in source/resources/lib/utils.ts [62:92]
export function applyCfnNagSuppressRules(
resource: CfnResource,
suppressions: CfnNagSuppression[]
) {
let rules = [];
if (suppressions instanceof Array)
for (const suppression of suppressions) {
rules.push({ id: suppression.id, reason: suppression.reason });
}
if (resource.cfnOptions.metadata?.cfn_nag) {
// If the CfnResource already contains some suppressions, we don't want to erase them.
const existingRules =
resource.cfnOptions.metadata.cfn_nag.rules_to_suppress;
rules = [...existingRules, ...rules];
}
// It's possible that multiple constructs try to add the same suppression.
// We only keep one occurrence (last) of each.
// Based on https://stackoverflow.com/a/56768137
const uniqueRules = [
...new Map(rules.map((rule) => [rule.id, rule])).values(),
];
resource.cfnOptions.metadata = {
cfn_nag: {
rules_to_suppress: uniqueRules,
},
};
}