Hello, I was trying to get started with Pulumi CrossGuard and the AWS ruleset.
How do I exclude certain objects from certain rules? (equivalent of
https://github.com/stelligent/cfn_nag#per-resource-rule-suppression )
eg
I can create a simple bucket and get a "Bucket logging must be defined." advisory.
So then I add another bucket and make it be the logbucket.
And now I get the advisory on the logbucket.
How do I add an ignore/exception rule to the template (not to the rules) to say "This IS the logbucket" ??
const logBucket = new aws.s3.Bucket("logBucket", {acl: "log-delivery-write"});
const bucket = new aws.s3.Bucket("my-bucket", {
acl: "public-read",
loggings: [{
targetBucket: logBucket.id,
targetPrefix: "log/",
}],});
(In this case, I could probably adjust the rules to say "if acl=log-delivery-write : ignore". I'm after the generic method to exclude an object from a rule. )