Open ll-michael opened 1 month ago
@ll-michael Good morning. Thanks for opening the issue. If you refer construct props for Topic, it does support properties masterKey
properties which maps to AWS::SNS::Topic KmsMasterKeyId
property. Please check if this is the property you are looking for.
Thanks, Ashish
Hello Anish,
While the S3 and SNS CDK both support passing iam keys to construct an item, the SNS CDK does not support referencing an encryption/master key as part of its properties after creation.
This behavior diverges from the S3 CDK, which supports referencing an S3 encryption key property.
Is there an SNS CDK property that allows referencing iam keys after creation?
Best, Michael
The feature should perhaps expose a public
readonly
property named masterKey
in Topic class.
Normally the L2 construct public properties are exposed based on the underlying return values specified in CloudFormation resource specification.
KmsMasterKeyId
is not one of the return values.encryptionKey
as one of the return values. This is possibly because it is more opinionated.This feature needs to be discussed with the team.
@ll-michael Could you please elaborate your case for need of such property when the value for masterKey
would have been defined in constructor properties from some configuration and already accessible?
The AWS CDK is an approximate superset of CloudFormation. While I am not familiar with the inner workings of the AWS CDK, I imagine it makes API calls to determine information, such as encryption keys, not included in the CloudFormation response.
Got it. The feature should perhaps expose a public readonly property named masterKey in Topic class.
Yes, including a master key property in the CDK SNS construct is recommended.
Describe the feature
The CDK does not support referencing AWS managed KMS keys associated with SNS topics that have EnforceSSL set to true. This diverges from CDK behavior with S3, which allows referencing encryption keys that are associated with buckets with KMS encryption enabled.
Use Case
I would like to reference AWS managed SNS keys associated with SNS topics in the CDK. This allows for other CDK resources, such as iam policies, to reference the KMS key.
Proposed Solution
Add a property to CDK SNS topics to return the AWS managed KMS key.
Other Information
No response
Acknowledgements
CDK version used
2.150.0
Environment details (OS name and version, etc.)
NA