branch: main
download-external-modules: true
evaluate-variables: true
external-modules-download-path: .external_modules
framework: cloudformation
output: cli
directory:
  - cdk.out
skip-check:
   - CKV_AWS_7     # Ensure rotation for customer created CMKs is enabled
   - CKV_AWS_23    # Ensure every security groups rule has a description
   - CKV_AWS_24    # Ensure no security groups allow ingress from 0.0.0.0:0 to port 22
   - CKV_AWS_25    # Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389
   - CKV_AWS_26    # Ensure all data stored in the SNS topic is encrypted
   - CKV_AWS_33    # Ensure KMS key policy does not contain wildcard (*) principal
   - CKV_AWS_40    # Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)
   - CKV_AWS_45    # Ensure no hard-coded secrets exist in lambda environment
   - CKV_AWS_60    # Ensure IAM role allows only specific services or principals to assume it
   - CKV_AWS_61    # Ensure IAM role allows only specific principals in account to assume it
   - CKV_AWS_107   # Ensure IAM policies does not allow credentials exposure
   - CKV_AWS_108   # Ensure IAM policies does not allow data exfiltration
   - CKV_AWS_109   # Ensure IAM policies does not allow permissions management without constraints
   - CKV_AWS_110   # Ensure IAM policies does not allow privilege escalation
   - CKV_AWS_111   # Ensure IAM policies does not allow write access without constraints