Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS ConfigService KMS encryption support #20800

Merged
merged 4 commits into from
Sep 10, 2021
Merged

AWS ConfigService KMS encryption support #20800

merged 4 commits into from
Sep 10, 2021

Conversation

nickolivera
Copy link
Contributor

@nickolivera nickolivera commented Sep 5, 2021
edited
Loading

Adds s3_kms_key_arn allowing Config to encrypt files to the target S3 bucket. Does not support AWS Managed keys, has to be a Customer Managed one.

Updates DeliveryChannel Schema to v1.9.0 https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/configservice@v1.9.0/types#DeliveryChannel
https://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html (February 16, 2021)

Notes: adds a KMS key for testing, adds IAM permission to the role to use the KMS key.
Verified bucket ConfigWritabilityCheckFile file generated by AWSConfig, within its SSE details, is using the KMS key correctly.

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #20600

Output from acceptance testing:

user:terraform-provider-aws user$ make testacc TESTARGS="-run=TestAccAWSConfig_serial/DeliveryChannel"
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSConfig_serial/DeliveryChannel -timeout 180m
=== RUN   TestAccAWSConfig_serial
=== RUN   TestAccAWSConfig_serial/DeliveryChannel
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/basic
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/allParams
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/importBasic
--- PASS: TestAccAWSConfig_serial (156.14s)
    --- PASS: TestAccAWSConfig_serial/DeliveryChannel (156.14s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/basic (51.05s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/allParams (49.53s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/importBasic (55.56s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       156.257s

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. service/configservice Issues and PRs that pertain to the configservice service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/S Managed by automation to categorize the size of a PR. labels Sep 5, 2021
github-actions[bot]
github-actions bot reviewed Sep 5, 2021
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @nickyamanaka 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@breathingdust breathingdust added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Sep 5, 2021
ewbankkit
ewbankkit approved these changes Sep 10, 2021
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

Commercial
% make testacc TESTARGS='-run=TestAccAWSConfig_serial/DeliveryChannel'                   
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSConfig_serial/DeliveryChannel -timeout 180m
=== RUN   TestAccAWSConfig_serial
=== RUN   TestAccAWSConfig_serial/DeliveryChannel
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/basic
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/allParams
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/importBasic
--- PASS: TestAccAWSConfig_serial (119.70s)
    --- PASS: TestAccAWSConfig_serial/DeliveryChannel (119.70s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/basic (41.45s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/allParams (39.94s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/importBasic (38.31s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	123.710s
GovCloud
% make testacc TESTARGS='-run=TestAccAWSConfig_serial/DeliveryChannel'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSConfig_serial/DeliveryChannel -timeout 180m
=== RUN   TestAccAWSConfig_serial
=== RUN   TestAccAWSConfig_serial/DeliveryChannel
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/basic
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/allParams
=== RUN   TestAccAWSConfig_serial/DeliveryChannel/importBasic
--- PASS: TestAccAWSConfig_serial (123.26s)
    --- PASS: TestAccAWSConfig_serial/DeliveryChannel (123.26s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/basic (40.91s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/allParams (41.72s)
        --- PASS: TestAccAWSConfig_serial/DeliveryChannel/importBasic (40.63s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	126.517s

@ewbankkit
Copy link
Contributor

@nickyamanaka Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit eb582b3 into hashicorp:main Sep 10, 2021
@lorengordon lorengordon mentioned this pull request Sep 11, 2021
Merged
@breathingdust breathingdust added this to the v3.59.0 milestone Sep 16, 2021
@github-actions
Copy link

This functionality has been released in v3.59.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 21, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/configservice Issues and PRs that pertain to the configservice service. size/S Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v3.59.0
Development

Successfully merging this pull request may close these issues.

Support for KMS encryption on S3 buckets used by AWS Config
3 participants
@nickolivera @ewbankkit @breathingdust