I am using a codepipeline build action based off this repo for some windows specific builds I have in my pipeline, and came across a problem when I needed to use the output artefact from this action in a CodeDeploy action. As you cannot specify the KMS key for the encryption, you cannot use the artefact from another account (as is required when using CodeDeploy and CrossAccount deployments). This is because the KMS Master key is not shareable between accounts as you cannot create a policy to give the appropriate permissions.
I am working on an approach that involves passing the Customer provided KmsKey as a Configuration parameter to the custom action. If I have success I'll raise a PR, but still interested in how you would approach this.
I am using a codepipeline build action based off this repo for some windows specific builds I have in my pipeline, and came across a problem when I needed to use the output artefact from this action in a CodeDeploy action. As you cannot specify the KMS key for the encryption, you cannot use the artefact from another account (as is required when using CodeDeploy and CrossAccount deployments). This is because the KMS Master key is not shareable between accounts as you cannot create a policy to give the appropriate permissions.
I am working on an approach that involves passing the Customer provided KmsKey as a Configuration parameter to the custom action. If I have success I'll raise a PR, but still interested in how you would approach this.