CloudFormation template to set up the prerequisites per your article

RealSalmon / lambda-backed-cloud-formation-kms-encryption

Using AWS KMS to Encrypt Values in CloudFormation Stacks

MIT License

20 stars 12 forks source link

CloudFormation template to set up the prerequisites per your article #2

Closed g-a-d closed 7 years ago

g-a-d commented 7 years ago

Now that we can have cross-stack references, you can create this stack which will build the KMS key, lambda function, role etc.

Then in the stack(s) that needs to use this functionality, set the following properties on the EncryptedSuperSecretThing resource: "ServiceToken": {"Fn::ImportValue": "LambdaEncryptionFunction"}, "KeyId": {"Fn::ImportValue": "KMSKeyId"}

Defining the function in-line in this template is gnarly (especially in JSON) but it makes for a very easy deployment.

RealSalmon commented 7 years ago

A fine idea, but well outside the scope of the purpose being served here ... which is mainly just to demonstrate the concept in the related blog post.