Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-apprunner): support a customer managed key #30365

Closed
1 of 2 tasks
mazyu36 opened this issue May 28, 2024 · 3 comments · Fixed by #30352 or rwlxxvii/containers#140 · May be fixed by NOUIY/aws-solutions-constructs#105, kazimanzurrashid/aws-scheduler-go#821 or NOUIY/aws-solutions-constructs#106
Closed
1 of 2 tasks

(aws-apprunner): support a customer managed key #30365

mazyu36 opened this issue May 28, 2024 · 3 comments · Fixed by #30352 or rwlxxvii/containers#140 · May be fixed by NOUIY/aws-solutions-constructs#105, kazimanzurrashid/aws-scheduler-go#821 or NOUIY/aws-solutions-constructs#106
Labels
@aws-cdk/aws-apprunner Related to the apprunner package effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@mazyu36
Copy link
Contributor

mazyu36 commented May 28, 2024

Describe the feature

Support a customer managed key to encrypt all stored copies of your application source image or source bundle.
At the moment, L2 Construct (alpha module) cannot use a customer managed key.

Use Case

In App Runner, the source code and images that are copied are typically encrypted using AWS-managed keys.
However, there may be cases where you want to use a customer-managed key for encryption to enhance security or meet auditing requirements.

For this purpose, App Runner supports encryption using customer-managed keys.

Proposed Solution

Add a property to use a KMS key

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.143.0

Environment details (OS name and version, etc.)

all
@mazyu36 mazyu36 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels May 28, 2024
@github-actions github-actions bot added the @aws-cdk/aws-apprunner Related to the apprunner package label May 28, 2024
@mazyu36 mazyu36 mentioned this issue May 28, 2024
Merged
1 task
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels May 29, 2024
@khushail khushail self-assigned this May 29, 2024
@khushail khushail changed the title apprunner: support a customer managed key (aws-apprunner): support a customer managed key May 29, 2024
@khushail
Copy link
Contributor

Thanks @mazyu36 for submitting the PR !

@khushail khushail added p2 effort/small Small work item – less than a day of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels May 29, 2024
@khushail khushail removed their assignment May 29, 2024
@mergify mergify bot closed this as completed in #30352 May 30, 2024
mergify bot pushed a commit that referenced this issue May 30, 2024
@mazyu36
feat(apprunner): add kmsKey property for the AppRunner Service class (#…
0c1aeb6 
…30352)

### Issue # (if applicable)

Close #30365.

### Reason for this change
AppRunner supports for using a customer managed key to encrypt  all stored copies of your application source image or source bundle.

https://docs.aws.amazon.com/apprunner/latest/dg/security-data-protection-encryption.html

But L2 Construct (alpha module) cannot use a customer managed key.


### Description of changes
Add kmsKey property to the Service class.


### Description of how you validated changes
Add unit tests and integ tests


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

This was referenced Jun 1, 2024
Closed
Closed
atanaspam pushed a commit to atanaspam/aws-cdk that referenced this issue Jun 3, 2024
@mazyu36 @atanaspam
feat(apprunner): add kmsKey property for the AppRunner Service class (a…
4eb587b 
…ws#30352)

### Issue # (if applicable)

Close aws#30365.

### Reason for this change
AppRunner supports for using a customer managed key to encrypt  all stored copies of your application source image or source bundle.

https://docs.aws.amazon.com/apprunner/latest/dg/security-data-protection-encryption.html

But L2 Construct (alpha module) cannot use a customer managed key.


### Description of changes
Add kmsKey property to the Service class.


### Description of how you validated changes
Add unit tests and integ tests


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
vdahlberg pushed a commit to vdahlberg/aws-cdk that referenced this issue Jun 10, 2024
@mazyu36
feat(apprunner): add kmsKey property for the AppRunner Service class (a…
255768c 
…ws#30352)

### Issue # (if applicable)

Close aws#30365.

### Reason for this change
AppRunner supports for using a customer managed key to encrypt  all stored copies of your application source image or source bundle.

https://docs.aws.amazon.com/apprunner/latest/dg/security-data-protection-encryption.html

But L2 Construct (alpha module) cannot use a customer managed key.


### Description of changes
Add kmsKey property to the Service class.


### Description of how you validated changes
Add unit tests and integ tests


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@rwlxxvii rwlxxvii mentioned this issue Jun 22, 2024
Merged
@NOUIY NOUIY mentioned this issue Jun 22, 2024
Open
@kazimanzurrashid kazimanzurrashid mentioned this issue Jun 29, 2024
Open
This was referenced Jun 29, 2024
Open
Open
This was referenced Jul 12, 2024
Open
Open
This was referenced Jul 19, 2024
Open
Open
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-apprunner Related to the apprunner package effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
3 participants
@mazyu36 @aws-cdk-automation @khushail