cdk-nag 2.38.1

Check CDK v2 applications for best practices using a combination on available rule packs.

cdk-nag

Check CDK applications or CloudFormation templates for best practices using a combination of available rule packs. Inspired by cfn_nag.

Check out this blog post for a guided overview!

Available Rules and Packs

See RULES for more information on all the available packs.

1. AWS Solutions
2. HIPAA Security
3. NIST 800-53 rev 4
4. NIST 800-53 rev 5
5. PCI DSS 3.2.1
6. Serverless

RULES also includes a collection of additional rules that are not currently included in any of the pre-built NagPacks, but are still available for inclusion in custom NagPacks.

Read the NagPack developer docs if you are interested in creating your own pack.

Usage

For a full list of options See NagPackProps in the API.md

Including in an application

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects
from ...lib.cdk_test_stack import CdkTestStack
from cdk_nag import AwsSolutionsChecks


app = App()
CdkTestStack(app, "CdkNagDemo")
# Simple rule informational messages using the AWS Solutions Rule pack
Aspects.of(app).add(AwsSolutionsChecks())
# Multiple rule packs can be run against the same app
Aspects.of(app).add(NIST80053R5Checks())

Suppressing a Rule

Example 1) Default Construct

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.aws_ec2 import SecurityGroup, Vpc, Peer, Port
from aws_cdk import Stack, StackProps
from constructs import Construct
from cdk_nag import NagSuppressions


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        test = SecurityGroup(self, "test",
            vpc=Vpc(self, "vpc")
        )
        test.add_ingress_rule(Peer.any_ipv4(), Port.all_traffic())
        NagSuppressions.add_resource_suppressions(test, [id="AwsSolutions-EC23", reason="lorem ipsum"
        ])

Example 2) On Multiple Constructs

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.aws_ec2 import SecurityGroup, Vpc, Peer, Port
from aws_cdk import Stack, StackProps
from constructs import Construct
from cdk_nag import NagSuppressions


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        vpc = Vpc(self, "vpc")
        test1 = SecurityGroup(self, "test", vpc=vpc)
        test1.add_ingress_rule(Peer.any_ipv4(), Port.all_traffic())
        test2 = SecurityGroup(self, "test", vpc=vpc)
        test2.add_ingress_rule(Peer.any_ipv4(), Port.all_traffic())
        NagSuppressions.add_resource_suppressions([test1, test2], [id="AwsSolutions-EC23", reason="lorem ipsum"])

Example 3) Child Constructs

# Example automatically generated from non-compiling source. May contain errors.
from cdk_nag import NagPackSuppression
from aws_cdk.aws_iam import User, PolicyStatement
from aws_cdk import Stack, StackProps
from constructs import Construct
from cdk_nag import NagSuppressions


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        user = User(self, "rUser")
        user.add_to_policy(
            PolicyStatement(
                actions=["s3:PutObject"],
                resources=["arn:aws:s3:::bucket_name/*"]
            ))
        # Enable adding suppressions to child constructs
        NagSuppressions.add_resource_suppressions(user, [NagPackSuppression(
            id="AwsSolutions-IAM5",
            reason="lorem ipsum",
            applies_to=["Resource::arn:aws:s3:::bucket_name/*"]
        )
        ], True)

Example 4) Stack Level

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects
from ...lib.cdk_test_stack import CdkTestStack
from cdk_nag import AwsSolutionsChecks, NagSuppressions


app = App()
stack = CdkTestStack(app, "CdkNagDemo")
Aspects.of(app).add(AwsSolutionsChecks())
NagSuppressions.add_stack_suppressions(stack, [id="AwsSolutions-EC23", reason="lorem ipsum"
])

Example 5) Construct path

If you received the following error on synth/deploy

[Error at /StackName/Custom::CDKBucketDeployment8675309/ServiceRole/Resource] AwsSolutions-IAM4: The IAM user, role, or group uses AWS managed policies

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.aws_s3 import Bucket
from aws_cdk.aws_s3_deployment import BucketDeployment
from aws_cdk import Stack, StackProps
from constructs import Construct
from cdk_nag import NagSuppressions


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        BucketDeployment(self, "rDeployment",
            sources=[],
            destination_bucket=Bucket.from_bucket_name(self, "rBucket", "foo")
        )
        NagSuppressions.add_resource_suppressions_by_path(self, "/StackName/Custom::CDKBucketDeployment8675309/ServiceRole/Resource", [id="AwsSolutions-IAM4", reason="at least 10 characters"])

Example 6) Granular Suppressions of findings

Certain rules support granular suppressions of findings. If you received the following errors on synth/deploy

[Error at /StackName/rFirstUser/DefaultPolicy/Resource] AwsSolutions-IAM5[Action::s3:*]: The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
[Error at /StackName/rFirstUser/DefaultPolicy/Resource] AwsSolutions-IAM5[Resource::*]: The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
[Error at /StackName/rSecondUser/DefaultPolicy/Resource] AwsSolutions-IAM5[Action::s3:*]: The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
[Error at /StackName/rSecondUser/DefaultPolicy/Resource] AwsSolutions-IAM5[Resource::*]: The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.

By applying the following suppressions

# Example automatically generated from non-compiling source. May contain errors.
from cdk_nag import NagPackSuppression, NagPackSuppression, NagPackSuppression, RegexAppliesTo
from aws_cdk.aws_iam import User
from aws_cdk import Stack, StackProps
from constructs import Construct
from cdk_nag import NagSuppressions


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        first_user = User(self, "rFirstUser")
        first_user.add_to_policy(
            PolicyStatement(
                actions=["s3:*"],
                resources=["*"]
            ))
        second_user = User(self, "rSecondUser")
        second_user.add_to_policy(
            PolicyStatement(
                actions=["s3:*"],
                resources=["*"]
            ))
        third_user = User(self, "rSecondUser")
        third_user.add_to_policy(
            PolicyStatement(
                actions=["sqs:CreateQueue"],
                resources=[f"arn:aws:sqs:{this.region}:{this.account}:*"]
            ))
        NagSuppressions.add_resource_suppressions(first_user, [NagPackSuppression(
            id="AwsSolutions-IAM5",
            reason="Only suppress AwsSolutions-IAM5 's3:*' finding on First User.",
            applies_to=["Action::s3:*"]
        )
        ], True)
        NagSuppressions.add_resource_suppressions(second_user, [NagPackSuppression(
            id="AwsSolutions-IAM5",
            reason="Suppress all AwsSolutions-IAM5 findings on Second User."
        )
        ], True)
        NagSuppressions.add_resource_suppressions(third_user, [NagPackSuppression(
            id="AwsSolutions-IAM5",
            reason="Suppress AwsSolutions-IAM5 on the SQS resource.",
            applies_to=[RegexAppliesTo(
                regex="/^Resource::arn:aws:sqs:(.*):\\*$/g"
            )
            ]
        )
        ], True)

You would see the following error on synth/deploy

[Error at /StackName/rFirstUser/DefaultPolicy/Resource] AwsSolutions-IAM5[Resource::*]: The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.

Suppressing Rule Validation Failures

When a rule validation fails it is handled similarly to a rule violation, and can be suppressed in the same manner. The ID for a rule failure is CdkNagValidationFailure.

If a rule is suppressed in a non-granular manner (i.e. appliesTo is not set, see example 1 above) then validation failures on that rule are also suppressed.

Validation failure suppression respects any applied Suppression Ignore Conditions

Example 1) Suppress all Validation Failures on a Resource

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.aws_ec2 import SecurityGroup, Vpc, Peer, Port
from aws_cdk import Stack, StackProps
from constructs import Construct
from cdk_nag import NagSuppressions


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        test = SecurityGroup(self, "test",
            vpc=Vpc(self, "vpc")
        )
        test.add_ingress_rule(Peer.any_ipv4(), Port.all_traffic())
        NagSuppressions.add_resource_suppressions(test, [id="CdkNagValidationFailure", reason="lorem ipsum"
        ])

Example 2) Granular Suppression of Validation Failures

Validation failures can be suppressed for individual rules by using `appliesTo` to list the desired rules

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.aws_ec2 import SecurityGroup, Vpc, Peer, Port
from aws_cdk import Stack, StackProps
from constructs import Construct
from cdk_nag import NagSuppressions


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        test = SecurityGroup(self, "test",
            vpc=Vpc(self, "vpc")
        )
        test.add_ingress_rule(Peer.any_ipv4(), Port.all_traffic())
        NagSuppressions.add_resource_suppressions(test, [
            id="CdkNagValidationFailure",
            reason="lorem ipsum",
            applies_to=["AwsSolutions-L1"]

        ])

Suppressing aws-cdk-lib/pipelines Violations

The aws-cdk-lib/pipelines.CodePipeline construct and its child constructs are not guaranteed to be "Visited" by Aspects, as they are not added during the "Construction" phase of the cdk lifecycle. Because of this behavior, you may experience problems such as rule violations not appearing or the inability to suppress violations on these constructs.

You can remediate these rule violation and suppression problems by forcing the pipeline construct creation forward by calling .buildPipeline() on your CodePipeline object. Otherwise you may see errors such as:

Error: Suppression path "/this/construct/path" did not match any resource. This can occur when a resource does not exist or if a suppression is applied before a resource is created.

See this issue for more information.

Example) Suppressing Violations in Pipelines

example-app.ts

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects
from cdk_nag import AwsSolutionsChecks
from ...lib.example_pipeline import ExamplePipeline


app = App()
ExamplePipeline(app, "example-cdk-pipeline")
Aspects.of(app).add(AwsSolutionsChecks(verbose=True))
app.synth()

example-pipeline.ts

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import Stack, StackProps
from aws_cdk.aws_codecommit import Repository
from aws_cdk.pipelines import CodePipeline, CodePipelineSource, ShellStep
from cdk_nag import NagSuppressions
from constructs import Construct


class ExamplePipeline(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)

        example_synth = ShellStep("ExampleSynth",
            commands=["yarn build --frozen-lockfile"],
            input=CodePipelineSource.code_commit(
                Repository(self, "ExampleRepo", repository_name="ExampleRepo"), "main")
        )

        ExamplePipeline = CodePipeline(self, "ExamplePipeline",
            synth=example_synth
        )

        # Force the pipeline construct creation forward before applying suppressions.
        # @See https://github.com/aws/aws-cdk/issues/18440
        ExamplePipeline.build_pipeline()

        # The path suppression will error if you comment out "ExamplePipeline.buildPipeline();""
        NagSuppressions.add_resource_suppressions_by_path(self, "/example-cdk-pipeline/ExamplePipeline/Pipeline/ArtifactsBucket/Resource", [
            id="AwsSolutions-S1",
            reason="Because I said so"

        ])

Rules and Property Overrides

In some cases L2 Constructs do not have a native option to remediate an issue and must be fixed via Raw Overrides. Since raw overrides take place after template synthesis these fixes are not caught by cdk-nag. In this case you should remediate the issue and suppress the issue like in the following example.

Example) Property Overrides

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.aws_ec2 import Instance, InstanceType, InstanceClass, MachineImage, Vpc, CfnInstance
from aws_cdk import Stack, StackProps
from constructs import Construct
from cdk_nag import NagSuppressions


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        instance = Instance(self, "rInstance",
            vpc=Vpc(self, "rVpc"),
            instance_type=InstanceType(InstanceClass.T3),
            machine_image=MachineImage.latest_amazon_linux()
        )
        cfn_ins = instance.node.default_child
        cfn_ins.add_property_override("DisableApiTermination", True)
        NagSuppressions.add_resource_suppressions(instance, [
            id="AwsSolutions-EC29",
            reason="Remediated through property override."

        ])

Conditionally Ignoring Suppressions

You can optionally create a condition that prevents certain rules from being suppressed. You can create conditions for any variety of reasons. Examples include a condition that always ignores a suppression, a condition that ignores a suppression based on the date, a condition that ignores a suppression based on the reason. You can read the developer docs for more information on creating your own conditions.

Example) Using the pre-built `SuppressionIgnoreErrors` class to ignore suppressions on any `Error` level rules.

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects
from ...lib.cdk_test_stack import CdkTestStack
from cdk_nag import AwsSolutionsChecks, SuppressionIgnoreErrors


app = App()
CdkTestStack(app, "CdkNagDemo")
# Ignore Suppressions on any errors
Aspects.of(app).add(
    AwsSolutionsChecks(
        suppression_ignore_condition=SuppressionIgnoreErrors()
    ))

Customizing Logging

NagLoggers give NagPack authors and users the ability to create their own custom reporting mechanisms. All pre-built NagPackscome with the AnnotationsLoggerand the NagReportLogger (with CSV reports) enabled by default.

See the NagLogger developer docs for more information.

Example) Adding the `ExtremelyHelpfulConsoleLogger` example from the NagLogger docs

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects
from ...lib.cdk_test_stack import CdkTestStack
from ..docs.NagLogger import ExtremelyHelpfulConsoleLogger
from cdk_nag import AwsSolutionsChecks


app = App()
CdkTestStack(app, "CdkNagDemo")
Aspects.of(app).add(
    AwsSolutionsChecks(
        additional_loggers=[ExtremelyHelpfulConsoleLogger()]
    ))

Using on CloudFormation templates

You can use cdk-nag on existing CloudFormation templates by using the cloudformation-include module.

Example 1) CloudFormation template with suppression

Sample CloudFormation template with suppression

{
  "Resources": {
    "rBucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketName": "some-bucket-name"
      },
      "Metadata": {
        "cdk_nag": {
          "rules_to_suppress": [
            {
              "id": "AwsSolutions-S1",
              "reason": "at least 10 characters"
            }
          ]
        }
      }
    }
  }
}

Sample App

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects
from ...lib.cdk_test_stack import CdkTestStack
from cdk_nag import AwsSolutionsChecks


app = App()
CdkTestStack(app, "CdkNagDemo")
Aspects.of(app).add(AwsSolutionsChecks())

Sample Stack with imported template

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.cloudformation_include import CfnInclude
from cdk_nag import NagSuppressions
from aws_cdk import Stack, StackProps
from constructs import Construct


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        CfnInclude(self, "Template",
            template_file="my-template.json"
        )
        # Add any additional suppressions
        NagSuppressions.add_resource_suppressions_by_path(self, "/CdkNagDemo/Template/rBucket", [
            id="AwsSolutions-S2",
            reason="at least 10 characters"

        ])

Example 2) CloudFormation template with granular suppressions

Sample CloudFormation template with suppression

{
  "Resources": {
    "myPolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": ["some-key-arn"]
            }
          ],
          "Version": "2012-10-17"
        }
      },
      "Metadata": {
        "cdk_nag": {
          "rules_to_suppress": [
            {
              "id": "AwsSolutions-IAM5",
              "reason": "Allow key data access",
              "applies_to": [
                "Action::kms:ReEncrypt*",
                "Action::kms:GenerateDataKey*"
              ]
            }
          ]
        }
      }
    }
  }
}

Sample App

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk import App, Aspects
from ...lib.cdk_test_stack import CdkTestStack
from cdk_nag import AwsSolutionsChecks


app = App()
CdkTestStack(app, "CdkNagDemo")
Aspects.of(app).add(AwsSolutionsChecks())

Sample Stack with imported template

# Example automatically generated from non-compiling source. May contain errors.
from aws_cdk.cloudformation_include import CfnInclude
from cdk_nag import NagSuppressions
from aws_cdk import Stack, StackProps
from constructs import Construct


class CdkTestStack(Stack):
    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
        CfnInclude(self, "Template",
            template_file="my-template.json"
        )
        # Add any additional suppressions
        NagSuppressions.add_resource_suppressions_by_path(self, "/CdkNagDemo/Template/myPolicy", [
            id="AwsSolutions-IAM5",
            reason="Allow key data access",
            applies_to=["Action::kms:ReEncrypt*", "Action::kms:GenerateDataKey*"]

        ])

Contributing

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.