aws-samples / aws-codepipeline-custom-action

Amazon EC2 build environments with AWS CodePipeline and custom actions
MIT No Attribution
12 stars 18 forks source link

Cross Account Deployments don't work due to inability to specify KMS Key #6

Open scottjbaldwin opened 3 years ago

scottjbaldwin commented 3 years ago

I am using a codepipeline build action based off this repo for some windows specific builds I have in my pipeline, and came across a problem when I needed to use the output artefact from this action in a CodeDeploy action. As you cannot specify the KMS key for the encryption, you cannot use the artefact from another account (as is required when using CodeDeploy and CrossAccount deployments). This is because the KMS Master key is not shareable between accounts as you cannot create a policy to give the appropriate permissions.

I am working on an approach that involves passing the Customer provided KmsKey as a Configuration parameter to the custom action. If I have success I'll raise a PR, but still interested in how you would approach this.