diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/IntegTestDSSEBucketDefaultTestDeployAssert56801A2F.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/IntegTestDSSEBucketDefaultTestDeployAssert56801A2F.assets.json index a18b483236bea..bc418e8c43f33 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/IntegTestDSSEBucketDefaultTestDeployAssert56801A2F.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/IntegTestDSSEBucketDefaultTestDeployAssert56801A2F.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/aws-cdk-s3-bucket-encryption.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/aws-cdk-s3-bucket-encryption.assets.json index ae8d82eb471b7..e79962e622edf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/aws-cdk-s3-bucket-encryption.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/aws-cdk-s3-bucket-encryption.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "38.0.1", "files": { - "11da7c5b54314bf0158da668aa6014c1e153d0d880b9ace65689ce2cfeceaa20": { + "958a440cc168ca1a5e3dee9acecf551051130acee758d7dd2d6a8afc6d7ba3ec": { "source": { "path": "aws-cdk-s3-bucket-encryption.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "11da7c5b54314bf0158da668aa6014c1e153d0d880b9ace65689ce2cfeceaa20.json", + "objectKey": "958a440cc168ca1a5e3dee9acecf551051130acee758d7dd2d6a8afc6d7ba3ec.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/aws-cdk-s3-bucket-encryption.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/aws-cdk-s3-bucket-encryption.template.json index 9bc25f1e72af0..07ce4a370dfde 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/aws-cdk-s3-bucket-encryption.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/aws-cdk-s3-bucket-encryption.template.json @@ -13,8 +13,8 @@ ] } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "MySSES3Bucket6973690D": { "Type": "AWS::S3::Bucket", @@ -30,8 +30,67 @@ ] } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MyKMSBucketKey9CACDA9E": { + "Type": "AWS::KMS::Key", + "Properties": { + "Description": "Created by aws-cdk-s3-bucket-encryption/MyKMSBucket", + "EnableKeyRotation": true, + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MyKMSBucketDF8715AC": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "MyKMSBucketKey9CACDA9E", + "Arn" + ] + }, + "SSEAlgorithm": "aws:kms" + } + } + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" } }, "Parameters": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/cdk.out index 1f0068d32659a..c6e612584e352 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/integ.json index d056cd084f925..6c87d66b5bc5e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "testCases": { "IntegTestDSSEBucket/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/manifest.json index 41427a553c276..6bf99cbb3f213 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "artifacts": { "aws-cdk-s3-bucket-encryption.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "aws-cdk-s3-bucket-encryption.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/11da7c5b54314bf0158da668aa6014c1e153d0d880b9ace65689ce2cfeceaa20.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/958a440cc168ca1a5e3dee9acecf551051130acee758d7dd2d6a8afc6d7ba3ec.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -46,6 +47,18 @@ "data": "MySSES3Bucket6973690D" } ], + "/aws-cdk-s3-bucket-encryption/MyKMSBucket/Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyKMSBucketKey9CACDA9E" + } + ], + "/aws-cdk-s3-bucket-encryption/MyKMSBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyKMSBucketDF8715AC" + } + ], "/aws-cdk-s3-bucket-encryption/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -76,6 +89,7 @@ "templateFile": "IntegTestDSSEBucketDefaultTestDeployAssert56801A2F.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/tree.json index 2f48c7893efd3..e444d5658ec39 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.js.snapshot/tree.json @@ -73,6 +73,97 @@ "version": "0.0.0" } }, + "MyKMSBucket": { + "id": "MyKMSBucket", + "path": "aws-cdk-s3-bucket-encryption/MyKMSBucket", + "children": { + "Key": { + "id": "Key", + "path": "aws-cdk-s3-bucket-encryption/MyKMSBucket/Key", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-bucket-encryption/MyKMSBucket/Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "description": "Created by aws-cdk-s3-bucket-encryption/MyKMSBucket", + "enableKeyRotation": true, + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-bucket-encryption/MyKMSBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms", + "kmsMasterKeyId": { + "Fn::GetAtt": [ + "MyKMSBucketKey9CACDA9E", + "Arn" + ] + } + } + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-s3-bucket-encryption/BootstrapVersion", @@ -108,7 +199,7 @@ "path": "IntegTestDSSEBucket/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } }, "DeployAssert": { @@ -154,7 +245,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.ts index 143912a530dbd..e1e7723bbc2e9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-encryption.ts @@ -8,13 +8,22 @@ const stack = new cdk.Stack(app, 'aws-cdk-s3-bucket-encryption'); new s3.Bucket(stack, 'MyDSSEBucket', { encryption: s3.BucketEncryption.DSSE_MANAGED, + removalPolicy: cdk.RemovalPolicy.DESTROY, }); new s3.Bucket(stack, 'MySSES3Bucket', { encryption: s3.BucketEncryption.S3_MANAGED, bucketKeyEnabled: true, + removalPolicy: cdk.RemovalPolicy.DESTROY, }); +const kmsBucket = new s3.Bucket(stack, 'MyKMSBucket', { + encryption: s3.BucketEncryption.KMS, + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +kmsBucket.encryptionKey?.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY); + new integ.IntegTest(app, 'IntegTestDSSEBucket', { testCases: [stack], }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json index b8e20d2d08292..5d943ea602d8d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.assets.json index 74d0dd6c62780..6abc051148b1c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "files": { "44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61": { "source": { @@ -14,7 +14,7 @@ } } }, - "83e5eb2edbb2d1110462a34c603626085fc1655ca1140c5f7d4cd00f813a4c5e": { + "c8f365aa1f12b408b8778ec63464cbe24b37d17fea9f7cdab7d4417362e2791f": { "source": { "path": "aws-cdk-s3-server-access-logs-sse-kms.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "83e5eb2edbb2d1110462a34c603626085fc1655ca1140c5f7d4cd00f813a4c5e.json", + "objectKey": "c8f365aa1f12b408b8778ec63464cbe24b37d17fea9f7cdab7d4417362e2791f.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.template.json index 45655ea9a3075..49a71bb06f5d6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.template.json @@ -4,6 +4,7 @@ "Type": "AWS::KMS::Key", "Properties": { "Description": "Created by aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket", + "EnableKeyRotation": true, "KeyPolicy": { "Statement": [ { @@ -46,8 +47,8 @@ "Version": "2012-10-17" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "ServerAccessLogsBucket05F29982": { "Type": "AWS::S3::Bucket", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/cdk.out index 1f0068d32659a..c6e612584e352 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/integ.json index a46977395e005..1c6e435763d9a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "testCases": { "ServerAccessLogsSseKmsTest/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/manifest.json index 003dd6f9eaeb9..c32b4b5036e87 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "artifacts": { "aws-cdk-s3-server-access-logs-sse-kms.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "aws-cdk-s3-server-access-logs-sse-kms.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/83e5eb2edbb2d1110462a34c603626085fc1655ca1140c5f7d4cd00f813a4c5e.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c8f365aa1f12b408b8778ec63464cbe24b37d17fea9f7cdab7d4417362e2791f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -64,6 +65,12 @@ "data": "LatestNodeRuntimeMap" } ], + "/aws-cdk-s3-server-access-logs-sse-kms/Custom::S3AutoDeleteObjectsCustomResourceProvider": [ + { + "type": "aws:cdk:is-custom-resource-handler-customResourceProvider", + "data": true + } + ], "/aws-cdk-s3-server-access-logs-sse-kms/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ { "type": "aws:cdk:logicalId", @@ -112,6 +119,7 @@ "templateFile": "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/tree.json index 5a0a8a1b91da1..9aac8fb6b47ae 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/tree.json @@ -23,6 +23,7 @@ "aws:cdk:cloudformation:type": "AWS::KMS::Key", "aws:cdk:cloudformation:props": { "description": "Created by aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket", + "enableKeyRotation": true, "keyPolicy": { "Statement": [ { @@ -347,7 +348,7 @@ "path": "ServerAccessLogsSseKmsTest/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } }, "DeployAssert": { @@ -393,7 +394,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.ts index acb05d12fa50d..a424c74c7e793 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.ts @@ -13,6 +13,8 @@ const accessLogBucket = new s3.Bucket(stack, 'ServerAccessLogsBucket', { encryption: s3.BucketEncryption.KMS, }); +accessLogBucket.encryptionKey?.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY); + new s3.Bucket(stack, 'Bucket', { serverAccessLogsBucket: accessLogBucket, serverAccessLogsPrefix: 'example', diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.assets.json index b1a0dfd3a2622..6d56850b69555 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.assets.json @@ -1,7 +1,7 @@ { - "version": "30.1.0", + "version": "38.0.1", "files": { - "6ae3d2477de11ae9c62bfb4d56e5a92e2357fb0d390af77b733130578aee7339": { + "de79a27645479e4cbb257a8fd7ca9556fd3b17c4ac162e5499b12bfc6e2dc04d": { "source": { "path": "aws-cdk-s3.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6ae3d2477de11ae9c62bfb4d56e5a92e2357fb0d390af77b733130578aee7339.json", + "objectKey": "de79a27645479e4cbb257a8fd7ca9556fd3b17c4ac162e5499b12bfc6e2dc04d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json index addecf1a07382..ef0deeda9fb55 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json @@ -3,6 +3,8 @@ "MyBucketKeyC17130CF": { "Type": "AWS::KMS::Key", "Properties": { + "Description": "Created by aws-cdk-s3/MyBucket", + "EnableKeyRotation": true, "KeyPolicy": { "Statement": [ { @@ -30,11 +32,10 @@ } ], "Version": "2012-10-17" - }, - "Description": "Created by aws-cdk-s3/MyBucket" + } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "MyBucketF68F3FF0": { "Type": "AWS::S3::Bucket", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/cdk.out index b72fef144f05c..c6e612584e352 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"30.1.0"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/cdkintegs3bucketDefaultTestDeployAssertB89636B8.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/cdkintegs3bucketDefaultTestDeployAssertB89636B8.assets.json index 0fbecffa142a0..7934088b04102 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/cdkintegs3bucketDefaultTestDeployAssertB89636B8.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/cdkintegs3bucketDefaultTestDeployAssertB89636B8.assets.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/integ.json index 4f0015ef4deff..3f71db4db6331 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "38.0.1", "testCases": { "cdk-integ-s3-bucket/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/manifest.json index 02f5db42af79b..b754a10531c72 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "38.0.1", "artifacts": { "aws-cdk-s3.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,12 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-s3.template.json", + "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6ae3d2477de11ae9c62bfb4d56e5a92e2357fb0d390af77b733130578aee7339.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/de79a27645479e4cbb257a8fd7ca9556fd3b17c4ac162e5499b12bfc6e2dc04d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -91,7 +93,9 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "cdkintegs3bucketDefaultTestDeployAssertB89636B8.template.json", + "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/tree.json index b8869297cae25..cc053c65b30e4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/tree.json @@ -22,6 +22,8 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::KMS::Key", "aws:cdk:cloudformation:props": { + "description": "Created by aws-cdk-s3/MyBucket", + "enableKeyRotation": true, "keyPolicy": { "Statement": [ { @@ -49,18 +51,17 @@ } ], "Version": "2012-10-17" - }, - "description": "Created by aws-cdk-s3/MyBucket" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-kms.CfnKey", + "fqn": "aws-cdk-lib.aws_kms.CfnKey", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-kms.Key", + "fqn": "aws-cdk-lib.aws_kms.Key", "version": "0.0.0" } }, @@ -88,13 +89,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", + "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "0.0.0" } }, @@ -120,13 +121,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", + "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "0.0.0" } }, @@ -142,7 +143,7 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnUser", + "fqn": "aws-cdk-lib.aws_iam.CfnUser", "version": "0.0.0" } }, @@ -253,19 +254,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.User", + "fqn": "aws-cdk-lib.aws_iam.User", "version": "0.0.0" } }, @@ -273,7 +274,7 @@ "id": "BootstrapVersion", "path": "aws-cdk-s3/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -281,13 +282,13 @@ "id": "CheckBootstrapVersion", "path": "aws-cdk-s3/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, @@ -304,7 +305,7 @@ "path": "cdk-integ-s3-bucket/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.252" + "version": "10.4.2" } }, "DeployAssert": { @@ -315,7 +316,7 @@ "id": "BootstrapVersion", "path": "cdk-integ-s3-bucket/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -323,25 +324,25 @@ "id": "CheckBootstrapVersion", "path": "cdk-integ-s3-bucket/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTest", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", "version": "0.0.0" } }, @@ -350,12 +351,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.252" + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.App", + "fqn": "aws-cdk-lib.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.ts index 5835343ec37a4..3249a08f3f6ee 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.ts @@ -13,6 +13,8 @@ const bucket = new s3.Bucket(stack, 'MyBucket', { removalPolicy: cdk.RemovalPolicy.DESTROY, }); +bucket.encryptionKey?.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY); + const otherwiseEncryptedBucket = new s3.Bucket(stack, 'MyOtherBucket', { encryption: s3.BucketEncryption.S3_MANAGED, removalPolicy: cdk.RemovalPolicy.DESTROY, diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 482ed2b84d767..f93920382d72b 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -2203,6 +2203,7 @@ export class Bucket extends BucketBase { if (encryptionType === BucketEncryption.KMS) { const encryptionKey = props.encryptionKey || new kms.Key(this, 'Key', { description: `Created by ${this.node.path}`, + enableKeyRotation: true, }); const bucketEncryption = { diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index 21289402d51b1..e95cf81b71075 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -422,6 +422,7 @@ describe('bucket', () => { Template.fromStack(stack).hasResourceProperties('AWS::KMS::Key', { 'Description': 'Created by Default/MyBucket', + 'EnableKeyRotation': true, }); Template.fromStack(stack).hasResourceProperties('AWS::S3::Bucket', { @@ -1799,6 +1800,7 @@ describe('bucket', () => { }); Template.fromStack(stack).hasResourceProperties('AWS::KMS::Key', { + 'EnableKeyRotation': true, 'KeyPolicy': { 'Statement': Match.arrayWith([ {