feat(kinesis): stream encryption with the Kinesis master key

[shivlaks]

The ability to create a Kinesis Stream with encryption is not currently possible in the L2 construct without a user managed key. However the keyId property can be used in the L1 to specify this mode of operation.

Commit Message

feat(kinesis): stream encryption with the Kinesis master key

Adds a StreamEncryption option to specify that encryption should be enabled on a Stream with the master key managed by Kinesis.

Closes #751

End Commit Message

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 90e288d
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 38c88e4
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 93f3a3a
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[skinny85]

I know this is not exactly the purpose of this PR, but this is my pet peeve 🙂.

Right now, if you leave encryptionType undefined, but pass the KMS Key, you will get an error encryptionKey is specified, so 'encryption' must be set to KMS. I find this error message infuriating ("Why are you telling me to set it, if you already know what it's supposed to be??"), and below the customer experience bar we hold for the CDK. It was the same situation in S3, and we fixed it in #2714 . I would love to get it fixed here as well (doesn't necessarily have to be this PR 🙂).

[shivlaks]

I know this is not exactly the purpose of this PR, but this is my pet peeve 🙂.

Right now, if you leave encryptionType undefined, but pass the KMS Key, you will get an error encryptionKey is specified, so 'encryption' must be set to KMS. I find this error message infuriating ("Why are you telling me to set it, if you already know what it's supposed to be??"), and below the customer experience bar we hold for the CDK. It was the same situation in S3, and we fixed it in #2714 . I would love to get it fixed here as well (doesn't necessarily have to be this PR 🙂).

great point.. that’s a far more intuitive user experience. Will work into this PR

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: ac1b730
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[skinny85]

👍

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 831ceb0
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 7a26b7c
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository