fix(aws-sns): enable topic encryption with cross account keys (#10056)

fixes: #10055 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Sep 2, 2020 · 327b72a · 327b72a
1 parent 088abec
commit 327b72a
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 5 deletions.
diff --git a/packages/@aws-cdk/aws-autoscaling-hooktargets/test/hooks.test.ts b/packages/@aws-cdk/aws-autoscaling-hooktargets/test/hooks.test.ts
@@ -98,7 +98,10 @@ describe('given an AutoScalingGroup', () => {
     // THEN
     expect(stack).toHaveResourceLike('AWS::SNS::Topic', {
       KmsMasterKeyId: {
-        Ref: 'keyFEDD6EC0',
+        'Fn::GetAtt': [
+          'keyFEDD6EC0',
+          'Arn',
+        ],
       },
     });
     expect(stack).toHaveResourceLike('AWS::IAM::Policy', {

diff --git a/packages/@aws-cdk/aws-ecs/test/test.ecs-cluster.ts b/packages/@aws-cdk/aws-ecs/test/test.ecs-cluster.ts
@@ -526,7 +526,10 @@ export = {
       // THEN
       expect(stack).to(haveResourceLike('AWS::SNS::Topic', {
         KmsMasterKeyId: {
-          Ref: 'Key961B73FD',
+          'Fn::GetAtt': [
+            'Key961B73FD',
+            'Arn',
+          ],
         },
       }));
 

diff --git a/packages/@aws-cdk/aws-sns/lib/topic.ts b/packages/@aws-cdk/aws-sns/lib/topic.ts
@@ -68,7 +68,7 @@ export class Topic extends TopicBase {
     const resource = new CfnTopic(this, 'Resource', {
       displayName: props.displayName,
       topicName: this.physicalName,
-      kmsMasterKeyId: props.masterKey && props.masterKey.keyId,
+      kmsMasterKeyId: props.masterKey && props.masterKey.keyArn,
     });
 
     this.topicArn = this.getResourceArnAttribute(resource.ref, {

diff --git a/packages/@aws-cdk/aws-sns/test/integ.sns.expected.json b/packages/@aws-cdk/aws-sns/test/integ.sns.expected.json
@@ -56,7 +56,10 @@
       "Properties": {
         "DisplayName": "fooDisplayName",
         "KmsMasterKeyId": {
-          "Ref": "CustomKey1E6D0D07"
+          "Fn::GetAtt": [
+            "CustomKey1E6D0D07",
+            "Arn"
+          ]
         },
         "TopicName": "fooTopic"
       }

diff --git a/packages/@aws-cdk/aws-sns/test/test.sns.ts b/packages/@aws-cdk/aws-sns/test/test.sns.ts
@@ -75,7 +75,7 @@ export = {
       });
 
       expect(stack).to(haveResource('AWS::SNS::Topic', {
-        'KmsMasterKeyId': { 'Ref': 'CustomKey1E6D0D07' },
+        'KmsMasterKeyId': { 'Fn::GetAtt': ['CustomKey1E6D0D07', 'Arn'] },
       }));
 
       test.done();