suppressed warning on build

allen-moheimani-aws · allen-moheimani-aws · commit 62cc6898422a · 2021-04-23T18:00:03.000-07:00
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/lib/index.ts
@@ -123,6 +123,17 @@ export class LambdaToSecretsmanager extends Construct {
         this.secret = props.existingSecretObj;
       } else {
         this.secret = defaults.buildSecretsManagerSecret(this, 'secret', props.secretProps);
+
+        // suppress warning on build
+        const cfnSecret: secretsmanager.CfnSecret = this.secret.node.findChild('Resource') as secretsmanager.CfnSecret;
+        cfnSecret.cfnOptions.metadata = {
+          cfn_nag: {
+            rules_to_suppress: [{
+              id: 'W77',
+              reason: `Secrets Manager Secret should explicitly specify KmsKeyId. Besides control of the key this will allow the secret to be shared cross-account`
+            }]
+          }
+        };
       }
 
       // Configure environment variables
