diff --git a/src/python/detectors/aws_insecure_transmission_cdk/aws_insecure_transmission_cdk_compliant.py b/src/python/detectors/aws_insecure_transmission_cdk/aws_insecure_transmission_cdk_compliant.py
new file mode 100644
index 0000000..bfefadc
--- /dev/null
+++ b/src/python/detectors/aws_insecure_transmission_cdk/aws_insecure_transmission_cdk_compliant.py
@@ -0,0 +1,14 @@
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+
+# {fact rule=aws-insecure-transmission-cdk@v1.0 defects=0}
+import aws_cdk as cdk
+from aws_cdk import aws_s3 as s3
+
+
+class BucketEnforceSSL(cdk.Stack):
+
+    def aws_insecure_transmission_cdk_compliant(self):
+        # Compliant: SSL configuration present
+        bucket = s3.Bucket(self, "s3-bucket", enforce_ssl=True)
+# {/fact}
diff --git a/src/python/detectors/aws_insecure_transmission_cdk/aws_insecure_transmission_cdk_noncompliant.py b/src/python/detectors/aws_insecure_transmission_cdk/aws_insecure_transmission_cdk_noncompliant.py
new file mode 100644
index 0000000..d43a2f1
--- /dev/null
+++ b/src/python/detectors/aws_insecure_transmission_cdk/aws_insecure_transmission_cdk_noncompliant.py
@@ -0,0 +1,14 @@
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+
+# {fact rule=aws-insecure-transmission-cdk@v1.0 defects=1}
+import aws_cdk as cdk
+from aws_cdk import aws_s3 as s3
+
+
+class BucketEnforceSSL(cdk.Stack):
+
+    def aws_insecure_transmission_cdk_noncompliant(self):
+        # Noncompliant: SSL configuration missing
+        bucket = s3.Bucket(self, "s3-bucket-bad")
+# {/fact}
diff --git a/src/python/detectors/use_of_default_credentials_cdk/use_of_default_credentials_cdk_compliant.py b/src/python/detectors/use_of_default_credentials_cdk/use_of_default_credentials_cdk_compliant.py
new file mode 100644
index 0000000..955970e
--- /dev/null
+++ b/src/python/detectors/use_of_default_credentials_cdk/use_of_default_credentials_cdk_compliant.py
@@ -0,0 +1,19 @@
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+
+# {fact rule=use-of-default-credentials-cdk@v1.0 defects=0}
+from aws_cdk import aws_redshift as redshift
+import aws_cdk as cdk
+
+
+class CdkStarterStack(cdk.Stack):
+
+    def redshift_default_username_compliant(self):
+        # Compliant: Custom username used
+        cfn_cluster = redshift.CfnCluster(self, "MyCfnCluster",
+                                          master_username='masteruser',
+                                          master_user_password='secret',
+                                          cluster_type='single-node',
+                                          db_name='bar',
+                                          node_type='ds2.xlarge')
+# {/fact}
diff --git a/src/python/detectors/use_of_default_credentials_cdk/use_of_default_credentials_cdk_noncompliant.py b/src/python/detectors/use_of_default_credentials_cdk/use_of_default_credentials_cdk_noncompliant.py
new file mode 100644
index 0000000..3377c6c
--- /dev/null
+++ b/src/python/detectors/use_of_default_credentials_cdk/use_of_default_credentials_cdk_noncompliant.py
@@ -0,0 +1,19 @@
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+
+# {fact rule=use-of-default-credentials-cdk@v1.0 defects=1}
+from aws_cdk import aws_redshift as redshift
+import aws_cdk as cdk
+
+
+class CdkStarterStack(cdk.Stack):
+
+    def redshift_default_username_noncompliant(self):
+        # Noncompliant: Default master username used
+        cfn_cluster = redshift.CfnCluster(self, "MyCfnCluster",
+                                          master_username='awsuser',
+                                          master_user_password='secret',
+                                          cluster_type='single-node',
+                                          db_name='bar',
+                                          node_type='ds2.xlarge')
+# {/fact}