type:* constructs.IConstruct --- ##### `props`Optional - *Type:* NagPackProps --- #### Methods | **Name** | **Description** | | --- | --- | | validate | Entry point called by the CDK validation framework. | | validateScope | Validate a construct tree directly. | --- ##### `validate` ```typescript public validate(context: IPolicyValidationContext): PolicyValidationPluginReport ``` Entry point called by the CDK validation framework. Requires `appConstruct` to be present on the context (CDK core change). For testing or direct invocation, use `validateScope(scope)`. ###### `context`Required - *Type:* aws-cdk-lib.IPolicyValidationContext --- ##### `validateScope` ```typescript public validateScope(scope: IConstruct): PolicyValidationPluginReport ``` Validate a construct tree directly. This is the primary entry point for testing and for CDK versions that do not yet provide `appConstruct` on `IPolicyValidationContext`. ###### `scope`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the plugin that will be displayed in the validation report. | | readPackName | string | *No description.* | | ruleIds | string[] | The list of rule IDs that the plugin will evaluate. | | version | string | The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. | --- ##### `name`Required ```typescript public readonly name: string; ``` - *Type:* string The name of the plugin that will be displayed in the validation report. --- ##### `readPackName`Required ```typescript public readonly readPackName: string; ``` - *Type:* string --- ##### `ruleIds`Optional ```typescript public readonly ruleIds: string[]; ``` - *Type:* string[] The list of rule IDs that the plugin will evaluate. Used for analytics purposes. --- ##### `version`Optional ```typescript public readonly version: string; ``` - *Type:* string The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. --- ### NagRules Helper class with methods for rule creation. #### Initializers ```typescript import { NagRules } from 'cdk-nag' new NagRules() ``` | **Name** | **Type** | **Description** | | --- | --- | --- | --- #### Static Functions | **Name** | **Description** | | --- | --- | | resolveIfPrimitive | Use in cases where a primitive value must be known to pass a rule. | | resolveResourceFromInstrinsic | *No description.* | | resolveResourceFromIntrinsic | Use in cases where a token resolves to an intrinsic function and the referenced resource must be known to pass a rule. | --- ##### `resolveIfPrimitive` ```typescript import { NagRules } from 'cdk-nag' NagRules.resolveIfPrimitive(node: CfnResource, parameter: any) ``` Use in cases where a primitive value must be known to pass a rule. https://developer.mozilla.org/en-US/docs/Glossary/Primitive ###### `node`Required - *Type:* aws-cdk-lib.CfnResource The CfnResource to check. --- ###### `parameter`Required - *Type:* any The value to attempt to resolve. --- ##### ~~`resolveResourceFromInstrinsic`~~ ```typescript import { NagRules } from 'cdk-nag' NagRules.resolveResourceFromInstrinsic(node: CfnResource, parameter: any) ``` ###### `node`Required - *Type:* aws-cdk-lib.CfnResource The CfnResource to check. --- ###### `parameter`Required - *Type:* any The value to attempt to resolve. --- ##### `resolveResourceFromIntrinsic` ```typescript import { NagRules } from 'cdk-nag' NagRules.resolveResourceFromIntrinsic(node: CfnResource, parameter: any) ``` Use in cases where a token resolves to an intrinsic function and the referenced resource must be known to pass a rule. ###### `node`Required - *Type:* aws-cdk-lib.CfnResource The CfnResource to check. --- ###### `parameter`Required - *Type:* any The value to attempt to resolve. --- ### NIST80053R4Checks Check for NIST 800-53 rev 4 compliance. Based on the NIST 800-53 rev 4 AWS operational best practices: https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-800-53_rev_4.html #### Initializers ```typescript import { NIST80053R4Checks } from 'cdk-nag' new NIST80053R4Checks(scope?: IConstruct, props?: NagPackProps) ``` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.IConstruct | *No description.* | | props | NagPackProps | *No description.* | --- ##### `scope`Optional - *Type:* constructs.IConstruct --- ##### `props`Optional - *Type:* NagPackProps --- #### Methods | **Name** | **Description** | | --- | --- | | validate | Entry point called by the CDK validation framework. | | validateScope | Validate a construct tree directly. | --- ##### `validate` ```typescript public validate(context: IPolicyValidationContext): PolicyValidationPluginReport ``` Entry point called by the CDK validation framework. Requires `appConstruct` to be present on the context (CDK core change). For testing or direct invocation, use `validateScope(scope)`. ###### `context`Required - *Type:* aws-cdk-lib.IPolicyValidationContext --- ##### `validateScope` ```typescript public validateScope(scope: IConstruct): PolicyValidationPluginReport ``` Validate a construct tree directly. This is the primary entry point for testing and for CDK versions that do not yet provide `appConstruct` on `IPolicyValidationContext`. ###### `scope`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the plugin that will be displayed in the validation report. | | readPackName | string | *No description.* | | ruleIds | string[] | The list of rule IDs that the plugin will evaluate. | | version | string | The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. | --- ##### `name`Required ```typescript public readonly name: string; ``` - *Type:* string The name of the plugin that will be displayed in the validation report. --- ##### `readPackName`Required ```typescript public readonly readPackName: string; ``` - *Type:* string --- ##### `ruleIds`Optional ```typescript public readonly ruleIds: string[]; ``` - *Type:* string[] The list of rule IDs that the plugin will evaluate. Used for analytics purposes. --- ##### `version`Optional ```typescript public readonly version: string; ``` - *Type:* string The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. --- ### NIST80053R5Checks Check for NIST 800-53 rev 5 compliance. Based on the NIST 800-53 rev 5 AWS operational best practices: https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-800-53_rev_5.html #### Initializers ```typescript import { NIST80053R5Checks } from 'cdk-nag' new NIST80053R5Checks(scope?: IConstruct, props?: NagPackProps) ``` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.IConstruct | *No description.* | | props | NagPackProps | *No description.* | --- ##### `scope`Optional - *Type:* constructs.IConstruct --- ##### `props`Optional - *Type:* NagPackProps --- #### Methods | **Name** | **Description** | | --- | --- | | validate | Entry point called by the CDK validation framework. | | validateScope | Validate a construct tree directly. | --- ##### `validate` ```typescript public validate(context: IPolicyValidationContext): PolicyValidationPluginReport ``` Entry point called by the CDK validation framework. Requires `appConstruct` to be present on the context (CDK core change). For testing or direct invocation, use `validateScope(scope)`. ###### `context`Required - *Type:* aws-cdk-lib.IPolicyValidationContext --- ##### `validateScope` ```typescript public validateScope(scope: IConstruct): PolicyValidationPluginReport ``` Validate a construct tree directly. This is the primary entry point for testing and for CDK versions that do not yet provide `appConstruct` on `IPolicyValidationContext`. ###### `scope`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the plugin that will be displayed in the validation report. | | readPackName | string | *No description.* | | ruleIds | string[] | The list of rule IDs that the plugin will evaluate. | | version | string | The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. | --- ##### `name`Required ```typescript public readonly name: string; ``` - *Type:* string The name of the plugin that will be displayed in the validation report. --- ##### `readPackName`Required ```typescript public readonly readPackName: string; ``` - *Type:* string --- ##### `ruleIds`Optional ```typescript public readonly ruleIds: string[]; ``` - *Type:* string[] The list of rule IDs that the plugin will evaluate. Used for analytics purposes. --- ##### `version`Optional ```typescript public readonly version: string; ``` - *Type:* string The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. --- ### PCIDSS321Checks Check for PCI DSS 3.2.1 compliance. Based on the PCI DSS 3.2.1 AWS operational best practices: https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-pci-dss.html. #### Initializers ```typescript import { PCIDSS321Checks } from 'cdk-nag' new PCIDSS321Checks(scope?: IConstruct, props?: NagPackProps) ``` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.IConstruct | *No description.* | | props | NagPackProps | *No description.* | --- ##### `scope`Optional - *Type:* constructs.IConstruct --- ##### `props`Optional - *Type:* NagPackProps --- #### Methods | **Name** | **Description** | | --- | --- | | validate | Entry point called by the CDK validation framework. | | validateScope | Validate a construct tree directly. | --- ##### `validate` ```typescript public validate(context: IPolicyValidationContext): PolicyValidationPluginReport ``` Entry point called by the CDK validation framework. Requires `appConstruct` to be present on the context (CDK core change). For testing or direct invocation, use `validateScope(scope)`. ###### `context`Required - *Type:* aws-cdk-lib.IPolicyValidationContext --- ##### `validateScope` ```typescript public validateScope(scope: IConstruct): PolicyValidationPluginReport ``` Validate a construct tree directly. This is the primary entry point for testing and for CDK versions that do not yet provide `appConstruct` on `IPolicyValidationContext`. ###### `scope`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the plugin that will be displayed in the validation report. | | readPackName | string | *No description.* | | ruleIds | string[] | The list of rule IDs that the plugin will evaluate. | | version | string | The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. | --- ##### `name`Required ```typescript public readonly name: string; ``` - *Type:* string The name of the plugin that will be displayed in the validation report. --- ##### `readPackName`Required ```typescript public readonly readPackName: string; ``` - *Type:* string --- ##### `ruleIds`Optional ```typescript public readonly ruleIds: string[]; ``` - *Type:* string[] The list of rule IDs that the plugin will evaluate. Used for analytics purposes. --- ##### `version`Optional ```typescript public readonly version: string; ``` - *Type:* string The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. --- ### ServerlessChecks Serverless Checks are a compilation of rules to validate infrastructure-as-code template against recommended practices. #### Initializers ```typescript import { ServerlessChecks } from 'cdk-nag' new ServerlessChecks(scope?: IConstruct, props?: NagPackProps) ``` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.IConstruct | *No description.* | | props | NagPackProps | *No description.* | --- ##### `scope`Optional - *Type:* constructs.IConstruct --- ##### `props`Optional - *Type:* NagPackProps --- #### Methods | **Name** | **Description** | | --- | --- | | validate | Entry point called by the CDK validation framework. | | validateScope | Validate a construct tree directly. | --- ##### `validate` ```typescript public validate(context: IPolicyValidationContext): PolicyValidationPluginReport ``` Entry point called by the CDK validation framework. Requires `appConstruct` to be present on the context (CDK core change). For testing or direct invocation, use `validateScope(scope)`. ###### `context`Required - *Type:* aws-cdk-lib.IPolicyValidationContext --- ##### `validateScope` ```typescript public validateScope(scope: IConstruct): PolicyValidationPluginReport ``` Validate a construct tree directly. This is the primary entry point for testing and for CDK versions that do not yet provide `appConstruct` on `IPolicyValidationContext`. ###### `scope`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the plugin that will be displayed in the validation report. | | readPackName | string | *No description.* | | ruleIds | string[] | The list of rule IDs that the plugin will evaluate. | | version | string | The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. | --- ##### `name`Required ```typescript public readonly name: string; ``` - *Type:* string The name of the plugin that will be displayed in the validation report. --- ##### `readPackName`Required ```typescript public readonly readPackName: string; ``` - *Type:* string --- ##### `ruleIds`Optional ```typescript public readonly ruleIds: string[]; ``` - *Type:* string[] The list of rule IDs that the plugin will evaluate. Used for analytics purposes. --- ##### `version`Optional ```typescript public readonly version: string; ``` - *Type:* string The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as `0.0.0`. --- ### WriteNagSuppressionsToCloudFormationAspect - *Implements:* aws-cdk-lib.IAspect An IAspect that reads acknowledged rules from construct metadata and writes them into the CfnResource's CloudFormation Metadata for audit trail persistence in the synthesized template. Preserves the v2 `cdk_nag` metadata format. #### Initializers ```typescript import { WriteNagSuppressionsToCloudFormationAspect } from 'cdk-nag' new WriteNagSuppressionsToCloudFormationAspect() ``` | **Name** | **Type** | **Description** | | --- | --- | --- | --- #### Methods | **Name** | **Description** | | --- | --- | | visit | All aspects can visit an IConstruct. | --- ##### `visit` ```typescript public visit(node: IConstruct): void ``` All aspects can visit an IConstruct. ###### `node`Required - *Type:* constructs.IConstruct --- ## Protocols ### IApplyRule - *Implemented By:* IApplyRule Interface for JSII interoperability for passing parameters and the Rule Callback to. #### Methods | **Name** | **Description** | | --- | --- | | rule | The callback to the rule. | --- ##### `rule` ```typescript public rule(node: CfnResource): NagRuleCompliance | string[] ``` The callback to the rule. ###### `node`Required - *Type:* aws-cdk-lib.CfnResource The CfnResource to check. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | explanation | string | Why the rule exists. | | info | string | Why the rule was triggered. | | level | NagMessageLevel | The annotations message level to apply to the rule if triggered. | | node | aws-cdk-lib.CfnResource | The CfnResource to check. | | ruleSuffixOverride | string | Override for the suffix of the Rule ID for this rule. | --- ##### `explanation`Required ```typescript public readonly explanation: string; ``` - *Type:* string Why the rule exists. --- ##### `info`Required ```typescript public readonly info: string; ``` - *Type:* string Why the rule was triggered. --- ##### `level`Required ```typescript public readonly level: NagMessageLevel; ``` - *Type:* NagMessageLevel The annotations message level to apply to the rule if triggered. --- ##### `node`Required ```typescript public readonly node: CfnResource; ``` - *Type:* aws-cdk-lib.CfnResource The CfnResource to check. --- ##### `ruleSuffixOverride`Optional ```typescript public readonly ruleSuffixOverride: string; ``` - *Type:* string Override for the suffix of the Rule ID for this rule. --- ### INagValidationContext - *Extends:* aws-cdk-lib.IPolicyValidationContext - *Implemented By:* INagValidationContext Extended validation context that includes the construct tree. Requires CDK core change to populate `appConstruct` during plugin validation. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | templatePaths | string[] | The absolute path of all templates to be processed. | | appConstruct | constructs.IConstruct | *No description.* | --- ##### `templatePaths`Required ```typescript public readonly templatePaths: string[]; ``` - *Type:* string[] The absolute path of all templates to be processed. --- ##### `appConstruct`Required ```typescript public readonly appConstruct: IConstruct; ``` - *Type:* constructs.IConstruct --- ## Enums ### NagMessageLevel The severity level of the rule. #### Members | **Name** | **Description** | | --- | --- | | WARN | *No description.* | | ERROR | *No description.* | | INFO | *No description.* | --- ##### `WARN` --- ##### `ERROR` --- ##### `INFO` --- ### NagReportFormat Possible output formats of the NagReport. #### Members | **Name** | **Description** | | --- | --- | | CSV | *No description.* | | JSON | *No description.* | --- ##### `CSV` --- ##### `JSON` --- ### NagRuleCompliance The compliance level of a resource in relation to a rule. #### Members | **Name** | **Description** | | --- | --- | | COMPLIANT | *No description.* | | NON_COMPLIANT | *No description.* | | NOT_APPLICABLE | *No description.* | --- ##### `COMPLIANT` --- ##### `NON_COMPLIANT` --- ##### `NOT_APPLICABLE` --- ### NagRulePostValidationStates Additional states a rule can be in post compliance validation. #### Members | **Name** | **Description** | | --- | --- | | UNKNOWN | *No description.* | --- ##### `UNKNOWN` ---