verdimrc/cdk-BucketDeployment-checkov.ts

## cdk-BucketDeployment-checkov.ts
interface CheckovRule {
    id: string,
    comment: string,
}

function silence_checkov(construct: Construct, rules: CheckovRule[]) {
    let metadata = (construct.node.defaultChild as cdk.CfnResource).cfnOptions.metadata;
    metadata = { checkov: { skip: rules }, ...metadata };
    (construct.node.defaultChild as cdk.CfnResource).cfnOptions.metadata = metadata
}

interface CfnNagRule {
    id: string,
    reason: string,
}

function silence_cfn_nag(construct: Construct, rules: CfnNagRule[]) {
    let metadata = (construct.node.defaultChild as cdk.CfnResource).cfnOptions.metadata;
    metadata = { cfn_nag: { rules_to_suppress: rules }, ...metadata };
    (construct.node.defaultChild as cdk.CfnResource).cfnOptions.metadata = metadata
}


/******************************************************************************
 * HERE WE GO
 ******************************************************************************/
// NOTE: lambda console shows 10 unreserved concurrency.
const scriptsUploader = new s3deploy.BucketDeployment(this, 'DeployScripts', {
    sources: [s3deploy.Source.asset("path/to/scripts")],
    destinationBucket: s3Bucket,       // Require an s3 bucket construct
    destinationKeyPrefix: "scripts",
    retainOnDelete: false,
    vpc: vpc,                          // Require a vpc construct, to put the lambda to this vpc.
});

const crh = (scriptsUploader.node.findChild("CustomResourceHandler") as SingletonFunction);
silence_checkov(
    crh['lambdaFunction'],  // Access private member.
    [
        { id: 'CKV_AWS_116', comment: 'DLQ not required' },
        { id: 'CKV_AWS_115', comment: 'Default concurrency limit is sufficient' },
    ]
);
silence_cfn_nag(
    crh['lambdaFunction'],  // Access private member.
    [
        { id: 'ASDF', reason: 'Reason to suppress' },
    ]

)
	interface CheckovRule {
	id: string,
	comment: string,
	}

	function silence_checkov(construct: Construct, rules: CheckovRule[]) {
	let metadata = (construct.node.defaultChild as cdk.CfnResource).cfnOptions.metadata;
	metadata = { checkov: { skip: rules }, ...metadata };
	(construct.node.defaultChild as cdk.CfnResource).cfnOptions.metadata = metadata
	}

	interface CfnNagRule {
	id: string,
	reason: string,
	}

	function silence_cfn_nag(construct: Construct, rules: CfnNagRule[]) {
	let metadata = (construct.node.defaultChild as cdk.CfnResource).cfnOptions.metadata;
	metadata = { cfn_nag: { rules_to_suppress: rules }, ...metadata };
	(construct.node.defaultChild as cdk.CfnResource).cfnOptions.metadata = metadata
	}


	/******************************************************************************
	* HERE WE GO
	******************************************************************************/
	// NOTE: lambda console shows 10 unreserved concurrency.
	const scriptsUploader = new s3deploy.BucketDeployment(this, 'DeployScripts', {
	sources: [s3deploy.Source.asset("path/to/scripts")],
	destinationBucket: s3Bucket, // Require an s3 bucket construct
	destinationKeyPrefix: "scripts",
	retainOnDelete: false,
	vpc: vpc, // Require a vpc construct, to put the lambda to this vpc.
	});

	const crh = (scriptsUploader.node.findChild("CustomResourceHandler") as SingletonFunction);
	silence_checkov(
	crh['lambdaFunction'], // Access private member.
	[
	{ id: 'CKV_AWS_116', comment: 'DLQ not required' },
	{ id: 'CKV_AWS_115', comment: 'Default concurrency limit is sufficient' },
	]
	);
	silence_cfn_nag(
	crh['lambdaFunction'], // Access private member.
	[
	{ id: 'ASDF', reason: 'Reason to suppress' },
	]

	)