How to use the @aws-cdk/aws-kms.Key function in @aws-cdk/aws-kms

To help you get started, we’ve selected a few @aws-cdk/aws-kms examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github aws / aws-cdk / packages / @aws-cdk / aws-glue / lib / table.ts View on Github external
function createBucket(table: Table, props: TableProps) {
  const encryption = props.encryption || TableEncryption.UNENCRYPTED;
  let bucket = props.bucket;

  if (bucket && (encryption !== TableEncryption.UNENCRYPTED && encryption !== TableEncryption.CLIENT_SIDE_KMS)) {
    throw new Error('you can not specify encryption settings if you also provide a bucket');
  }

  let encryptionKey: kms.IKey | undefined;
  if (encryption === TableEncryption.CLIENT_SIDE_KMS && props.encryptionKey === undefined) {
    // CSE-KMS should behave the same as SSE-KMS - use the provided key or create one automatically
    // Since Bucket only knows about SSE, we repeat the logic for CSE-KMS at the Table level.
    encryptionKey = new kms.Key(table, 'Key');
  } else {
    encryptionKey = props.encryptionKey;
  }

  // create the bucket if none was provided
  if (!bucket) {
    if (encryption === TableEncryption.CLIENT_SIDE_KMS) {
      bucket = new s3.Bucket(table, 'Bucket');
    } else {
      bucket = new s3.Bucket(table, 'Bucket', {
        encryption: encryptionMappings[encryption],
        encryptionKey
      });
      encryptionKey = bucket.encryptionKey;
    }
  }
github aws / aws-cdk / packages / @aws-cdk / aws-kinesis / lib / stream.ts View on Github external
} {

    // default to unencrypted.
    const encryptionType = props.encryption || StreamEncryption.UNENCRYPTED;

    // if encryption key is set, encryption must be set to KMS.
    if (encryptionType !== StreamEncryption.KMS && props.encryptionKey) {
      throw new Error(`encryptionKey is specified, so 'encryption' must be set to KMS (value: ${encryptionType})`);
    }

    if (encryptionType === StreamEncryption.UNENCRYPTED) {
      return { streamEncryption: undefined, encryptionKey: undefined };
    }

    if (encryptionType === StreamEncryption.KMS) {
      const encryptionKey = props.encryptionKey || new kms.Key(this, 'Key', {
        description: `Created by ${this.node.path}`
      });

      const streamEncryption: CfnStream.StreamEncryptionProperty = {
        encryptionType: 'KMS',
        keyId: encryptionKey.keyArn
      };
      return { encryptionKey, streamEncryption };
    }

    throw new Error(`Unexpected 'encryptionType': ${encryptionType}`);
  }
}
github aws / aws-cdk / packages / @aws-cdk / aws-codepipeline / lib / cross-region-support-stack.ts View on Github external
constructor(scope: cdk.Construct, id: string) {
    super(scope, id);

    const encryptionKey = new kms.Key(this, 'CrossRegionCodePipelineReplicationBucketEncryptionKey', {
      removalPolicy: cdk.RemovalPolicy.DESTROY,
    });
    const encryptionAlias = new AliasWithShorterGeneratedName(this, 'CrossRegionCodePipelineReplicationBucketEncryptionAlias', {
      targetKey: encryptionKey,
      aliasName: cdk.PhysicalName.GENERATE_IF_NEEDED,
      removalPolicy: cdk.RemovalPolicy.DESTROY,
    });
    this.replicationBucket = new s3.Bucket(this, 'CrossRegionCodePipelineReplicationBucket', {
      bucketName: cdk.PhysicalName.GENERATE_IF_NEEDED,
      encryptionKey: encryptionAlias,
    });
  }
}
github aws / aws-cdk / packages / @aws-cdk / aws-sqs / lib / queue.ts View on Github external
if (encryption === QueueEncryption.UNENCRYPTED) {
        return { encryptionProps: {} };
      }

      if (encryption === QueueEncryption.KMS_MANAGED) {
        return {
          encryptionProps: {
            kmsMasterKeyId: 'alias/aws/sqs',
            kmsDataKeyReusePeriodSeconds: props.dataKeyReuse && props.dataKeyReuse.toSeconds()
          }
        };
      }

      if (encryption === QueueEncryption.KMS) {
        const masterKey = props.encryptionMasterKey || new kms.Key(this, 'Key', {
          description: `Created by ${this.node.path}`
        });

        return {
          encryptionMasterKey: masterKey,
          encryptionProps: {
            kmsMasterKeyId: masterKey.keyArn,
            kmsDataKeyReusePeriodSeconds: props.dataKeyReuse && props.dataKeyReuse.toSeconds()
          }
        };
      }

      throw new Error(`Unexpected 'encryptionType': ${encryption}`);
    }
  }

@aws-cdk/aws-kms

The CDK Construct Library for AWS::KMS

Apache-2.0
Latest version published 1 year ago

Package Health Score

70 / 100
Full package analysis