Rule ID,Resource ID,Compliance,Exception Reason,Rule Level,Rule Info
"AwsSolutions-ECS4","cdk-ecs-codedeploy-service/Cluster/Resource","Suppressed","Unrelated to construct under test","Error","The ECS Cluster has CloudWatch Container Insights disabled."
"AwsSolutions-VPC7","cdk-ecs-codedeploy-service/Cluster/Vpc/Resource","Suppressed","Unrelated to construct under test","Error","The VPC does not have an associated Flow Log."
"AwsSolutions-ELB2","cdk-ecs-codedeploy-service/Service/LB/Resource","Compliant","N/A","Error","The ELB does not have access logs enabled."
"AwsSolutions-EC23","cdk-ecs-codedeploy-service/Service/LB/SecurityGroup/Resource","Suppressed","Allow public inbound access on ELB","Error","The Security Group allows for 0.0.0.0/0 or ::/0 inbound access."
"AwsSolutions-EC27","cdk-ecs-codedeploy-service/Service/LB/SecurityGroup/Resource","Compliant","N/A","Error","The Security Group does not have a description."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/TaskDef/TaskRole/Resource","Compliant","N/A","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/TaskDef/TaskRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-ECS2","cdk-ecs-codedeploy-service/Service/TaskDef/Resource","Compliant","N/A","Error","The ECS Task Definition includes a container definition that directly specifies environment variables."
"AwsSolutions-ECS7","cdk-ecs-codedeploy-service/Service/TaskDef/Resource","Compliant","N/A","Error","One or more containers in the ECS Task Definition do not have container logging enabled."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/TaskDef/ExecutionRole/Resource","Compliant","N/A","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/TaskDef/ExecutionRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/TaskDef/ExecutionRole/DefaultPolicy/Resource","Suppressed","Allow wildcard resource on execution policy","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-EC23","cdk-ecs-codedeploy-service/Service/Service/SecurityGroup/Resource","Compliant","N/A","Error","The Security Group allows for 0.0.0.0/0 or ::/0 inbound access."
"AwsSolutions-EC27","cdk-ecs-codedeploy-service/Service/Service/SecurityGroup/Resource","Compliant","N/A","Error","The Security Group does not have a description."
"AwsSolutions-EC23","cdk-ecs-codedeploy-service/Service/Service/SecurityGroup/from cdkecscodedeployserviceServiceLBSecurityGroupD78B8ED9:80","Compliant","N/A","Error","The Security Group allows for 0.0.0.0/0 or ::/0 inbound access."
"AwsSolutions-S1","cdk-ecs-codedeploy-service/Service/AccessLogBucket/Resource","Suppressed","Dont need access logs for access log bucket","Error","The S3 Bucket has server access logs disabled."
"AwsSolutions-S2","cdk-ecs-codedeploy-service/Service/AccessLogBucket/Resource","Compliant","N/A","Error","The S3 Bucket does not have public access restricted and blocked."
"AwsSolutions-S5","cdk-ecs-codedeploy-service/Service/AccessLogBucket/Resource","Compliant","N/A","Error","The S3 static website bucket either has an open world bucket policy or does not use a CloudFront Origin Access Identity (OAI) in the bucket policy for limited getObject and/or putObject permissions."
"AwsSolutions-S10","cdk-ecs-codedeploy-service/Service/AccessLogBucket/Resource","Compliant","N/A","Error","The S3 Bucket or bucket policy does not require requests to use SSL."
"AwsSolutions-S10","cdk-ecs-codedeploy-service/Service/AccessLogBucket/Policy/Resource","Compliant","N/A","Error","The S3 Bucket or bucket policy does not require requests to use SSL."
"AwsSolutions-S1","cdk-ecs-codedeploy-service/Service/CanaryArtifactsBucket/Resource","Suppressed","Dont need access logs for canary bucket","Error","The S3 Bucket has server access logs disabled."
"AwsSolutions-S2","cdk-ecs-codedeploy-service/Service/CanaryArtifactsBucket/Resource","Compliant","N/A","Error","The S3 Bucket does not have public access restricted and blocked."
"AwsSolutions-S5","cdk-ecs-codedeploy-service/Service/CanaryArtifactsBucket/Resource","Compliant","N/A","Error","The S3 static website bucket either has an open world bucket policy or does not use a CloudFront Origin Access Identity (OAI) in the bucket policy for limited getObject and/or putObject permissions."
"AwsSolutions-S10","cdk-ecs-codedeploy-service/Service/CanaryArtifactsBucket/Resource","Compliant","N/A","Error","The S3 Bucket or bucket policy does not require requests to use SSL."
"AwsSolutions-S10","cdk-ecs-codedeploy-service/Service/CanaryArtifactsBucket/Policy/Resource","Compliant","N/A","Error","The S3 Bucket or bucket policy does not require requests to use SSL."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/Canary/ServiceRole/Resource","Compliant","N/A","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/Canary/ServiceRole/Resource","Suppressed","Allow resource:*","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/Canary/ServiceRole/Resource","Suppressed","Allow resource:*","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/Canary/ServiceRole/Resource","Suppressed","Allow resource:*","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/ServiceRole/Resource","Suppressed","[Policy::arn:<AWS::Partition>:iam::aws:policy/AWSCodeDeployRoleForECS] Allow AWSCodeDeployRoleForECS policy","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProviderOnEventLambda/ServiceRole/Resource","Suppressed","[Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole] Allow AWSLambdaBasicExecutionRole policy","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProviderOnEventLambda/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProviderOnEventLambda/ServiceRole/DefaultPolicy/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProviderOnEventLambda/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProviderIsCompleteLambda/ServiceRole/Resource","Suppressed","[Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole] Allow AWSLambdaBasicExecutionRole policy","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProviderIsCompleteLambda/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProviderIsCompleteLambda/ServiceRole/DefaultPolicy/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProviderIsCompleteLambda/Resource","Compliant","N/A","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/Resource","Suppressed","[Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole] Allow AWSLambdaBasicExecutionRole policy","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onEvent/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/Resource","Suppressed","[Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole] Allow AWSLambdaBasicExecutionRole policy","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-isComplete/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/Resource","Suppressed","[Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole] Allow AWSLambdaBasicExecutionRole policy","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-L1","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/framework-onTimeout/Resource","Suppressed","Unrelated to construct under test","Error","The non-container Lambda function is not configured to use the latest runtime version."
"AwsSolutions-IAM4","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/waiter-state-machine/Role/Resource","Compliant","N/A","Error","The IAM user, role, or group uses AWS managed policies."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/waiter-state-machine/Role/Resource","Compliant","N/A","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/waiter-state-machine/Role/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."
"AwsSolutions-IAM5","cdk-ecs-codedeploy-service/Service/DeploymentGroup/Deployment/DeploymentProvider/waiter-state-machine/Role/DefaultPolicy/Resource","Suppressed","Unrelated to construct under test","Error","The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission."