aws-cdk-lib.IPolicyValidationPluginBeta1

interface IPolicyValidationPluginBeta1

LanguageType name
.NETAmazon.CDK.IPolicyValidationPluginBeta1
Gogithub.com/aws/aws-cdk-go/awscdk/v2#IPolicyValidationPluginBeta1
Javasoftware.amazon.awscdk.IPolicyValidationPluginBeta1
Pythonaws_cdk.IPolicyValidationPluginBeta1
TypeScript (source)aws-cdk-lib » IPolicyValidationPluginBeta1

Represents a validation plugin that will be executed during synthesis.

Example

/// fixture=validation-plugin
class MyPlugin implements IPolicyValidationPluginBeta1 {
  public readonly name = 'MyPlugin';

  public validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1 {
    // First read the templates using context.templatePaths...

    // ...then perform the validation, and then compose and return the report.
    // Using hard-coded values here for better clarity:
    return {
      success: false,
      violations: [{
        ruleName: 'CKV_AWS_117',
        description: 'Ensure that AWS Lambda function is configured inside a VPC',
        fix: 'https://docs.bridgecrew.io/docs/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1',
        violatingResources: [{
          resourceLogicalId: 'MyFunction3BAA72D1',
          templatePath: '/home/johndoe/myapp/cdk.out/MyService.template.json',
          locations: ['Properties/VpcConfig'],
        }],
      }],
    };
  }
}

Properties

NameTypeDescription
namestringThe name of the plugin that will be displayed in the validation report.
ruleIds?string[]The list of rule IDs that the plugin will evaluate.
version?stringThe version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as 0.0.0.

name

Type: string

The name of the plugin that will be displayed in the validation report.


ruleIds?

Type: string[] (optional, default: No rule is reported)

The list of rule IDs that the plugin will evaluate.

Used for analytics purposes.


version?

Type: string (optional)

The version of the plugin, following the Semantic Versioning specification (see https://semver.org/). This version is used for analytics purposes, to measure the usage of different plugins and different versions. The value of this property should be kept in sync with the actual version of the software package. If the version is not provided or is not a valid semantic version, it will be reported as 0.0.0.

Methods

NameDescription
validate(context)The method that will be called by the CDK framework to perform validations.

validate(context)

public validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1

Parameters

  • context IPolicyValidationContextBeta1

Returns

  • PolicyValidationPluginReportBeta1

The method that will be called by the CDK framework to perform validations.

This is where the plugin will evaluate the CloudFormation templates for compliance and report and violations