From c43e3bad81d17af8cdfb98089e05d43ab81bd808 Mon Sep 17 00:00:00 2001 From: Niranjan Jayakar Date: Fri, 19 Mar 2021 00:24:15 +0000 Subject: [PATCH] fix(lambda): incorrect values for prop UntrustedArtifactOnDeployment (#13667) The allowed values for `UntrustedArtifactOnDeployment` in the `AWS::Lambda::CodeSigningConfig` resource type are 'Warn' and 'Enforce'. This was incorrectly set in the CDK. fixes #13586 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts | 4 ++-- packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts b/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts index 0472eb5d048f5..5e76436b75cca 100644 --- a/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts +++ b/packages/@aws-cdk/aws-lambda/lib/code-signing-config.ts @@ -10,13 +10,13 @@ export enum UntrustedArtifactOnDeployment { /** * Lambda blocks the deployment request if signature validation checks fail. */ - ENFORCE = 'enforce', + ENFORCE = 'Enforce', /** * Lambda allows the deployment of the code package, but issues a warning. * Lambda issues a new Amazon CloudWatch metric, called a signature validation error and also stores the warning in CloudTrail. */ - WARN = 'warn', + WARN = 'Warn', } /** diff --git a/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts b/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts index 3e123ab5d5d89..6f6c1047f5453 100644 --- a/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/code-signing-config.test.ts @@ -28,7 +28,7 @@ describe('code signing config', () => { }], }, CodeSigningPolicies: { - UntrustedArtifactOnDeployment: lambda.UntrustedArtifactOnDeployment.WARN, + UntrustedArtifactOnDeployment: 'Warn', }, }); }); @@ -78,7 +78,7 @@ describe('code signing config', () => { expect(stack).toHaveResource('AWS::Lambda::CodeSigningConfig', { CodeSigningPolicies: { - UntrustedArtifactOnDeployment: lambda.UntrustedArtifactOnDeployment.ENFORCE, + UntrustedArtifactOnDeployment: 'Enforce', }, Description: 'test description', });