-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[aws-events-targets] Kinesis Stream target with Customer-Managed KMS key causes EventBridge FailedInvocations #10996
Labels
@aws-cdk/aws-events-targets
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p1
Comments
blimmer
added
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
labels
Oct 20, 2020
This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
github-actions
bot
added
the
closing-soon
This issue will automatically close in 4 days unless further comments are made.
label
Jun 17, 2022
I believe this is still an issue |
github-actions
bot
removed
the
closing-soon
This issue will automatically close in 4 days unless further comments are made.
label
Jun 18, 2022
Still an issue. |
It is still an issue, it would be great if the CDK team would at least post a workaround rather than ignoring this. |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-events-targets
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p1
When you have a Kinesis stream encrypted by a customer-managed KMS key,
aws-events-targets
does not give EventBridge permission to encrypt events using the key.Reproduction Steps
Also available here: https:/blimmer/cdk-bug-reports/compare/bug/kinesis-target-policy?expand=1
What did you expect to happen?
I expected the EventBridge rule to trigger successfully because I used the
aws-events-targets
package.What actually happened?
All
Invocations
wereFailedInvocations
in Cloudwatch because EventBridge couldn't encrypt the event toPutRecord
on the stream.This is the result of the
cdk synth
. As you can see, there'sStreamEventsRole3ADC0AFD
does not have the ability to encrypt usingStreamKey238BEC37
.Environment
Other
If you don't explicitly specify
encryption
e.g.,It automatically uses the Customer Master Key, which does not cause
FailedInvocations
.This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: