[aws-events-targets] Kinesis Stream target with Customer-Managed KMS key causes EventBridge FailedInvocations #10996
Labels
@aws-cdk/aws-events-targets
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p1
When you have a Kinesis stream encrypted by a customer-managed KMS key,
aws-events-targets
does not give EventBridge permission to encrypt events using the key.Reproduction Steps
Also available here: https://github.com/blimmer/cdk-bug-reports/compare/bug/kinesis-target-policy?expand=1
What did you expect to happen?
I expected the EventBridge rule to trigger successfully because I used the
aws-events-targets
package.What actually happened?
All
Invocations
wereFailedInvocations
in Cloudwatch because EventBridge couldn't encrypt the event toPutRecord
on the stream.This is the result of the
cdk synth
. As you can see, there'sStreamEventsRole3ADC0AFD
does not have the ability to encrypt usingStreamKey238BEC37
.Environment
Other
If you don't explicitly specify
encryption
e.g.,It automatically uses the Customer Master Key, which does not cause
FailedInvocations
.This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: