Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Poor usability of S3 Bucket encryption #2714

Closed
skinny85 opened this issue May 31, 2019 · 0 comments · Fixed by #2719 or MechanicalRock/tech-radar#14 · May be fixed by MechanicalRock/cdk-constructs#5, MechanicalRock/cdk-constructs#6 or MechanicalRock/cdk-constructs#7
Closed

Poor usability of S3 Bucket encryption #2714

skinny85 opened this issue May 31, 2019 · 0 comments · Fixed by #2719 or MechanicalRock/tech-radar#14 · May be fixed by MechanicalRock/cdk-constructs#5, MechanicalRock/cdk-constructs#6 or MechanicalRock/cdk-constructs#7
Labels
@aws-cdk/aws-s3 Related to Amazon S3

Comments

@skinny85
Copy link
Contributor

When I say:

const key = new kms.Key(this, 'Key');

new s3.Bucket(this, 'Bucket', {
  encryptionKey: key,
});

I get a validation error:

Error: encryptionKey is specified, so 'encryption' must be set to KMS (value: NONE)

This customer experience is not up to the CDK bar. If you know what should be specified in the encryption property, why are you forcing me to do it? Why should I have to tell you I want encryption twice?

(Now, if I explicitly specify both encryptionKey: key and encryption: s3.BucketEncryption.Unencrypted (note: different enum constant name than the NONE in the error message above!), fine, hit me with that validation error. But it should not happen by default)
@skinny85 skinny85 added the @aws-cdk/aws-s3 Related to Amazon S3 label May 31, 2019
eladb pushed a commit that referenced this issue Jun 3, 2019
feat(s3): default to KMS if encryptionKey is specified
7e9997d 
If `encryptionKey` is specified, defaults to KMS encryption.

Fixes #2714
@eladb eladb mentioned this issue Jun 3, 2019
Merged
4 tasks
eladb pushed a commit that referenced this issue Jun 3, 2019
feat(s3): default to KMS if encryptionKey is specified (#2719)
ae4a04f 
If `encryptionKey` is specified, defaults to KMS encryption.

Fixes #2714
This was referenced Aug 22, 2019
Open
Open
Open
Open
Open
This was referenced Dec 12, 2019
Closed
Closed
Closed
Merged
Closed
Closed
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Jan 20, 2020
Closed
Closed
@shivlaks shivlaks mentioned this issue Mar 30, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-s3 Related to Amazon S3
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(s3): default to KMS if encryptionKey is specified aws/aws-cdk
[Snyk] Upgrade @aws-cdk/aws-iam from 0.22.0 to 0.39.0 MechanicalRock/tech-radar
[Snyk] Upgrade @aws-cdk/aws-codebuild from 0.24.1 to 0.39.0 MechanicalRock/cdk-constructs
[Snyk] Upgrade @aws-cdk/aws-codepipeline from 0.24.1 to 0.39.0 MechanicalRock/cdk-constructs
[Snyk] Upgrade @aws-cdk/aws-s3 from 0.24.1 to 0.39.0 MechanicalRock/cdk-constructs
[Snyk] Upgrade @aws-cdk/aws-cloudfront from 0.15.2 to 0.39.0 MechanicalRock/cdk-products
[Snyk] Upgrade @aws-cdk/aws-codebuild from 0.15.2 to 0.39.0 MechanicalRock/cdk-products
[Snyk] Upgrade @aws-cdk/aws-codecommit from 0.15.2 to 0.39.0 MechanicalRock/cdk-products
[Snyk] Upgrade @aws-cdk/aws-codepipeline from 0.15.2 to 0.39.0 MechanicalRock/cdk-products
[Snyk] Upgrade @aws-cdk/cdk from 0.24.1 to 0.35.0 MechanicalRock/account-reaper
1 participant
@skinny85