Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(s3): buckets with SSE-KMS silently fail to receive logs (aws#23385)
AWS S3 Server Access Logging does not support logging to buckets that use SSE-KMS, only to buckets without default encryption or to buckets that use SSE-S3. At least in some cases, this misconfiguration can be caught within the CDK (when logging to the same bucket or when the target bucket is using a KMS CMK). This will still fail to catch scenarios where the target bucket is using SSE-KMS using a KMS-managed key because the `encryptionKey` property is not set on the Bucket in that scenario. This may be a breaking change for some users; what is currently a mostly silent misconfiguration will become an error when synthesizing. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Construct Runtime Dependencies: * [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information