-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(custom-resources): enable custom environmentEncryption for the provider lambda functions #26197
Labels
@aws-cdk/custom-resources
Related to AWS CDK Custom Resources
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
Comments
madeline-k
added
feature-request
A feature should be added or improved.
needs-triage
This issue or PR still needs to be triaged.
labels
Jul 3, 2023
github-actions
bot
added
the
@aws-cdk/custom-resources
Related to AWS CDK Custom Resources
label
Jul 3, 2023
pahud
added
p1
effort/medium
Medium work item – several days of effort
p2
and removed
needs-triage
This issue or PR still needs to be triaged.
p1
labels
Jul 3, 2023
Making this a p2 feat with a workaround. |
lpizzinidev
added a commit
to lpizzinidev/aws-cdk
that referenced
this issue
Jul 5, 2023
mergify bot
pushed a commit
that referenced
this issue
Jul 12, 2023
… lambda functions (#26236) The `providerFunctionEnvEncryption` property on the `Provider` class allows users to specify a custom KMS key that will be used to encrypt the environment variables of the generated lambda functions. Closes #26197. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
bmoffatt
pushed a commit
to bmoffatt/aws-cdk
that referenced
this issue
Jul 29, 2023
… lambda functions (aws#26236) The `providerFunctionEnvEncryption` property on the `Provider` class allows users to specify a custom KMS key that will be used to encrypt the environment variables of the generated lambda functions. Closes aws#26197. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/custom-resources
Related to AWS CDK Custom Resources
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
Describe the feature
When using the
Provider
construct (link) to create custom resources, the CDK creates 'provider' lambda functions that invoke the user-defined function. It should be possible to customize the environmentEnvryption property of the provider lambdas.Use Case
Some customers want to be able to control the KMS keys used for environment variable encryption so that they can use a key that they can view, manage, and audit their use.
Proposed Solution
No response
Other Information
A workaround to customize the key before this feature is implemented would be to use an escape hatch and modify the
kmsKeyArn
property of the underlying Function.Escape hatch documentation
To access the nodes in the construct tree that represent the provider functions, you will need to use the node.tryFindChild() function with the id "framework-onEvent", "framework-isComplete", "framework-onTimeout"
Acknowledgements
CDK version used
2.86
Environment details (OS name and version, etc.)
All
The text was updated successfully, but these errors were encountered: