-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-scheduler-alpha): Supporting Encryption Keys in Schedule #27543
Labels
@aws-cdk/aws-scheduler
Related to the AWS Scheduler service
effort/small
Small work item – less than a day of effort
feature-request
A feature should be added or improved.
p2
Comments
filletofish
added
feature-request
A feature should be added or improved.
needs-triage
This issue or PR still needs to be triaged.
labels
Oct 14, 2023
filletofish
changed the title
(scheduler): Supporting Encryption Keys in Schedule
(aws-scheduler-alpha): Supporting Encryption Keys in Schedule
Oct 14, 2023
github-actions
bot
added
the
@aws-cdk/aws-scheduler
Related to the AWS Scheduler service
label
Oct 14, 2023
2 tasks
kaizencc
added
p2
effort/small
Small work item – less than a day of effort
and removed
needs-triage
This issue or PR still needs to be triaged.
labels
Oct 16, 2023
mergify bot
pushed a commit
that referenced
this issue
Oct 20, 2023
Allows to specify a customer-managed KMS key for encryption. Example: ```ts declare const key: kms.Key; declare const fn: lambda.Function; const target = new targets.LambdaInvoke(fn, { input: ScheduleTargetInput.fromObject({ "payload": "useful", }), }); const schedule = new Schedule(this, 'Schedule', { schedule: ScheduleExpression.rate(Duration.minutes(10)), target, key, }); ``` Closes #27543. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-scheduler
Related to the AWS Scheduler service
effort/small
Small work item – less than a day of effort
feature-request
A feature should be added or improved.
p2
Describe the feature
As per RFC L2 Schedule construct should encrypting data passed to targets with AWS KMS keys: https:/aws/aws-cdk-rfcs/blob/main/text/0474-event-bridge-scheduler-l2.md#specifying-encryption-key
Use Case
By default, all events in Scheduler are encrypted with a key that AWS owns and manages. If customer wishes they can also provide a customer managed key to encrypt and decrypt the payload that your schedule delivers to its target. Target construct classes should automatically add AWS KMS Decrypt permission to customer's schedule's execution role permissions policy.
See RFC - https:/aws/aws-cdk-rfcs/blob/main/text/0474-event-bridge-scheduler-l2.md#specifying-encryption-key
Proposed Solution
readonly key?: kms.IKey;
toScheduleProps
andISchedule
.CfnSchedule
Other Information
No response
Acknowledgements
CDK version used
2.99.1
Environment details (OS name and version, etc.)
MacOS
The text was updated successfully, but these errors were encountered: