Topics on this page
Exemption management
Exemptions are based on pattern matching. This means that you enter a value for a particular field and Application Security will exempt all functions from the Assessment report that match the value.
This value can include wildcard placeholders.
You can add an exemption rule based on:
- ID
- Tags
- Name
- Region
They define the field for which the match value will be assigned. For example, you can exclude all functions from US regions by "Add new exempt rule" tab Region and input "us-*" and click the "Add rule" button.
Add a rule from Assessment Reports view
You can quickly add a rule from the Functions Inventory section on the Assessment Reports page:
-
Select a function from the Functions Inventory section on the Assessment Reports page.
-
Click the Add to exemptions button. This adds a rule by ID. There is no edit required afterwards.
Add a tag-based rule from the Open Exemption list
Tags in AWS are custom key value pairs. So the name of the bar is the key, and the possible values are shown when you open it up. No functions are displayed on that screen. The user can exempt by a key match or a specific key/value match.
You can use the Exemption list as a shortcut to look up and assign tag key/value rules.
-
In the Assessments view, click Open Exemption List.
-
Ensure that you are on the Custom Tags page.
-
Find the tag key of the function that you want to exempt.
-
Click the:
- Exempt key check box to exempt all of the values for that tag key; or
- Down arrow next to the Exempt key, and select the check boxes of the specific values that you want to exempt for that tag-key.
-
Click Save.
Add a rule from the rule list
You can add a rule by based on one of the four information types.
-
In the Assessment Exemption List window, click Rule List.
-
Select type of information that you want the rule to be based on:
- ID
- Tags
- Name
- Region
-
Complete the fields on the page.
-
Click Add Rule.
-
Click Save.