Make EncryptionKeyAlias implement EncryptionKeyRef #52
Assignees
Labels
@aws-cdk/aws-kms
Related to AWS Key Management
feature-request
A feature should be added or improved.
Comments
|
Complication: in policies, the ACTUAL key's ARN should be used. |
srchase
added
feature-request
skinny85
added a commit
that referenced
this issue
Sep 11, 2019
This changes the scaffolding stack logic for the cross-region CodePipelines to include a KMS key and alias as part of it, which are required if an action is simultaneously cross-region and cross-account. We also change to use the KMS key ID instead of the key ARN when rendering the ArtifactStores property. We also add an alias to the default pipeline artifact bucket. This required a bunch of changes to the KMS and S3 modules: * Alias now implements IKey * Added the keyId property to IKey * Added removalPolicy property to Alias * Granting permissions to a key works if the principal belongs to a stack that is a dependent of the key stack * Allow specifying a key when importing a bucket Fixes #52 Concerns #1584 Fixes #2517 Fixes #2569 Concerns #3275 Fixes #3138 Fixes #3388
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We want to refer to keys by alias, so that we can rotate the key.
However, we need to be able to get an ARN from the alias, and we need to be able to add policies to the original key.
The text was updated successfully, but these errors were encountered: