Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-scheduler-alpha): Supporting Encryption Keys in Schedule #27543

Closed
1 of 2 tasks
filletofish opened this issue Oct 14, 2023 · 1 comment · Fixed by #27609
Closed
1 of 2 tasks

(aws-scheduler-alpha): Supporting Encryption Keys in Schedule #27543

filletofish opened this issue Oct 14, 2023 · 1 comment · Fixed by #27609
Labels
@aws-cdk/aws-scheduler Related to the AWS Scheduler service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@filletofish
Copy link
Contributor

Describe the feature

As per RFC L2 Schedule construct should encrypting data passed to targets with AWS KMS keys: https://github.com/aws/aws-cdk-rfcs/blob/main/text/0474-event-bridge-scheduler-l2.md#specifying-encryption-key

Use Case

By default, all events in Scheduler are encrypted with a key that AWS owns and manages. If customer wishes they can also provide a customer managed key to encrypt and decrypt the payload that your schedule delivers to its target. Target construct classes should automatically add AWS KMS Decrypt permission to customer's schedule's execution role permissions policy.

See RFC - https://github.com/aws/aws-cdk-rfcs/blob/main/text/0474-event-bridge-scheduler-l2.md#specifying-encryption-key

Proposed Solution

  1. Add readonly key?: kms.IKey; to ScheduleProps and ISchedule.
  2. Pass key ARN to CfnSchedule
  3. Grant permissions execution role to encrypt / decrypt data with passed KMS key

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.99.1

Environment details (OS name and version, etc.)

MacOS
@filletofish filletofish added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Oct 14, 2023
@filletofish filletofish changed the title (scheduler): Supporting Encryption Keys in Schedule (aws-scheduler-alpha): Supporting Encryption Keys in Schedule Oct 14, 2023
@github-actions github-actions bot added the @aws-cdk/aws-scheduler Related to the AWS Scheduler service label Oct 14, 2023
@filletofish filletofish mentioned this issue Oct 14, 2023
Closed
2 tasks
@kaizencc kaizencc added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Oct 16, 2023
@lpizzinidev lpizzinidev mentioned this issue Oct 19, 2023
Merged
mergify bot added a commit to lpizzinidev/aws-cdk that referenced this issue Oct 20, 2023
@mergify
Merge branch 'main' into awsgh-27543
b0ff6b6
@mergify mergify bot closed this as completed in #27609 Oct 20, 2023
mergify bot pushed a commit that referenced this issue Oct 20, 2023
@lpizzinidev
feat(schedule-alpha): support customer managed KMS keys (#27609)
df24d22 
Allows to specify a customer-managed KMS key for encryption.

Example:

```ts
declare const key: kms.Key;
declare const fn: lambda.Function;

const target = new targets.LambdaInvoke(fn, {
    input: ScheduleTargetInput.fromObject({
        "payload": "useful",
    }),
});

const schedule = new Schedule(this, 'Schedule', {
    schedule: ScheduleExpression.rate(Duration.minutes(10)),
    target,
    key,
});
```

Closes #27543.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot mentioned this issue Nov 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-scheduler Related to the AWS Scheduler service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(schedule-alpha): support customer managed KMS keys lpizzinidev/aws-cdk
2 participants
@filletofish @kaizencc