feat(kms): support fromLookup in KMS key to get key by alias name #15652
Conversation
|
|
|
Note: Version of cloud-assembly-schema was increased. --> Check/update version again when this PR will be merged. |
|
Thanks so much for submitting this pull request. I am marking this pull request as We use +1s to help prioritize our work, and are happy to revaluate this pull request based on community feedback. You can reach out to the cdk.dev community on Slack to solicit support for reprioritization. |
packages/@aws-cdk/aws-kms/README.md
Outdated
| Note that a call to `.addToPolicy(statement)` on `myKeyLookup` will not have | ||
| an affect on the key's policy because it is not owned by your stack. The call | ||
| will be a no-op. |
There was a problem hiding this comment.
Is this copy/pasted from somewhere else? There's no addToPolicy on the Key interface.
There was a problem hiding this comment.
Yes, you're right. This was copied from method Key.fromKeyArn which is described in the same readme file.
Method addToPolicy is mentioned there. addToResourcePolicy is the correct name of this method. It is defined in class KeyBase.
I did the correction in the original text and in the new description for fromLookup.
|
Thanks for your feedback. 👍 I've implemented the suggested changes. The cloud-assembly-schema version is still up-to-date. Current version is 13, will be increased to 14 by this PR. |
|
+1 |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
…s#15652) Add method `fromLookup` in KMS key which provides the option to get a KMS key including its key id by an alias name. In some cases, aliases can't be used because access to the underlying key id is necessary. In this case, the `fromLookup` method can be used. The following packages were changed: - @aws-cdk/aws-kms: introduce new `fromLookup` method - @aws-cdk/cx-api: new KeyContextResponse - @aws-cdk/cloud-assembly-schema: new ContextProvider KEY_PROVIDER and KeyContextQuery - aws-cdk: implementation of key ContextProvider Closes aws#8822 ----- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s#15652) Add method `fromLookup` in KMS key which provides the option to get a KMS key including its key id by an alias name. In some cases, aliases can't be used because access to the underlying key id is necessary. In this case, the `fromLookup` method can be used. The following packages were changed: - @aws-cdk/aws-kms: introduce new `fromLookup` method - @aws-cdk/cx-api: new KeyContextResponse - @aws-cdk/cloud-assembly-schema: new ContextProvider KEY_PROVIDER and KeyContextQuery - aws-cdk: implementation of key ContextProvider Closes aws#8822 ----- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Is it possible to support Alias name and Alias ARN? so we can lookup Alias in different account |
Add method
fromLookupin KMS key which provides the option to get a KMS key including its key id by an alias name.In some cases, aliases can't be used because access to the underlying key id is necessary. In this case, the
fromLookupmethod can be used.The following packages were changed:
fromLookupmethodCloses #8822
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license