fix(s3-notifications): fixing circular dependency when Bucket and SQS are encrypted by same KMS is used for s3 notification #31155
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #3067
Closes #3067
If you are reading this from discussion redirection (or landed here from searching in issue) run
cdk synth
in your app and look for warning displayed and look for@aws-cdk/aws-s3-notifications
. You will find out the solution.Reason for this change
cdk deploy
, when we use same same KMS for S3 and SQS.So, we need to draw a fair line on how to handle this. approaches considered,
Description of changes
shouldAddGlobalS3PermissionToKMSandSQS
, defaulted totrue
, as it will be backward compatiblecdk synth
false
is provided, as they will try to add imported Bucket Value to add permissionDescription of how you validated changes
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license