From 304f220feaf1adc1bc41ca5d607d4acf61159158 Mon Sep 17 00:00:00 2001 From: Kody Stribrny Date: Tue, 4 Apr 2023 12:01:18 -0700 Subject: [PATCH] Add default S3 Managed encryption Adds default S3 managed encryption (using AES256) to the kensis json and CDK files. Corrects cdk command in user guide. --- .../kinesis_pattern/kinesis_pattern_stack.py | 2 +- cloud_templates/demo/demo_templates/kinesis_pattern.json | 9 +++++++++ cloud_templates/user_guides/kinesis_guide.md | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/cloud_templates/aws_cdk/KinesisPattern/kinesis_pattern/kinesis_pattern_stack.py b/cloud_templates/aws_cdk/KinesisPattern/kinesis_pattern/kinesis_pattern_stack.py index ac543fa..e913344 100644 --- a/cloud_templates/aws_cdk/KinesisPattern/kinesis_pattern/kinesis_pattern_stack.py +++ b/cloud_templates/aws_cdk/KinesisPattern/kinesis_pattern/kinesis_pattern_stack.py @@ -50,7 +50,7 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: self.performInputValidation() # Create a bucket for as delivery stream's destination - bucket = s3.Bucket(self, self.kinesis_destination_bucket_name, versioned=True, removal_policy=cdk.RemovalPolicy.DESTROY, auto_delete_objects=True) + bucket = s3.Bucket(self, self.kinesis_destination_bucket_name, versioned=True, removal_policy=cdk.RemovalPolicy.DESTROY, auto_delete_objects=True, encryption=s3.BucketEncryption.S3_MANAGED) # Creating a role for the delivery stream firehose_role = iam.Role(self, self.kinesis_delivery_stream_role_name, assumed_by=iam.ServicePrincipal("firehose.amazonaws.com")) diff --git a/cloud_templates/demo/demo_templates/kinesis_pattern.json b/cloud_templates/demo/demo_templates/kinesis_pattern.json index 7db5187..f2f4048 100644 --- a/cloud_templates/demo/demo_templates/kinesis_pattern.json +++ b/cloud_templates/demo/demo_templates/kinesis_pattern.json @@ -11,6 +11,15 @@ ], "VersioningConfiguration": { "Status": "Enabled" + }, + "BucketEncryption" : { + "ServerSideEncryptionConfiguration" : [ + { + "ServerSideEncryptionByDefault" : { + "SSEAlgorithm" : "AES256" + } + } + ] } }, "UpdateReplacePolicy": "Delete", diff --git a/cloud_templates/user_guides/kinesis_guide.md b/cloud_templates/user_guides/kinesis_guide.md index 02a5172..bc3d94f 100644 --- a/cloud_templates/user_guides/kinesis_guide.md +++ b/cloud_templates/user_guides/kinesis_guide.md @@ -62,7 +62,7 @@ If you are interested in using the CloudFormation templates more than just for d 2. Run `python -m pip install -r requirements.txt` and `python -m pip install -r requirements.txt` to install the dependencies. 3. Go through the `README.md` file to learn about the context parameters that need to be set by you prior to deployment. 4. Set the context parameter values either by changing `cdk.json` file or by using the command line. - 1. To create a command line context variable, use the **`—-context (-c) option`**, as shown in the following example: `$ cdk cdk synth -c bucket_name=mybucket` + 1. To create a command line context variable, use the **`—-context (-c) option`**, as shown in the following example: `$ cdk synth -c bucket_name=mybucket` 2. To specify the same context variable and value in the `cdk.json` file, use the following code.` {"context": { "bucket_name": "mybucket"}` 5. Run `cdk synth` to emit the synthesized CloudFormation template.