refactor(cx): typo in decryption policy

packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-sqs.lit.ts

@@ -5,7 +5,7 @@ import * as cdk from '@aws-cdk/core';
 import * as cxapi from '@aws-cdk/cx-api';
 import * as subs from '../lib';
 
-const restrictSqsDescryption = { [cxapi.SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY]: true };
+const restrictSqsDecryption = { [cxapi.SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY]: true };
 
 class SnsToSqs extends cdk.Stack {
   constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
@@ -25,7 +25,7 @@ class SnsToSqs extends cdk.Stack {
 }
 
 const app = new cdk.App({
-  context: restrictSqsDescryption,
+  context: restrictSqsDecryption,
 });
 
 new SnsToSqs(app, 'aws-cdk-sns-sqs');

packages/@aws-cdk/aws-sns-subscriptions/test/subs.test.ts

@@ -8,7 +8,7 @@ import * as cxapi from '@aws-cdk/cx-api';
 import * as subs from '../lib';
 
 /* eslint-disable quote-props */
-const restrictSqsDescryption = { [cxapi.SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY]: true };
+const restrictSqsDecryption = { [cxapi.SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY]: true };
 let stack: Stack;
 let topic: sns.Topic;
 
@@ -1116,7 +1116,7 @@ describe('Restrict sqs decryption feature flag', () => {
   test('Restrict decryption of sqs to sns topic', () => {
     const stackUnderTest = new Stack(
       new App({
-        context: restrictSqsDescryption,
+        context: restrictSqsDecryption,
       }),
     );
     const topicUnderTest = new sns.Topic(stackUnderTest, 'MyTopic', {

packages/@aws-cdk/cx-api/FEATURE_FLAGS.md

@@ -32,7 +32,7 @@ Flags come in three types:
 | [@aws-cdk/core:validateSnapshotRemovalPolicy](#aws-cdkcorevalidatesnapshotremovalpolicy) | Error on snapshot removal policies on resources that do not support it. | 2.28.0 | (default) |
 | [@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName](#aws-cdkaws-codepipelinecrossaccountkeyaliasstacksaferesourcename) | Generate key aliases that include the stack name | 2.29.0 | (fix) |
 | [@aws-cdk/aws-s3:createDefaultLoggingPolicy](#aws-cdkaws-s3createdefaultloggingpolicy) | Enable this feature flag to create an S3 bucket policy by default in cases where an AWS service would automatically create the Policy if one does not exist. | 2.31.0 | (fix) |
-| [@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption](#aws-cdkaws-sns-subscriptionsrestrictsqsdescryption) | Restrict KMS key policy for encrypted Queues a bit more | 2.32.0 | (fix) |
+| [@aws-cdk/aws-sns-subscriptions:restrictSqsDecryption](#aws-cdkaws-sns-subscriptionsrestrictsqsdecryption) | Restrict KMS key policy for encrypted Queues a bit more | 2.32.0 | (fix) |
 | [@aws-cdk/aws-ecs:arnFormatIncludesClusterName](#aws-cdkaws-ecsarnformatincludesclustername) | ARN format used by ECS. In the new ARN format, the cluster name is part of the resource ID. | 2.35.0 | (fix) |
 | [@aws-cdk/aws-apigateway:disableCloudWatchRole](#aws-cdkaws-apigatewaydisablecloudwatchrole) | Make default CloudWatch Role behavior safe for multiple API Gateways in one environment | 2.38.0 | (fix) |
 | [@aws-cdk/core:enablePartitionLiterals](#aws-cdkcoreenablepartitionliterals) | Make ARNs concrete if AWS partition is known | 2.38.0 | (fix) |
@@ -63,7 +63,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou
     "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
     "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
     "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
-    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDecryption": true,
     "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
     "@aws-cdk/core:enablePartitionLiterals": true,
     "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
@@ -556,7 +556,7 @@ remain in control of it.
 | 2.31.0 | `false` | `true` |
 
 
-### @aws-cdk/aws-sns-subscriptions:restrictSqsDescryption
+### @aws-cdk/aws-sns-subscriptions:restrictSqsDecryption
 
 *Restrict KMS key policy for encrypted Queues a bit more* (fix)
 

packages/@aws-cdk/cx-api/README.md

@@ -39,7 +39,7 @@ _cdk.json_
 }
 ```
 
-* `@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption`
+* `@aws-cdk/aws-sns-subscriptions:restrictSqsDecryption`
 
 Enable this feature flag to restrict the decryption of a SQS queue, which is subscribed to a SNS topic, to
 only the topic which it is subscribed to and not the whole SNS service of an account.
@@ -53,7 +53,7 @@ _cdk.json_
 ```json
 {
   "context": {
-    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDecryption": true
   }
 }
 ```

packages/@aws-cdk/cx-api/lib/features.ts

@@ -68,7 +68,7 @@ export const IAM_MINIMIZE_POLICIES = '@aws-cdk/aws-iam:minimizePolicies';
 export const VALIDATE_SNAPSHOT_REMOVAL_POLICY = '@aws-cdk/core:validateSnapshotRemovalPolicy';
 export const CODEPIPELINE_CROSS_ACCOUNT_KEY_ALIAS_STACK_SAFE_RESOURCE_NAME = '@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName';
 export const S3_CREATE_DEFAULT_LOGGING_POLICY = '@aws-cdk/aws-s3:createDefaultLoggingPolicy';
-export const SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY = '@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption';
+export const SNS_SUBSCRIPTIONS_SQS_DECRYPTION_POLICY = '@aws-cdk/aws-sns-subscriptions:restrictSqsDecryption';
 export const APIGATEWAY_DISABLE_CLOUDWATCH_ROLE = '@aws-cdk/aws-apigateway:disableCloudWatchRole';
 export const ENABLE_PARTITION_LITERALS = '@aws-cdk/core:enablePartitionLiterals';
 export const EVENTS_TARGET_QUEUE_SAME_ACCOUNT = '@aws-cdk/aws-events:eventsTargetQueueSameAccount';