-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(s3): Bucket Key cannot be used with KMS_MANAGED key #22331
Conversation
- BucketEncryption.KMS means: bring your own key. - BucketEncryption.KMS_MANAGED means: use the AWS default key (which is free). Bucket Key means "S3 uses a shadow key to reduce cost on encryption operations". It should apply to both KMS use cases, but was written to only apply to the BYOK scenario. Also allow the other one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@Mergifyio update |
✅ Branch has been successfully updated |
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Hi. Just upgraded to cdk 2.45.0 but when I cdk synth I still get the error: bucketKeyEnabled is specified, so 'encryption' must be set to KMS (value: MANAGED) |
- BucketEncryption.KMS means: bring your own key. - BucketEncryption.KMS_MANAGED means: use the AWS default key (which is free). Bucket Key means "S3 uses a shadow key to reduce cost on encryption operations". It should apply to both KMS use cases, but was written to only apply to the BYOK scenario. Also allow the other one. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- BucketEncryption.KMS means: bring your own key. - BucketEncryption.KMS_MANAGED means: use the AWS default key (which is free). Bucket Key means "S3 uses a shadow key to reduce cost on encryption operations". It should apply to both KMS use cases, but was written to only apply to the BYOK scenario. Also allow the other one. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bucket Key means "S3 uses a shadow key to reduce cost on encryption operations". It should apply to both KMS use cases, but was written to only apply to the BYOK scenario.
Also allow the other one.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license