Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(custom-resources): enable custom environmentEncryption for the provider lambda functions #26197

Closed
2 tasks
madeline-k opened this issue Jul 3, 2023 · 2 comments · Fixed by #26236
Closed
2 tasks

(custom-resources): enable custom environmentEncryption for the provider lambda functions #26197

madeline-k opened this issue Jul 3, 2023 · 2 comments · Fixed by #26236
Labels
@aws-cdk/custom-resources Related to AWS CDK Custom Resources effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@madeline-k
Copy link
Contributor

Describe the feature

When using the Provider construct (link) to create custom resources, the CDK creates 'provider' lambda functions that invoke the user-defined function. It should be possible to customize the environmentEnvryption property of the provider lambdas.

Use Case

Some customers want to be able to control the KMS keys used for environment variable encryption so that they can use a key that they can view, manage, and audit their use.

Proposed Solution

No response

Other Information

A workaround to customize the key before this feature is implemented would be to use an escape hatch and modify the kmsKeyArn property of the underlying Function.

Escape hatch documentation

To access the nodes in the construct tree that represent the provider functions, you will need to use the node.tryFindChild() function with the id "framework-onEvent", "framework-isComplete", "framework-onTimeout"

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.86

Environment details (OS name and version, etc.)

All
@madeline-k madeline-k added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jul 3, 2023
@github-actions github-actions bot added the @aws-cdk/custom-resources Related to AWS CDK Custom Resources label Jul 3, 2023
@pahud pahud added p1 effort/medium Medium work item – several days of effort p2 and removed needs-triage This issue or PR still needs to be triaged. p1 labels Jul 3, 2023
@pahud
Copy link
Contributor

pahud commented Jul 3, 2023

Making this a p2 feat with a workaround.

@lpizzinidev lpizzinidev mentioned this issue Jul 5, 2023
Merged
lpizzinidev added a commit to lpizzinidev/aws-cdk that referenced this issue Jul 5, 2023
@lpizzinidev
Merge branch 'main' into awsgh-26197
61c8494
mergify bot added a commit to lpizzinidev/aws-cdk that referenced this issue Jul 12, 2023
@mergify
Merge branch 'main' into awsgh-26197
0dbdb55
@mergify mergify bot closed this as completed in #26236 Jul 12, 2023
mergify bot pushed a commit that referenced this issue Jul 12, 2023
@lpizzinidev
feat(custom-resources): add custom environmentEncryption for Provider…
546456a 
… lambda functions (#26236)

The `providerFunctionEnvEncryption` property on the `Provider` class allows users to specify a custom KMS key that will be used to encrypt the environment variables of the generated lambda functions.


Closes #26197.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

bmoffatt pushed a commit to bmoffatt/aws-cdk that referenced this issue Jul 29, 2023
@lpizzinidev @bmoffatt
feat(custom-resources): add custom environmentEncryption for Provider…
3b5b259 
… lambda functions (aws#26236)

The `providerFunctionEnvEncryption` property on the `Provider` class allows users to specify a custom KMS key that will be used to encrypt the environment variables of the generated lambda functions.


Closes aws#26197.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions github-actions bot mentioned this issue Aug 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/custom-resources Related to AWS CDK Custom Resources effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
2 participants
@pahud @madeline-k