search

aws-cloudformation / aws-cloudformation-resource-providers-kms

AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
https://aws.amazon.com/kms/
Apache License 2.0
14 stars 12 forks source link

KMS::Key Performance changes in Create & Delete Handler #61

Closed shrsrivz closed 4 months ago

shrsrivz commented 5 months ago

Issue #, if available:

Description of changes:

Create Handler 1.) createKey 2.) wait for eventual consistency (60 sec sleep) -> Remove it 3.) api call to updateKeyRotation → Try this API call with Exponential Retry. If API throws NotFound error (which means changes have not propagated) retry API call with exponential retry strategy 4.) api call to disableKey → Try this API call with Exponential Retry. If API throws NotFound error (which means changes have not propagated) retry API with exponential retry 5.) wait for eventual consistency - 15 sec sleep - Update eventual consistency delay to 15 secs. Have final wait to ensure changes have propagated 6.) Return success

DeleteHandler 1.) deleteKey 2.) Wait for eventual consistency -> 60 sec to 15 secs

Testing Unit Test Integration Test

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

jbvengala commented 5 months ago

I see these changes are already merged in mainline https://code.amazon.com/reviews/CR-110839564/revisions/3#/reviewers I remember we merge the changes from github to mainline by creating a code review.