From 7307cdec6e8c407d3922071808c55f24950a9fde Mon Sep 17 00:00:00 2001
From: Anne Stein <anne.stein@superluminar.io>
Date: Wed, 16 Jul 2025 17:23:53 +0200
Subject: [PATCH] notes on suppressed security hub findings can be added now

---
 .../lib/security-hub-automation-rules-stack.ts        | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/blueprints/foundational/customizations/lib/security-hub-automation-rules-stack.ts b/blueprints/foundational/customizations/lib/security-hub-automation-rules-stack.ts
index 47d2ce6..cd49d6d 100644
--- a/blueprints/foundational/customizations/lib/security-hub-automation-rules-stack.ts
+++ b/blueprints/foundational/customizations/lib/security-hub-automation-rules-stack.ts
@@ -2,6 +2,7 @@ import { Stack, StackProps, aws_securityhub as securityhub } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import { CfnAutomationRule } from 'aws-cdk-lib/aws-securityhub';
 import AutomationRulesFindingFiltersProperty = CfnAutomationRule.AutomationRulesFindingFiltersProperty;
+import { Groups } from '../../config';
 
 /**
  * Configures AWS Security Hub automation rules in the delegated admin account
@@ -54,12 +55,10 @@ export class SecurityHubAutomationRulesStack extends Stack {
             workflow: {
               status: 'SUPPRESSED',
             },
-            // This is not working due to https://github.com/aws/aws-cdk/issues/26749
-            // The workaround described in the issue cannot be used because the LZA validation of the CloudFormation template fails
-            // note: {
-            //   updatedBy: AdministratorTeamName,
-            //   text: description,
-            // },
+            note: {
+              updatedBy: Groups.awsAdministrator,
+              text: description,
+            },
           },
           type: 'FINDING_FIELDS_UPDATE',
         },