Scanning AWS CDK output with KICS¶
AWS Cloud Development Kit is a software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation.
It has all the advantages of using AWS CloudFormation.
KICS currently support scanning AWS Cloudformation templates. In this guide, we will describe how to scan a simple CDK defined infrastructure following the Working With the AWS CDK in Go documentation.
Make sure all prerequisites are met.
Create a project¶
- Create a new CDK project using the CLI. e.g:
mkdir test-cdk
cd test-cdk
cdk init app --language go
- Download dependencies
go mod download
- Synthetize CloudFormation template
cdk synth > cfn-stack.yaml
- Execute KICS against the template and check the results
docker run -v $PWD/cfn-stack.yaml:/path/cfn-stack.yaml -it checkmarx/kics:latest scan -p /path/cfn-stack.yaml