Skip to content
This repository has been archived by the owner on Mar 16, 2024. It is now read-only.

Commit

Permalink
Merge pull request #58 from g-linville/kms-default-key-alias
Browse files Browse the repository at this point in the history 
Add default alias for KMS key
  • Loading branch information
@g-linville
g-linville authored Sep 25, 2023
2 parents 8571176 + 11bf09a commit 092f304
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 12 deletions.
3 changes: 2 additions & 1 deletion kms/key/Acornfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ args: {
adminArn: ""
// Extra tags to place on the created Key. Optional.
tags: {}
// Alias for the Key. Optional.
// Alias for the Key. Optional. Default "@{acorn.name}-@{acorn.account}-@{acorn.project}"
keyAlias: ""
// Description for the Key. Optional.
description: "Acorn created KMS Key"
Expand Down Expand Up @@ -74,6 +74,7 @@ jobs: apply: {
ACORN_NAME: "@{acorn.name}"
ACORN_PROJECT: "@{acorn.project}"
ACORN_EXTERNAL_ID: "@{acorn.externalId}"
DEFAULT_KEY_ALIAS: "@{acorn.name}-@{acorn.account}-@{acorn.project}"
}
events: ["create", "update", "delete"]
permissions: rules: [{
Expand Down
22 changes: 11 additions & 11 deletions kms/key/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,17 +62,17 @@ containers: mycontainer: {

### Arguments

| Name | Description | Required | Default |
|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------------------------|
| `--key-name` | The name of the key in the CloudFormation stack. | No | (generated) |
| `--key-alias` | The alias (friendly name) to give to the key. | No | (none) |
| `--admin-arn` | The ARN of a user to set as the administrator of the key. You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. | No | (none) |
| `--description` | Description to attach to the key. | No | "Acorn created KMS Key" |
| `--key-spec` | The type of key to create. | Yes | `SYMMETRIC_DEFAULT` |
| `--key-usage` | The usage of the key. Each key spec only supports certain usages. See table below for details. | Yes | `ENCRYPT_DECRYPT` |
| `--pending-window-days` | The time (in days) that must pass after key deletion is requested before the key is deleted. Must be between 7 and 30 (inclusive) | Yes | 7 |
| `--key-policy` | The key policy to attach to the key. This must be in JSON format. | No | (created by AWS) |
| `--tags` | Tags to attach to the key. | No | (none) |
| Name | Description | Required | Default |
|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------------------------------------------------|
| `--key-name` | The name of the key in the CloudFormation stack. | No | (generated) |
| `--key-alias` | The alias (friendly name) to give to the key. | No | `@{acorn.name}-@{acorn.account}-@{acorn.project}` |
| `--admin-arn` | The ARN of a user to set as the administrator of the key. You can specify AWS accounts, IAM users, Federated SAML users, IAM roles, and specific assumed-role sessions. | No | (none) |
| `--description` | Description to attach to the key. | No | "Acorn created KMS Key" |
| `--key-spec` | The type of key to create. | Yes | `SYMMETRIC_DEFAULT` |
| `--key-usage` | The usage of the key. Each key spec only supports certain usages. See table below for details. | Yes | `ENCRYPT_DECRYPT` |
| `--pending-window-days` | The time (in days) that must pass after key deletion is requested before the key is deleted. Must be between 7 and 30 (inclusive) | Yes | 7 |
| `--key-policy` | The key policy to attach to the key. This must be in JSON format. | No | (created by AWS) |
| `--tags` | Tags to attach to the key. | No | (none) |

#### Key Specs and Usages

Expand Down
5 changes: 5 additions & 0 deletions kms/key/kms.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package main

import (
"os"
"strings"

"github.com/acorn-io/aws/kms/key/props"
"github.com/acorn-io/services/aws/libs/common"
"github.com/aws/aws-cdk-go/awscdk/v2"
Expand Down Expand Up @@ -37,6 +40,8 @@ func NewKMSKeyStack(scope constructs.Construct, id string, props *props.KMSKeySt
// Set optional properties
if len(props.KeyAlias) > 0 {
keyProps.Alias = jsii.String(props.KeyAlias)
} else {
keyProps.Alias = jsii.String(strings.ReplaceAll(os.Getenv("DEFAULT_KEY_ALIAS"), ".", "-"))
}
if len(props.Description) > 0 {
keyProps.Description = jsii.String(props.Description)
Expand Down

0 comments on commit 092f304

Please sign in to comment.