NAG Utilities

API Reference

Shared cdk-nag suppression helpers for CDK-managed singleton Lambdas.

CDK creates several singleton Lambda functions internally (AwsCustomResource provider, LogRetention, BucketDeployment, S3AutoDeleteObjects). These Lambdas share the same limitations: their runtime, memory, tracing, DLQ, VPC, and IAM policies are all managed by CDK and cannot be configured by the caller.

CDK_LAMBDA_SUPPRESSIONS is the canonical suppression list for these singletons. Import it and pass it to NagSuppressions.add_resource_suppressions_by_path or NagSuppressions.add_resource_suppressions with apply_to_children=True.