Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-cdk-lib.aws_s3_deployment.BucketDeployment: Unable to configure Custom Resource Environment Variables Encryption #26959

Open
2 tasks
trailfox opened this issue Aug 31, 2023 · 1 comment
Open
2 tasks

aws-cdk-lib.aws_s3_deployment.BucketDeployment: Unable to configure Custom Resource Environment Variables Encryption #26959

trailfox opened this issue Aug 31, 2023 · 1 comment
Labels
aws-cdk-lib Related to the aws-cdk-lib package effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@trailfox
Copy link

Describe the feature

We are required by our enterprise to enable Encryption at Rest for Lambda Environment Variables using Customer Master Keys.

We are unable to find any capability on the BucketDeployment construct (version 2.93.0) to be able to configure the Customer Resource (Lambda) that is provisioned. The construct has the capability to configure the S3 bucket encryption but not the custom resource.

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment.BucketDeployment.html

The workarounds that we understand are possible currently are:

  • manually configured via the Console
  • via a CLI to update the Lambda after our cdk automation runs
  • use the low level cdk constructs to find the lambda function and set it

All the above workarounds are not ideal and we would much prefer that BucketDeployment provided this capability.

Have we missed something and there is a way to do this via BucketDeployment? Or is this a feature request and if so please add this feature request to your backlog?

Use Case

I am required by my enterprise standards to enable Encryption at Rest for Lambda Environment Variables using Customer Master Keys, including the Custom Resource (Lambda) that is provisioned by the BucketDeployment construct.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.93.0

Environment details (OS name and version, etc.)

aws-cdk-lib aws_codebuild LinuxBuildImage.STANDARD_6_0
@trailfox trailfox added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Aug 31, 2023
@github-actions github-actions bot added the aws-cdk-lib Related to the aws-cdk-lib package label Aug 31, 2023
@peterwoodworth peterwoodworth added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Aug 31, 2023
@peterwoodworth
Copy link
Contributor

Would be a feature request, the function is created here https://github.com/cdklabs/team-internal/blob/main/github/construct-squad/issue-triage-process.md#process. Thanks for the request

@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aws-cdk-lib Related to the aws-cdk-lib package effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trailfox @peterwoodworth