private addOverrides()

in packages/constructs/L2/rds-constructs/lib/serverless-cluster.ts [317:370]

• 44 lines of code
• 11 McCabe index (conditional complexity)

  private addOverrides(cfnDbCluster: CfnDBCluster, suppressions: NagPackSuppression[]) {
    const _enableCloudwatchLogsExports: boolean =
      this.props.enableCloudwatchLogsExports != undefined ? this.props.enableCloudwatchLogsExports : true;

    // EnableCloudwatchLogsExports Override
    if (_enableCloudwatchLogsExports) {
      const dbEngineCwLogsExports: string[] =
        this.props.engine == 'aurora-mysql' ? ['audit', 'error', 'general', 'slowquery'] : ['postgresql'];

      cfnDbCluster.addPropertyOverride('EnableCloudwatchLogsExports', dbEngineCwLogsExports);

      // Add NAG suppressions for each log type
      const ruleIds: string[] = [
        'AwsSolutions-RDS16',
        'NIST.800.53.R5-RDSLoggingEnabled',
        'HIPAA.Security-RDSLoggingEnabled',
        'PCI.DSS.321-RDSLoggingEnabled',
      ];
      for (const ruleId of ruleIds) {
        dbEngineCwLogsExports.forEach(logType => {
          suppressions.push({
            id: ruleId,
            reason: `Remediated through property override. Log export for ${logType} is enabled.`,
            appliesTo: [`LogExport::${logType}`],
          });
        });
      }
    }
    const _enableIamDatabaseAuthentication: boolean =
      this.props.enableIamDatabaseAuthentication != undefined ? this.props.enableIamDatabaseAuthentication : true;

    // EnableIAMDatabaseAuthentication Override
    if (_enableIamDatabaseAuthentication) {
      cfnDbCluster.addPropertyOverride('EnableIAMDatabaseAuthentication', _enableIamDatabaseAuthentication);
      suppressions.push({ id: 'AwsSolutions-RDS6', reason: 'Remediated through property override.' });
    }
    // Override Aurora MySql
    if (this.props.engine == 'aurora-mysql') {
      const _backtrackWindowInSeconds: number =
        this.props.backtrackWindowInSeconds != undefined ? this.props.backtrackWindowInSeconds : 86400;
      // BacktrackWindow Override
      if (_backtrackWindowInSeconds) {
        cfnDbCluster.addPropertyOverride('BacktrackWindow', _backtrackWindowInSeconds);
        suppressions.push({
          id: 'AwsSolutions-RDS14',
          reason:
            'Remediated through property override. Currently, Backtrack is only supported for Aurora MySQL DB clusters',
        });
      }
    }
    // Port Override
    cfnDbCluster.addPropertyOverride('Port', this.props.port);
    suppressions.push({ id: 'AwsSolutions-RDS11', reason: 'Remediated through property override.' });
  }