AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-10-25 · Documentation low

File: prescriptive-guidance/latest/best-practices-cdk-typescript-iac/security-formatting-best-practices.md

Summary

Removed cfn-nag references while retaining cdk-nag

Security assessment

Removal of a security tool mention without justification, but maintains cdk-nag recommendations. No direct evidence of addressing security vulnerabilities.

Diff

diff --git a/prescriptive-guidance/latest/best-practices-cdk-typescript-iac/security-formatting-best-practices.md b/prescriptive-guidance/latest/best-practices-cdk-typescript-iac/security-formatting-best-practices.md
index 542d3f94d..5d8d8dd0a 100644
--- a//prescriptive-guidance/latest/best-practices-cdk-typescript-iac/security-formatting-best-practices.md
+++ b//prescriptive-guidance/latest/best-practices-cdk-typescript-iac/security-formatting-best-practices.md
@@ -37,3 +37 @@ The tools covered in this section help you to extend their built-in functionalit
-  * Use cfn-nag to identify infrastructure security issues, such as permissive IAM rules or password literals, in CloudFormation templates. For more information, see the GitHub [cfn-nag](https://github.com/stelligent/cfn_nag) repository from Stelligent.
-
-  * Use cdk-nag, inspired by cfn-nag, to validate that constructs within a given scope comply with a defined set of rules. You can also use cdk-nag for rule suppression and compliance reporting. The cdk-nag tool validates constructs by extending [aspects](https://docs.aws.amazon.com/cdk/v2/guide/aspects.html) in the AWS CDK. For more information, see [Manage application security and compliance with the AWS Cloud Development Kit (AWS CDK) and cdk-nag](https://aws.amazon.com/blogs/devops/manage-application-security-and-compliance-with-the-aws-cloud-development-kit-and-cdk-nag/) in the AWS DevOps Blog.
+  * Use cdk-nag to validate that constructs within a given scope comply with a defined set of rules. You can also use cdk-nag for rule suppression and compliance reporting. The cdk-nag tool validates constructs by extending [aspects](https://docs.aws.amazon.com/cdk/v2/guide/aspects.html) in the AWS CDK. For more information, see [Manage application security and compliance with the AWS Cloud Development Kit (AWS CDK) and cdk-nag](https://aws.amazon.com/blogs/devops/manage-application-security-and-compliance-with-the-aws-cloud-development-kit-and-cdk-nag/) in the AWS DevOps Blog.