Skip to content

feat(events): enable customer managed keys to be used with Archive #35253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Aug 21, 2025
Merged

feat(events): enable customer managed keys to be used with Archive #35253

merged 13 commits into from
Aug 21, 2025

Conversation

@Lei-Tin
Copy link
Contributor

@Lei-Tin Lei-Tin commented Aug 17, 2025
edited
Loading

Issue # (if applicable)

N/A

Reason for this change

Amazon EventBridge supports Customer Managed Key for Events Archive since 2025/03.
But current L2 Construct does not support Customer Managed Keys as an attribute.

Description of changes

Add kmsKey property to the EventsArchive class.

A similar change for EventBus is implemented here: #30493

Describe any new or updated permissions being added

None

Description of how you validated changes

Add unit tests and integ tests.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added p2 beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK labels Aug 17, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team August 17, 2025 08:28
aws-cdk-automation
aws-cdk-automation previously requested changes Aug 17, 2025
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@Lei-Tin Lei-Tin changed the title feat(Events): Enable customer managed keys to be used with Archive feat(events): Enable customer managed keys to be used with Archive Aug 17, 2025
@Lei-Tin Lei-Tin changed the title feat(events): Enable customer managed keys to be used with Archive feat(events): enable customer managed keys to be used with Archive Aug 17, 2025
@aws-cdk-automation aws-cdk-automation dismissed their stale review August 17, 2025 08:52

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@Lei-Tin
Copy link
Contributor Author

Lei-Tin commented Aug 19, 2025
edited
Loading

Ready for review!

Exemption Request for the security guardian workflow, since I'm using a kms key.
Also, I don't think the rosetta errors were caused by my changes.

@aws-cdk-automation aws-cdk-automation added pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. and removed pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. labels Aug 19, 2025
rix0rrr
rix0rrr previously requested changes Aug 19, 2025
View reviewed changes
@rix0rrr rix0rrr self-assigned this Aug 19, 2025
@mergify mergify bot dismissed rix0rrr’s stale review August 20, 2025 21:12

Pull request has been modified.

rix0rrr
rix0rrr approved these changes Aug 21, 2025
View reviewed changes
packages/aws-cdk-lib/aws-events/lib/archive.ts
effect: iam.Effect.ALLOW,
conditions: {
StringEquals: {
'kms:EncryptionContext:aws:events:event-bus:arn': props.sourceEventBus.eventBusArn,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noice!

@mergify
Copy link
Contributor

mergify bot commented Aug 21, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Contributor

mergify bot commented Aug 21, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 9f5e507 into aws:main Aug 21, 2025
17 of 18 checks passed
@github-actions
Copy link
Contributor

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 21, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees

@rix0rrr rix0rrr

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK p2 pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Lei-Tin @rix0rrr @aws-cdk-automation