feat(events): support customer managed key for event bus #30493
Conversation
github-actions
bot
added
the
admired-contributor
aws-cdk-automation
added
the
pr/needs-community-review
| new events.EventBus(this, 'Bus', { | ||
| kmsKey, | ||
| }); | ||
| ``` |
There was a problem hiding this comment.
Might be useful to add an extra note about archives and schema discovery not working with CMK (docs).
There was a problem hiding this comment.
Thanks.
I added the note.
| // THEN | ||
| Template.fromStack(stack).hasResourceProperties('AWS::Events::EventBus', { | ||
| KmsKeyIdentifier: stack.resolve(key.keyArn), | ||
| }); |
There was a problem hiding this comment.
Can you please also add an assertion on the key policy?
Template.fromStack(stack).hasResourceProperties('AWS::KMS::Key', {
KeyPolicy: {
'Statement': [ ... ]
}
})There was a problem hiding this comment.
Thanks.
I added an assertion for the key policy.
aws-cdk-automation
removed
the
pr/needs-community-review
|
@lpizzinidev |
aws-cdk-automation
added
the
pr/needs-maintainer-review
Co-authored-by: Luca Pizzini <[email protected]>
aws-cdk-automation
removed
the
pr/needs-maintainer-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
@Mergifyio update |
❌ Mergify doesn't have permission to updateFor security reasons, Mergify can't update this pull request. Try updating locally. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
aws-cdk-automation
added
the
pr/needs-maintainer-review
|
@GavinZZ I merged main because the following error appeared: |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
aws-cdk-automation
removed
the
pr/needs-maintainer-review
### Issue # (if applicable) N/A ### Reason for this change Amazon EventBridge supports Customer Managed Key for Event Bus since 2024/5. But current L2 Construct does not support CMK. For more information, see [Amazon EventBridge now supports Customer Managed Keys (CMK) for Event Buses](https://aws.amazon.com/about-aws/whats-new/2024/05/amazon-eventbridge-cmk-event-buses/?nc1=h_ls). ### Description of changes Add `kmsKey` property to the `EventBus` class ### Description of how you validated changes Add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. |
1 similar comment
|
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. |
Issue # (if applicable)
N/A
Reason for this change
Amazon EventBridge supports Customer Managed Key for Event Bus since 2024/5.
But current L2 Construct does not support CMK.
For more information, see Amazon EventBridge now supports Customer Managed Keys (CMK) for Event Buses.
Description of changes
Add
kmsKeyproperty to theEventBusclassDescription of how you validated changes
Add unit tests and integ tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license