update checkov exceptions

cyphronix · cyphronix · commit af4a1ffffd9b · 2026-03-10T13:55:46.000-06:00
diff --git a/aws_sra_examples/solutions/genai/bedrock_guardrails/templates/sra-bedrock-guardrails-main.yaml b/aws_sra_examples/solutions/genai/bedrock_guardrails/templates/sra-bedrock-guardrails-main.yaml
@@ -277,6 +277,13 @@ Parameters:
 
 Resources:
   rBedrockGuardrailsLambdaRole:
+    Metadata:
+      checkov:
+        skip: 
+          - id: CKV_AWS_107
+            comment: "No credentials are exposed to the Lambda function."
+          - id: CKV_AWS_111
+            comment: "IAM write actions require wildcard in resource."
     Type: AWS::IAM::Role
     Properties:
       RoleName: !Ref pBedrockGuardrailLambdaRoleName
@@ -471,4 +478,4 @@ Resources:
 Outputs:
   BedrockGuardrailsLambdaFunctionArn:
     Description: ARN of the Lambda function
-    Value: !GetAtt rBedrockGuardrailsLambdaFunction.Arn
+    Value: !GetAtt rBedrockGuardrailsLambdaFunction.Arn
diff --git a/aws_sra_examples/solutions/genai/bedrock_org/templates/sra-bedrock-org-main.yaml b/aws_sra_examples/solutions/genai/bedrock_org/templates/sra-bedrock-org-main.yaml
@@ -464,6 +464,13 @@ Metadata:
 
 Resources:
   rBedrockOrgLambdaRole:
+    Metadata:
+      checkov:
+        skip: 
+          - id: CKV_AWS_107
+            comment: "No credentials are exposed to the Lambda function."
+          - id: CKV_AWS_111
+            comment: "IAM write actions require wildcard in resource."
     Type: AWS::IAM::Role
     Properties:
       RoleName: !Ref pBedrockOrgLambdaRoleName
@@ -768,4 +775,4 @@ Resources:
 Outputs:
   BedrockOrgLambdaFunctionArn:
     Description: ARN of the Lambda function
-    Value: !GetAtt rBedrockOrgLambdaFunction.Arn
+    Value: !GetAtt rBedrockOrgLambdaFunction.Arn
