ExplainCDKNagRule
Get detailed explanations and remediation steps for AWS CDK Nag security rules to ensure infrastructure follows AWS Well-Architected best practices.
Instructions
Explain a specific CDK Nag rule with AWS Well-Architected guidance.
CDK Nag is a crucial tool for ensuring your CDK applications follow AWS security best practices.
Basic implementation:
```typescript
import { App } from 'aws-cdk-lib';
import { AwsSolutionsChecks } from 'cdk-nag';
const app = new App();
// Create your stack
const stack = new MyStack(app, 'MyStack');
// Apply CDK Nag
AwsSolutionsChecks.check(app);
```
Optional integration patterns:
1. Using environment variables:
```typescript
if (process.env.ENABLE_CDK_NAG === 'true') {
AwsSolutionsChecks.check(app);
}
```
2. Using CDK context parameters:
```typescript
3. Environment-specific application:
```typescript
const environment = app.node.tryGetContext('environment') || 'development';
if (['production', 'staging'].includes(environment)) {
AwsSolutionsChecks.check(stack);
}
```
For more information on specific rule packs:
- Use resource `cdk-nag://rules/{rule_pack}` to get all rules for a specific pack
- Use resource `cdk-nag://warnings/{rule_pack}` to get warnings for a specific pack
- Use resource `cdk-nag://errors/{rule_pack}` to get errors for a specific pack
Args:
ctx: MCP context
rule_id: The CDK Nag rule ID (e.g., 'AwsSolutions-IAM4')
Returns:
Dictionary with detailed explanation and remediation stepsInput Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| rule_id | Yes |