From bdf30c696b04b26a8e41548839d5c4cf61d471cc Mon Sep 17 00:00:00 2001
From: Kyle Roach <kroach.work@gmail.com>
Date: Mon, 25 Oct 2021 19:06:25 +0000
Subject: [PATCH] fix(redshift): cluster uses key ARN instead of key ID
 (#17108)

Field was incorrectly using key arn instead of id.

Fixes #17032


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/@aws-cdk/aws-redshift/lib/cluster.ts |  2 +-
 .../aws-redshift/test/cluster.test.ts         |  5 +--
 .../test/integ.database.expected.json         | 38 +++++++++++++++++++
 .../aws-redshift/test/integ.database.ts       |  2 +
 4 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/packages/@aws-cdk/aws-redshift/lib/cluster.ts b/packages/@aws-cdk/aws-redshift/lib/cluster.ts
index a94bfa31b7fb5..a43b6f6993c72 100644
--- a/packages/@aws-cdk/aws-redshift/lib/cluster.ts
+++ b/packages/@aws-cdk/aws-redshift/lib/cluster.ts
@@ -483,7 +483,7 @@ export class Cluster extends ClusterBase {
       dbName: props.defaultDatabaseName || 'default_db',
       publiclyAccessible: props.publiclyAccessible || false,
       // Encryption
-      kmsKeyId: props.encryptionKey && props.encryptionKey.keyArn,
+      kmsKeyId: props.encryptionKey?.keyId,
       encrypted: props.encrypted ?? true,
     });
 
diff --git a/packages/@aws-cdk/aws-redshift/test/cluster.test.ts b/packages/@aws-cdk/aws-redshift/test/cluster.test.ts
index a1091815a30c1..d771e8e66b0de 100644
--- a/packages/@aws-cdk/aws-redshift/test/cluster.test.ts
+++ b/packages/@aws-cdk/aws-redshift/test/cluster.test.ts
@@ -249,10 +249,7 @@ test('create an encrypted cluster with custom KMS key', () => {
   // THEN
   Template.fromStack(stack).hasResourceProperties('AWS::Redshift::Cluster', {
     KmsKeyId: {
-      'Fn::GetAtt': [
-        'Key961B73FD',
-        'Arn',
-      ],
+      Ref: 'Key961B73FD',
     },
   });
 });
diff --git a/packages/@aws-cdk/aws-redshift/test/integ.database.expected.json b/packages/@aws-cdk/aws-redshift/test/integ.database.expected.json
index 16d60bb08c0d0..4cfb1faea5118 100644
--- a/packages/@aws-cdk/aws-redshift/test/integ.database.expected.json
+++ b/packages/@aws-cdk/aws-redshift/test/integ.database.expected.json
@@ -580,6 +580,41 @@
       "UpdateReplacePolicy": "Delete",
       "DeletionPolicy": "Delete"
     },
+    "customkmskey377C6F9A": {
+      "Type": "AWS::KMS::Key",
+      "Properties": {
+        "KeyPolicy": {
+          "Statement": [
+            {
+              "Action": "kms:*",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:",
+                      {
+                        "Ref": "AWS::Partition"
+                      },
+                      ":iam::",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":root"
+                    ]
+                  ]
+                }
+              },
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      },
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete"
+    },
     "ClusterSubnetsDCFA5CB7": {
       "Type": "AWS::Redshift::ClusterSubnetGroup",
       "Properties": {
@@ -680,6 +715,9 @@
           "Ref": "ClusterSubnetsDCFA5CB7"
         },
         "Encrypted": true,
+        "KmsKeyId": {
+          "Ref": "customkmskey377C6F9A"
+        },
         "NumberOfNodes": 2,
         "PubliclyAccessible": true,
         "VpcSecurityGroupIds": [
diff --git a/packages/@aws-cdk/aws-redshift/test/integ.database.ts b/packages/@aws-cdk/aws-redshift/test/integ.database.ts
index 3a3b955a2b5aa..6e4893c0c0089 100644
--- a/packages/@aws-cdk/aws-redshift/test/integ.database.ts
+++ b/packages/@aws-cdk/aws-redshift/test/integ.database.ts
@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 /// !cdk-integ pragma:ignore-assets
 import * as ec2 from '@aws-cdk/aws-ec2';
+import * as kms from '@aws-cdk/aws-kms';
 import * as cdk from '@aws-cdk/core';
 import * as constructs from 'constructs';
 import * as redshift from '../lib';
@@ -28,6 +29,7 @@ const cluster = new redshift.Cluster(stack, 'Cluster', {
   },
   defaultDatabaseName: databaseName,
   publiclyAccessible: true,
+  encryptionKey: new kms.Key(stack, 'custom-kms-key'),
 });
 
 const databaseOptions = {