Add kmsKey property to LogGroup construct

aws · Nov 9, 2020 · 6ffdce9 · 6ffdce9
1 parent e0c84af
commit 6ffdce9
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/packages/@aws-cdk/aws-logs/lib/log-group.ts b/packages/@aws-cdk/aws-logs/lib/log-group.ts
@@ -1,5 +1,6 @@
 import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
 import * as iam from '@aws-cdk/aws-iam';
+import { IKey } from '@aws-cdk/aws-kms';
 import { IResource, RemovalPolicy, Resource, Stack, Token } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { LogStream } from './log-stream';
@@ -273,6 +274,13 @@ export enum RetentionDays {
  * Properties for a LogGroup
  */
 export interface LogGroupProps {
+  /**
+   * The KMS Key to encrypt the log group with.
+   *
+   * @default No KMS key
+   */
+  readonly kmsKey?: IKey;
+
   /**
    * Name of the log group.
    *
@@ -363,6 +371,7 @@ export class LogGroup extends LogGroupBase {
     }
 
     const resource = new CfnLogGroup(this, 'Resource', {
+      kmsKeyId: props.kmsKey?.keyId,
       logGroupName: this.physicalName,
       retentionInDays,
     });

diff --git a/packages/@aws-cdk/aws-logs/package.json b/packages/@aws-cdk/aws-logs/package.json
@@ -86,6 +86,7 @@
   "dependencies": {
     "@aws-cdk/aws-cloudwatch": "0.0.0",
     "@aws-cdk/aws-iam": "0.0.0",
+    "@aws-cdk/aws-kms": "0.0.0",
     "@aws-cdk/aws-s3-assets": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "constructs": "^3.2.0"
@@ -94,6 +95,7 @@
   "peerDependencies": {
     "@aws-cdk/aws-cloudwatch": "0.0.0",
     "@aws-cdk/aws-iam": "0.0.0",
+    "@aws-cdk/aws-kms": "0.0.0",
     "@aws-cdk/aws-s3-assets": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "constructs": "^3.2.0"

diff --git a/packages/@aws-cdk/aws-logs/test/test.loggroup.ts b/packages/@aws-cdk/aws-logs/test/test.loggroup.ts
@@ -1,10 +1,29 @@
 import { expect, haveResource, matchTemplate } from '@aws-cdk/assert';
 import * as iam from '@aws-cdk/aws-iam';
+import { Key } from '@aws-cdk/aws-kms';
 import { CfnParameter, RemovalPolicy, Stack } from '@aws-cdk/core';
 import { Test } from 'nodeunit';
 import { LogGroup, RetentionDays } from '../lib';
 
 export = {
+  'set kms key when provided'(test: Test) {
+    // GIVEN
+    const stack = new Stack();
+    const kmsKey = new Key(stack, 'Key');
+
+    // WHEN
+    new LogGroup(stack, 'LogGroup', {
+      kmsKey,
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::Logs::LogGroup', {
+      KmsKeyId: { Ref: 'Key961B73FD' },
+    }));
+
+    test.done();
+  },
+
   'fixed retention'(test: Test) {
     // GIVEN
     const stack = new Stack();
@@ -326,4 +345,4 @@ function dataDrivenTests(cases: any[][], body: (test: Test, ...args: any[]) => v
     };
   }
   return ret;
-}
+}