API Reference

Constructs

PDKNagApp

Initializers

import software.aws.pdk.pdk_nag.PDKNagApp;

PDKNagApp.Builder.create()
//  .analyticsReporting(java.lang.Boolean)
//  .autoSynth(java.lang.Boolean)
//  .context(java.util.Map<java.lang.String, java.lang.Object>)
//  .defaultStackSynthesizer(IReusableStackSynthesizer)
//  .outdir(java.lang.String)
//  .policyValidationBeta1(java.util.List<IPolicyValidationPluginBeta1>)
//  .postCliContext(java.util.Map<java.lang.String, java.lang.Object>)
//  .stackTraces(java.lang.Boolean)
//  .treeMetadata(java.lang.Boolean)
//  .failOnError(java.lang.Boolean)
//  .failOnWarning(java.lang.Boolean)
//  .nagPacks(java.util.List<NagPack>)
    .build();

Name	Type	Description
`analyticsReporting`	`java.lang.Boolean`	Include runtime versioning information in the Stacks of this app.
`autoSynth`	`java.lang.Boolean`	Automatically call `synth()` before the program exits.
`context`	`java.util.Map`	Additional context values for the application.
`defaultStackSynthesizer`	`software.amazon.awscdk.IReusableStackSynthesizer`	The stack synthesizer to use by default for all Stacks in the App.
`outdir`	`java.lang.String`	The output directory into which to emit synthesized artifacts.
`policyValidationBeta1`	`java.util.List`	Validation plugins to run after synthesis.
`postCliContext`	`java.util.Map`	Additional context values for the application.
`stackTraces`	`java.lang.Boolean`	Include construct creation stack trace in the `aws:cdk:trace` metadata key of all constructs.
`treeMetadata`	`java.lang.Boolean`	Include construct tree metadata as part of the Cloud Assembly.
`failOnError`	`java.lang.Boolean`	Determines whether any errors encountered should trigger a test failure.
`failOnWarning`	`java.lang.Boolean`	Determines whether any warnings encountered should trigger a test failure.
`nagPacks`	`java.util.List`	Custom nag packs to execute.

`analyticsReporting`^Optional

Type: java.lang.Boolean
Default: Value of 'aws:cdk:version-reporting' context key

Include runtime versioning information in the Stacks of this app.

`autoSynth`^Optional

Type: java.lang.Boolean
Default: true if running via CDK CLI (CDK_OUTDIR is set), false otherwise

Automatically call synth() before the program exits.

If you set this, you don't have to call synth() explicitly. Note that this feature is only available for certain programming languages, and calling synth() is still recommended.

`context`^Optional

Type: java.util.Map
Default: no additional context

Additional context values for the application.

Context set by the CLI or the context key in cdk.json has precedence.

Context can be read from any construct using node.getContext(key).

`defaultStackSynthesizer`^Optional

Type: software.amazon.awscdk.IReusableStackSynthesizer
Default: A DefaultStackSynthesizer with default settings

The stack synthesizer to use by default for all Stacks in the App.

The Stack Synthesizer controls aspects of synthesis and deployment, like how assets are referenced and what IAM roles to use. For more information, see the README of the main CDK package.

`outdir`^Optional

Type: java.lang.String
Default: If this value is not set, considers the environment variable CDK_OUTDIR. If CDK_OUTDIR is not defined, uses a temp directory.

The output directory into which to emit synthesized artifacts.

You should never need to set this value. By default, the value you pass to the CLI's --output flag will be used, and if you change it to a different directory the CLI will fail to pick up the generated Cloud Assembly.

This property is intended for internal and testing use.

`policyValidationBeta1`^Optional

Type: java.util.List
Default: no validation plugins

Validation plugins to run after synthesis.

`postCliContext`^Optional

Type: java.util.Map
Default: no additional context

Additional context values for the application.

Context provided here has precedence over context set by:

The CLI via --context
The context key in cdk.json
The AppProps.context property

This property is recommended over the AppProps.context property since you can make final decision over which context value to take in your app.

Context can be read from any construct using node.getContext(key).

Example

// context from the CLI and from `cdk.json` are stored in the
// CDK_CONTEXT env variable
const cliContext = JSON.parse(process.env.CDK_CONTEXT!);

// determine whether to take the context passed in the CLI or not
const determineValue = process.env.PROD ? cliContext.SOMEKEY : 'my-prod-value';
new App({
  postCliContext: {
    SOMEKEY: determineValue,
  },
});

`stackTraces`^Optional

Type: java.lang.Boolean
Default: true stack traces are included unless aws:cdk:disable-stack-trace is set in the context.

Include construct creation stack trace in the aws:cdk:trace metadata key of all constructs.

`treeMetadata`^Optional

Type: java.lang.Boolean
Default: true

Include construct tree metadata as part of the Cloud Assembly.

`failOnError`^Optional

Type: java.lang.Boolean
Default: false

Determines whether any errors encountered should trigger a test failure.

`failOnWarning`^Optional

Type: java.lang.Boolean
Default: false

Determines whether any warnings encountered should trigger a test failure.

`nagPacks`^Optional

Type: java.util.List
Default: DEFAULT_NAG_PACKS

Custom nag packs to execute.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`synth`	Synthesize this stage into a cloud assembly.
`addExtendedNagResults`	No description.
`addNagResult`	No description.
`extendedNagResults`	Returns a list of ExtendedNagResult.
`nagResults`	Returns a list of NagResult.

`toString`

public java.lang.String toString()

Returns a string representation of this construct.

`synth`

public CloudAssembly synth()
public CloudAssembly synth(StageSynthesisOptions options)

Synthesize this stage into a cloud assembly.

Once an assembly has been synthesized, it cannot be modified. Subsequent calls will return the same assembly.

`options`^Optional

Type: software.amazon.awscdk.StageSynthesisOptions

`addExtendedNagResults`

public void addExtendedNagResults(ExtendedNagResult results)

`results`^Required

Type: ExtendedNagResult

`addNagResult`

public void addNagResult(NagResult result)

`result`^Required

Type: NagResult

`extendedNagResults`

public java.util.List<ExtendedNagResult> extendedNagResults()

Returns a list of ExtendedNagResult.

Note: app.synth() must be called before this to retrieve results.

`nagResults`

public java.util.List<NagResult> nagResults()

Returns a list of NagResult.

Note: app.synth() must be called before this to retrieve results.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isStage`	Test whether the given construct is a stage.
`of`	Return the stage this construct is contained with, if available.
`isApp`	Checks if an object is an instance of the `App` class.

`isConstruct`

import software.aws.pdk.pdk_nag.PDKNagApp;

PDKNagApp.isConstruct(java.lang.Object x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: java.lang.Object

Any object.

`isStage`

import software.aws.pdk.pdk_nag.PDKNagApp;

PDKNagApp.isStage(java.lang.Object x)

Test whether the given construct is a stage.

`x`^Required

Type: java.lang.Object

`of`

import software.aws.pdk.pdk_nag.PDKNagApp;

PDKNagApp.of(IConstruct construct)

Return the stage this construct is contained with, if available.

If called on a nested stage, returns its parent.

`construct`^Required

Type: software.constructs.IConstruct

`isApp`

import software.aws.pdk.pdk_nag.PDKNagApp;

PDKNagApp.isApp(java.lang.Object obj)

Checks if an object is an instance of the App class.

`obj`^Required

Type: java.lang.Object

The object to evaluate.

Properties

Name	Type	Description
`node`	`software.constructs.Node`	The tree node.
`artifactId`	`java.lang.String`	Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.
`assetOutdir`	`java.lang.String`	The cloud assembly asset output directory.
`outdir`	`java.lang.String`	The cloud assembly output directory.
`policyValidationBeta1`	`java.util.List`	Validation plugins to run during synthesis.
`stageName`	`java.lang.String`	The name of the stage.
`account`	`java.lang.String`	The default account for all resources defined within this stage.
`parentStage`	`software.amazon.awscdk.Stage`	The parent stage or `undefined` if this is the app.
`region`	`java.lang.String`	The default region for all resources defined within this stage.
`nagPacks`	`java.util.List`	No description.

`node`^Required

public Node getNode();

Type: software.constructs.Node

The tree node.

`artifactId`^Required

public java.lang.String getArtifactId();

Type: java.lang.String

Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.

Derived from the construct path.

`assetOutdir`^Required

public java.lang.String getAssetOutdir();

Type: java.lang.String

The cloud assembly asset output directory.

`outdir`^Required

public java.lang.String getOutdir();

Type: java.lang.String

The cloud assembly output directory.

`policyValidationBeta1`^Required

public java.util.List<IPolicyValidationPluginBeta1> getPolicyValidationBeta1();

Type: java.util.List
Default: no validation plugins are used

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

`stageName`^Required

public java.lang.String getStageName();

Type: java.lang.String

The name of the stage.

Based on names of the parent stages separated by hypens.

`account`^Optional

public java.lang.String getAccount();

Type: java.lang.String

The default account for all resources defined within this stage.

`parentStage`^Optional

public Stage getParentStage();

Type: software.amazon.awscdk.Stage

The parent stage or undefined if this is the app.

*

`region`^Optional

public java.lang.String getRegion();

Type: java.lang.String

The default region for all resources defined within this stage.

`nagPacks`^Required

public java.util.List<NagPack> getNagPacks();

Type: java.util.List

Structs

ExtendedNagResult

Represents the result of applying a CDK Nag rule to a resource.

Initializer

import software.aws.pdk.pdk_nag.ExtendedNagResult;

ExtendedNagResult.builder()
    .compliance(NagResultCompliance)
    .nagPackName(java.lang.String)
    .resource(CfnResource)
    .ruleExplanation(java.lang.String)
    .ruleId(java.lang.String)
    .ruleInfo(java.lang.String)
    .ruleLevel(NagMessageLevel)
    .ruleOriginalName(java.lang.String)
//  .errorMessage(java.lang.String)
//  .findingId(java.lang.String)
//  .suppressionReason(java.lang.String)
    .build();

Properties

Name	Type	Description
`compliance`	`NagResultCompliance`	Compliance status of the rule against the resource.
`nagPackName`	`java.lang.String`	The name of the nag pack this rule is from.
`resource`	`software.amazon.awscdk.CfnResource`	The resource the rule was applied to.
`ruleExplanation`	`java.lang.String`	Why the rule exists.
`ruleId`	`java.lang.String`	The ID of the rule in this nag pack.
`ruleInfo`	`java.lang.String`	Why the rule was triggered.
`ruleLevel`	`io.github.cdklabs.cdknag.NagMessageLevel`	The severity level of the rule.
`ruleOriginalName`	`java.lang.String`	The original name of the rule (regardless of nag pack).
`errorMessage`	`java.lang.String`	The error that was thrown, only set for error results.
`findingId`	`java.lang.String`	The finding that was checked, only set for non-compliant results.
`suppressionReason`	`java.lang.String`	The reason the rule was suppressed, if any.

`compliance`^Required

public NagResultCompliance getCompliance();

Type: NagResultCompliance

Compliance status of the rule against the resource.

`nagPackName`^Required

public java.lang.String getNagPackName();

Type: java.lang.String

The name of the nag pack this rule is from.

`resource`^Required

public CfnResource getResource();

Type: software.amazon.awscdk.CfnResource

The resource the rule was applied to.

`ruleExplanation`^Required

public java.lang.String getRuleExplanation();

Type: java.lang.String

Why the rule exists.

`ruleId`^Required

public java.lang.String getRuleId();

Type: java.lang.String

The ID of the rule in this nag pack.

`ruleInfo`^Required

public java.lang.String getRuleInfo();

Type: java.lang.String

Why the rule was triggered.

`ruleLevel`^Required

public NagMessageLevel getRuleLevel();

Type: io.github.cdklabs.cdknag.NagMessageLevel

The severity level of the rule.

`ruleOriginalName`^Required

public java.lang.String getRuleOriginalName();

Type: java.lang.String

The original name of the rule (regardless of nag pack).

`errorMessage`^Optional

public java.lang.String getErrorMessage();

Type: java.lang.String

The error that was thrown, only set for error results.

`findingId`^Optional

public java.lang.String getFindingId();

Type: java.lang.String

The finding that was checked, only set for non-compliant results.

`suppressionReason`^Optional

public java.lang.String getSuppressionReason();

Type: java.lang.String

The reason the rule was suppressed, if any.

Message

Message instance.

Initializer

import software.aws.pdk.pdk_nag.Message;

Message.builder()
    .messageDescription(java.lang.String)
    .messageType(java.lang.String)
    .build();

Properties

Name	Type	Description
`messageDescription`	`java.lang.String`	Message description.
`messageType`	`java.lang.String`	Message type as returned from cdk-nag.

`messageDescription`^Required

public java.lang.String getMessageDescription();

Type: java.lang.String

Message description.

`messageType`^Required

public java.lang.String getMessageType();

Type: java.lang.String

Message type as returned from cdk-nag.

NagResult

Nag result.

Initializer

import software.aws.pdk.pdk_nag.NagResult;

NagResult.builder()
    .messages(java.util.List<Message>)
    .resource(java.lang.String)
    .build();

Properties

Name	Type	Description
`messages`	`java.util.List<Message>`	List of messages.
`resource`	`java.lang.String`	Resource which triggered the message.

`messages`^Required

public java.util.List<Message> getMessages();

Type: java.util.List<Message>

List of messages.

`resource`^Required

public java.lang.String getResource();

Type: java.lang.String

Resource which triggered the message.

PDKNagAppProps

Initializer

import software.aws.pdk.pdk_nag.PDKNagAppProps;

PDKNagAppProps.builder()
//  .analyticsReporting(java.lang.Boolean)
//  .autoSynth(java.lang.Boolean)
//  .context(java.util.Map<java.lang.String, java.lang.Object>)
//  .defaultStackSynthesizer(IReusableStackSynthesizer)
//  .outdir(java.lang.String)
//  .policyValidationBeta1(java.util.List<IPolicyValidationPluginBeta1>)
//  .postCliContext(java.util.Map<java.lang.String, java.lang.Object>)
//  .stackTraces(java.lang.Boolean)
//  .treeMetadata(java.lang.Boolean)
//  .failOnError(java.lang.Boolean)
//  .failOnWarning(java.lang.Boolean)
//  .nagPacks(java.util.List<NagPack>)
    .build();

Properties

Name	Type	Description
`analyticsReporting`	`java.lang.Boolean`	Include runtime versioning information in the Stacks of this app.
`autoSynth`	`java.lang.Boolean`	Automatically call `synth()` before the program exits.
`context`	`java.util.Map`	Additional context values for the application.
`defaultStackSynthesizer`	`software.amazon.awscdk.IReusableStackSynthesizer`	The stack synthesizer to use by default for all Stacks in the App.
`outdir`	`java.lang.String`	The output directory into which to emit synthesized artifacts.
`policyValidationBeta1`	`java.util.List`	Validation plugins to run after synthesis.
`postCliContext`	`java.util.Map`	Additional context values for the application.
`stackTraces`	`java.lang.Boolean`	Include construct creation stack trace in the `aws:cdk:trace` metadata key of all constructs.
`treeMetadata`	`java.lang.Boolean`	Include construct tree metadata as part of the Cloud Assembly.
`failOnError`	`java.lang.Boolean`	Determines whether any errors encountered should trigger a test failure.
`failOnWarning`	`java.lang.Boolean`	Determines whether any warnings encountered should trigger a test failure.
`nagPacks`	`java.util.List`	Custom nag packs to execute.

`analyticsReporting`^Optional

public java.lang.Boolean getAnalyticsReporting();

Type: java.lang.Boolean
Default: Value of 'aws:cdk:version-reporting' context key

Include runtime versioning information in the Stacks of this app.

`autoSynth`^Optional

public java.lang.Boolean getAutoSynth();

Type: java.lang.Boolean
Default: true if running via CDK CLI (CDK_OUTDIR is set), false otherwise

Automatically call synth() before the program exits.

If you set this, you don't have to call synth() explicitly. Note that this feature is only available for certain programming languages, and calling synth() is still recommended.

`context`^Optional

public java.util.Map<java.lang.String, java.lang.Object> getContext();

Type: java.util.Map
Default: no additional context

Additional context values for the application.

Context set by the CLI or the context key in cdk.json has precedence.

Context can be read from any construct using node.getContext(key).

`defaultStackSynthesizer`^Optional

public IReusableStackSynthesizer getDefaultStackSynthesizer();

Type: software.amazon.awscdk.IReusableStackSynthesizer
Default: A DefaultStackSynthesizer with default settings

The stack synthesizer to use by default for all Stacks in the App.

The Stack Synthesizer controls aspects of synthesis and deployment, like how assets are referenced and what IAM roles to use. For more information, see the README of the main CDK package.

`outdir`^Optional

public java.lang.String getOutdir();

Type: java.lang.String
Default: If this value is not set, considers the environment variable CDK_OUTDIR. If CDK_OUTDIR is not defined, uses a temp directory.

The output directory into which to emit synthesized artifacts.

You should never need to set this value. By default, the value you pass to the CLI's --output flag will be used, and if you change it to a different directory the CLI will fail to pick up the generated Cloud Assembly.

This property is intended for internal and testing use.

`policyValidationBeta1`^Optional

public java.util.List<IPolicyValidationPluginBeta1> getPolicyValidationBeta1();

Type: java.util.List
Default: no validation plugins

Validation plugins to run after synthesis.

`postCliContext`^Optional

public java.util.Map<java.lang.String, java.lang.Object> getPostCliContext();

Type: java.util.Map
Default: no additional context

Additional context values for the application.

Context provided here has precedence over context set by:

The CLI via --context
The context key in cdk.json
The AppProps.context property

This property is recommended over the AppProps.context property since you can make final decision over which context value to take in your app.

Context can be read from any construct using node.getContext(key).

Example

// context from the CLI and from `cdk.json` are stored in the
// CDK_CONTEXT env variable
const cliContext = JSON.parse(process.env.CDK_CONTEXT!);

// determine whether to take the context passed in the CLI or not
const determineValue = process.env.PROD ? cliContext.SOMEKEY : 'my-prod-value';
new App({
  postCliContext: {
    SOMEKEY: determineValue,
  },
});

`stackTraces`^Optional

public java.lang.Boolean getStackTraces();

Type: java.lang.Boolean
Default: true stack traces are included unless aws:cdk:disable-stack-trace is set in the context.

Include construct creation stack trace in the aws:cdk:trace metadata key of all constructs.

`treeMetadata`^Optional

public java.lang.Boolean getTreeMetadata();

Type: java.lang.Boolean
Default: true

Include construct tree metadata as part of the Cloud Assembly.

`failOnError`^Optional

public java.lang.Boolean getFailOnError();

Type: java.lang.Boolean
Default: false

Determines whether any errors encountered should trigger a test failure.

`failOnWarning`^Optional

public java.lang.Boolean getFailOnWarning();

Type: java.lang.Boolean
Default: false

Determines whether any warnings encountered should trigger a test failure.

`nagPacks`^Optional

public java.util.List<NagPack> getNagPacks();

Type: java.util.List
Default: DEFAULT_NAG_PACKS

Custom nag packs to execute.

Classes

AwsPrototypingChecks

Check best practices for prototypes.

Initializers

import software.aws.pdk.pdk_nag.AwsPrototypingChecks;

AwsPrototypingChecks.Builder.create()
//  .additionalLoggers(java.util.List<INagLogger>)
//  .logIgnores(java.lang.Boolean)
//  .reportFormats(java.util.List<NagReportFormat>)
//  .reports(java.lang.Boolean)
//  .suppressionIgnoreCondition(INagSuppressionIgnore)
//  .verbose(java.lang.Boolean)
    .build();

Name	Type	Description
`additionalLoggers`	`java.util.List`	Additional NagLoggers for logging rule validation outputs.
`logIgnores`	`java.lang.Boolean`	Whether or not to log suppressed rule violations as informational messages (default: false).
`reportFormats`	`java.util.List`	If reports are enabled, the output formats of compliance reports in the App's output directory (default: only CSV).
`reports`	`java.lang.Boolean`	Whether or not to generate compliance reports for applied Stacks in the App's output directory (default: true).
`suppressionIgnoreCondition`	`io.github.cdklabs.cdknag.INagSuppressionIgnore`	Conditionally prevent rules from being suppressed (default: no user provided condition).
`verbose`	`java.lang.Boolean`	Whether or not to enable extended explanatory descriptions on warning, error, and logged ignore messages (default: false).

`additionalLoggers`^Optional

Type: java.util.List

Additional NagLoggers for logging rule validation outputs.

`logIgnores`^Optional

Type: java.lang.Boolean

Whether or not to log suppressed rule violations as informational messages (default: false).

`reportFormats`^Optional

Type: java.util.List

If reports are enabled, the output formats of compliance reports in the App's output directory (default: only CSV).

`reports`^Optional

Type: java.lang.Boolean

Whether or not to generate compliance reports for applied Stacks in the App's output directory (default: true).

`suppressionIgnoreCondition`^Optional

Type: io.github.cdklabs.cdknag.INagSuppressionIgnore

Conditionally prevent rules from being suppressed (default: no user provided condition).

`verbose`^Optional

Type: java.lang.Boolean

Whether or not to enable extended explanatory descriptions on warning, error, and logged ignore messages (default: false).

Methods

Name	Description
`visit`	Check if CfnResource and apply rules.

`visit`

public void visit(IConstruct node)

Check if CfnResource and apply rules.

`node`^Required

Type: software.constructs.IConstruct

Properties

Name	Type	Description
`readPackName`	`java.lang.String`	No description.

`readPackName`^Required

public java.lang.String getReadPackName();

Type: java.lang.String

PDKNag

Helper for create a Nag Enabled App.

Initializers

import software.aws.pdk.pdk_nag.PDKNag;

new PDKNag();

Name	Type	Description

Static Functions

Name	Description
`addResourceSuppressionsByPathNoThrow`	Wrapper around NagSuppressions which does not throw.
`app`	Returns an instance of an App with Nag enabled.
`getStackAccountRegex`	Returns a stack account regex.
`getStackPartitionRegex`	Returns a stack partition regex.
`getStackPrefix`	Returns a prefix comprising of a delimited set of Stack Ids.
`getStackRegionRegex`	Returns a stack region regex.

`addResourceSuppressionsByPathNoThrow`

import software.aws.pdk.pdk_nag.PDKNag;

PDKNag.addResourceSuppressionsByPathNoThrow(Stack stack, java.lang.String path, java.util.List<NagPackSuppression> suppressions),PDKNag.addResourceSuppressionsByPathNoThrow(Stack stack, java.lang.String path, java.util.List<NagPackSuppression> suppressions, java.lang.Boolean applyToChildren)

Wrapper around NagSuppressions which does not throw.

`stack`^Required

Type: software.amazon.awscdk.Stack

stack instance.

`path`^Required

Type: java.lang.String

resource path.

`suppressions`^Required

Type: java.util.List

list of suppressions to apply.

`applyToChildren`^Optional

Type: java.lang.Boolean

whether to apply to children.

`app`

import software.aws.pdk.pdk_nag.PDKNag;

PDKNag.app(),PDKNag.app(PDKNagAppProps props)

Returns an instance of an App with Nag enabled.

`props`^Optional

Type: PDKNagAppProps

props to initialize the app with.

`getStackAccountRegex`

import software.aws.pdk.pdk_nag.PDKNag;

PDKNag.getStackAccountRegex(Stack stack)

Returns a stack account regex.

`stack`^Required

Type: software.amazon.awscdk.Stack

stack instance.

`getStackPartitionRegex`

import software.aws.pdk.pdk_nag.PDKNag;

PDKNag.getStackPartitionRegex(Stack stack)

Returns a stack partition regex.

`stack`^Required

Type: software.amazon.awscdk.Stack

stack instance.

`getStackPrefix`

import software.aws.pdk.pdk_nag.PDKNag;

PDKNag.getStackPrefix(Stack stack)

Returns a prefix comprising of a delimited set of Stack Ids.

For example: StackA/NestedStackB/

`stack`^Required

Type: software.amazon.awscdk.Stack

stack instance.

`getStackRegionRegex`

import software.aws.pdk.pdk_nag.PDKNag;

PDKNag.getStackRegionRegex(Stack stack)

Returns a stack region regex.

`stack`^Required

Type: software.amazon.awscdk.Stack

stack instance.

Enums

NagResultCompliance

Possible statuses for nag rules.

Members

Name	Description
`COMPLIANT`	Resource complies with the rule.
`NON_COMPLIANT`	Resource does not comply with the rule.
`NON_COMPLIANT_SUPPRESSED`	Resource does not comply with the rule, but the rule was suppressed.
`ERROR`	An error occurred applying the rule.
`ERROR_SUPPRESSED`	An error occurred applying the rule, but the rule was suppressed.
`NOT_APPLICABLE`	The rule is not applicable to the resource.

`COMPLIANT`

Resource complies with the rule.

`NON_COMPLIANT`

Resource does not comply with the rule.

`NON_COMPLIANT_SUPPRESSED`

Resource does not comply with the rule, but the rule was suppressed.

`ERROR`

An error occurred applying the rule.

`ERROR_SUPPRESSED`

An error occurred applying the rule, but the rule was suppressed.

`NOT_APPLICABLE`

The rule is not applicable to the resource.

Last update: 2025-07-17

API Reference

Constructs

PDKNagApp

Initializers

analyticsReportingOptional

autoSynthOptional

contextOptional

defaultStackSynthesizerOptional

outdirOptional

policyValidationBeta1Optional

postCliContextOptional

stackTracesOptional

treeMetadataOptional

failOnErrorOptional

failOnWarningOptional

nagPacksOptional

Methods

toString

synth

optionsOptional

addExtendedNagResults

resultsRequired

addNagResult

resultRequired

extendedNagResults

nagResults

Static Functions

isConstruct

xRequired

isStage

xRequired

of

constructRequired

isApp

objRequired

Properties

nodeRequired

artifactIdRequired

assetOutdirRequired

outdirRequired

policyValidationBeta1Required

stageNameRequired

accountOptional

parentStageOptional

regionOptional

nagPacksRequired

Structs

ExtendedNagResult

Initializer

Properties

complianceRequired

nagPackNameRequired

resourceRequired

ruleExplanationRequired

ruleIdRequired

ruleInfoRequired

ruleLevelRequired

ruleOriginalNameRequired

errorMessageOptional

findingIdOptional

suppressionReasonOptional

Message

Initializer

Properties

messageDescriptionRequired

messageTypeRequired

NagResult

Initializer

Properties

messagesRequired

resourceRequired

PDKNagAppProps

Initializer

Properties

analyticsReportingOptional

autoSynthOptional

contextOptional

defaultStackSynthesizerOptional

outdirOptional

policyValidationBeta1Optional

`analyticsReporting`^Optional

`autoSynth`^Optional

`context`^Optional

`defaultStackSynthesizer`^Optional

`outdir`^Optional

`policyValidationBeta1`^Optional

`postCliContext`^Optional

`stackTraces`^Optional

`treeMetadata`^Optional

`failOnError`^Optional

`failOnWarning`^Optional

`nagPacks`^Optional

`toString`

`synth`

`options`^Optional

`addExtendedNagResults`

`results`^Required

`addNagResult`

`result`^Required

`extendedNagResults`

`nagResults`

`isConstruct`

`x`^Required

`isStage`

`x`^Required

`of`

`construct`^Required

`isApp`

`obj`^Required

`node`^Required

`artifactId`^Required

`assetOutdir`^Required

`outdir`^Required

`policyValidationBeta1`^Required

`stageName`^Required

`account`^Optional

`parentStage`^Optional

`region`^Optional

`nagPacks`^Required

`compliance`^Required

`nagPackName`^Required

`resource`^Required

`ruleExplanation`^Required

`ruleId`^Required

`ruleInfo`^Required

`ruleLevel`^Required

`ruleOriginalName`^Required

`errorMessage`^Optional

`findingId`^Optional

`suppressionReason`^Optional

`messageDescription`^Required

`messageType`^Required

`messages`^Required

`resource`^Required

`analyticsReporting`^Optional

`autoSynth`^Optional

`context`^Optional

`defaultStackSynthesizer`^Optional

`outdir`^Optional

`policyValidationBeta1`^Optional

`postCliContext`^Optional

`stackTraces`^Optional

`treeMetadata`^Optional

`failOnError`^Optional

`failOnWarning`^Optional

`nagPacks`^Optional

`additionalLoggers`^Optional

`logIgnores`^Optional

`reportFormats`^Optional

`reports`^Optional

`suppressionIgnoreCondition`^Optional

`verbose`^Optional

`visit`

`node`^Required

`readPackName`^Required

`addResourceSuppressionsByPathNoThrow`

`stack`^Required

`path`^Required

`suppressions`^Required

`applyToChildren`^Optional