If you discover a security vulnerability in this project, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please use GitHub's private vulnerability reporting to report the issue.

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Suggested fix (if any)

• We will acknowledge receipt within 48 hours.
• We will provide an initial assessment within 7 days.
• We aim to release a fix within 30 days of confirmation, depending on severity.

When using this construct library:

• Keep your dependencies up to date
• Use the latest version of aws-cdk-lib
• Follow the AWS CDK security best practices
• Review IAM permissions generated by the constructs
• Enable WAF when exposing APIs publicly (use withWaf() or withWafAndCertificate())