Open mazyu36 opened 2 months ago
Thank you @mazyu36 !
I'm struggling with the implementation approach.
To minimize privileges in the CMK key policy, I need to set the Pipe ARN. However, since the pipe name is optional, the exact ARN won't be known until deployment if the name isn't specified.
Currently, the only solution I can think of is using a custom resource. If anyone knows a better method, please let me know.
Describe the feature
Amazon EventBridge Pipes now supports customer managed KMS keys. But L2 Construct (alpha module) does not support it.
Ref: https://aws.amazon.com/about-aws/whats-new/2024/09/amazon-eventbridge-pipes-customer-managed-keys/
Use Case
When you want to use Customer Managed key to encrypt data.
Proposed Solution
Add
kmsKey
property toPipe
class.Other Information
CloudFormation already support it, but L1 Construct does not yet.
I plan to implement L2 Construct after L1 Construct support it.
Acknowledgements
CDK version used
all
Environment details (OS name and version, etc.)
all