-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(codepipeline): make the default CodePipeline Bucket have an encryption key #2241
feat(codepipeline): make the default CodePipeline Bucket have an encryption key #2241
Conversation
@@ -159,7 +160,10 @@ export class Pipeline extends cdk.Construct implements IPipeline { | |||
// If a bucket has been provided, use it - otherwise, create a bucket. | |||
let propsBucket = props.artifactBucket; | |||
if (!propsBucket) { | |||
const encryptionKey = new kms.EncryptionKey(this, 'ArtifactsBucketEncryptionKey'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feels like something we should allow users to opt out from and also supply their own key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already allow it - the customer can supply their own artifactBucket
in props
(notice that we check if (!propsBucket)
, and don't do any defaulting in that case).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My comment was about the key, not about the bucket, but I guess you are right. If they want to customize the key, they can just pass in a custom bucket. Make sure to mention in the artifactBucket
props that the bucket is encrypted.
…ve an encryption key. This is a prerequisite for having a nice cross-account experience (see aws#1924).
f8f90b7
to
b69e4e1
Compare
Updated the |
This is a prerequisite for having a nice cross-account experience
(see #1924).
Pull Request Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.