From cf3c27a7f821dd60451f357f62345d870cf00af4 Mon Sep 17 00:00:00 2001
From: Daisy Riley <rileydai@amazon.co.uk>
Date: Wed, 24 Jan 2024 08:59:42 +0000
Subject: [PATCH] fix: do not suppress Kendra default policy unless createIndex
 is chosen

---
 lib/aws-genai-llm-chatbot-stack.ts | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/lib/aws-genai-llm-chatbot-stack.ts b/lib/aws-genai-llm-chatbot-stack.ts
index 9c5e566c6..ad0f679b4 100644
--- a/lib/aws-genai-llm-chatbot-stack.ts
+++ b/lib/aws-genai-llm-chatbot-stack.ts
@@ -384,19 +384,21 @@ export class AwsGenAILLMChatbotStack extends cdk.Stack {
             },
           ]
         );
-        NagSuppressions.addResourceSuppressionsByPath(
-          this,
-          [
-            `/${this.stackName}/RagEngines/KendraRetrieval/KendraRole/DefaultPolicy/Resource`,
-          ],
-          [
-            {
-              id: "AwsSolutions-IAM5",
-              reason:
-                "Access to all log groups required for CloudWatch log group creation.",
-            },
-          ]
-        );
+        if (props.config.rag.engines.kendra.createIndex) {
+          NagSuppressions.addResourceSuppressionsByPath(
+            this,
+            [
+              `/${this.stackName}/RagEngines/KendraRetrieval/KendraRole/DefaultPolicy/Resource`,
+            ],
+            [
+              {
+                id: "AwsSolutions-IAM5",
+                reason:
+                  "Access to all log groups required for CloudWatch log group creation.",
+              },
+            ]
+          );
+        }
       }
     }
     // Implicitly created resources with changing paths