Skip to main content
Skip to main content

Rule Filtering

Filter CDK Insights analysis results by specific rules and categories to focus on relevant findings. Target security issues, cost optimizations, or specific compliance requirements.

Why Use Rule Filtering?

Focused Analysis

Filter out noise and focus on specific types of issues like security vulnerabilities or cost optimizations.

Targeted Audits

Run focused audits for specific compliance requirements or security standards using rule IDs or categories.

Efficient Reviews

Speed up code reviews by focusing on specific types of issues and reducing the noise in analysis reports.

CI/CD Integration

Use filtering in CI/CD pipelines to check for specific issues and fail builds when critical problems are found.

Available Filter Categories

Security

Critical and High priority findings

Filter findings related to security vulnerabilities and misconfigurations

Examples:

AwsSolutions-IAM4, AwsSolutions-S3-2, Security

Use Case: Focus on security-critical issues during audits

Cost Optimization

Medium and Low priority findings

Filter findings related to cost optimization opportunities

Examples:

AwsSolutions-L1, Cost Optimization, Lambda

Use Case: Identify cost-saving opportunities

Performance

Medium priority findings

Filter findings related to performance improvements

Examples:

AwsSolutions-L2, Performance, RDS

Use Case: Optimize application performance

Best Practices

Low priority findings

Filter findings related to AWS and CDK best practices

Examples:

AwsSolutions-V1, Best Practices, Tagging

Use Case: Ensure adherence to best practices

✅ Improved UX: CDK Insights now intelligently skips prompts for values already provided via CLI options. When you specify --rule-filter or --output, those prompts will be skipped automatically.

Rule Filtering Examples

Filter by Rule Category

Focus on security-related findings only

npx cdk-insights scan --rule-filter Security

Result: Shows only security-related issues

Filter by Specific Rule ID

Target specific CDK Nag rules

npx cdk-insights scan --rule-filter AwsSolutions-IAM4

Result: Shows only IAM role overly permissive policy issues

Filter by Multiple Categories

Combine multiple rule categories

npx cdk-insights scan --rule-filter "Security,Cost Optimization"

Result: Shows both security and cost-related issues

CI/CD Pipeline Usage

Use in automated environments

npx cdk-insights scan --rule-filter Security --output json

Result: Shows only security issues in JSON format

Rule Filter Configuration

{
  "// .cdk-insights.json": {
    "ruleFilter": [
      "Security",
      "AwsSolutions-IAM4"
    ]
  },
  "// CLI Usage": {
    "Filter by category": "npx cdk-insights scan --rule-filter Security",
    "Filter by rule ID": "npx cdk-insights scan --rule-filter AwsSolutions-S3-2",
    "Multiple filters": "npx cdk-insights scan --rule-filter \"Security,Cost Optimization\"",
    "CI/CD usage": "npx cdk-insights scan --rule-filter Security --output json"
  }
}

Configuration File:

  • • ruleFilter: Array of rule filters
  • • Categories: Security, Cost Optimization
  • • Rule IDs: AwsSolutions-IAM4, etc.

CLI Usage:

  • • --rule-filter: Filter by category or ID
  • • Multiple values: Use comma separation
  • • Quotes: Required for multi-word filters

Real-World Usage Examples

Security Audit

Run a focused security audit

cdk-insights scan --rule-filter Security --output markdown

Result: Generates a markdown report with only security findings (only prompts for stack selection)

Cost Optimization Review

Identify cost optimization opportunities

cdk-insights scan --rule-filter "Cost Optimization" --output table

Result: Shows cost-related findings in a readable table format (only prompts for stack selection)

CI/CD Pipeline Check

Automated compliance check in CI/CD

cdk-insights scan --rule-filter AwsSolutions-IAM4 --ci --fail-on-critical

Result: Exits with error code if IAM roles have overly permissive policies (no prompts)

Rule Filtering Best Practices

Focus on Specific Categories

Use category-based filtering for targeted analysis

Example:

Use "Security" for audits, "Cost Optimization" for budget reviews

Benefit: Reduces noise and focuses on relevant findings

Combine Multiple Filters

Use comma-separated values to combine filter types

Example:

--rule-filter "Security,Cost Optimization"

Benefit: Comprehensive analysis across multiple concerns

Use Specific Rule IDs

Target specific CDK Nag rules for precise filtering

Example:

--rule-filter AwsSolutions-IAM4

Benefit: Focus on specific compliance requirements

Save Filters in Configuration

Store commonly used filters in .cdk-insights.json

Example:

"ruleFilter": ["Security", "AwsSolutions-S3-2"]

Benefit: Consistent filtering across team members

Minimal Prompts for Better UX

CLI options automatically skip their corresponding prompts

Example:

cdk-insights scan --rule-filter Security --output table

Benefit: Only prompts for missing required values, improving user experience

Ready to Filter Your Analysis?

Start using rule filtering to focus on specific types of issues and make your CDK Insights analysis more targeted and efficient.

CDK Aspect IntegrationBest Practices Examples