Home > Back-end >  AWS SAM: How to create an S3 bucket with an already existing encryption key using SAM
AWS SAM: How to create an S3 bucket with an already existing encryption key using SAM

Time:10-14


I am a newbie to SAM (and CloudFormation) and I learned today that you can create a new bucket in adding something like this to the SAM yaml template:

Resources:
    my-great-new-bucket:
       Type:AWS::S3::Bucket

Does SAM offer a way to also add an already existing KMS encryption key to that newly created bucket (and to enable Bucket Key)?

With boto I would do exactly the following to achieve this:

 response = client.put_bucket_encryption(Bucket= bucketName, ServerSideEncryptionConfiguration={
        "Rules": [
            {
              "ApplyServerSideEncryptionByDefault": {
                "SSEAlgorithm": "aws:kms",
                "KMSMasterKeyID": myKeyArn
              },
              "BucketKeyEnabled": True
            }
          ]
        })

How can i transform this operation to the SAM template?

CodePudding user response:

So S3::Bucket is not a SAM resource but a normal CloudFormation resource. You can achieve this by changing KMS-KEY-ARN to the Key ID of your Key.

Resources:
  EncryptedS3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - BucketKeyEnabled: true
            ServerSideEncryptionByDefault:
              SSEAlgorithm: 'aws:kms'
              KMSMasterKeyID: KMS-KEY-ARN

Page link:https//www.codepudding.com/Backend/152274.html

Prev:What is the purpose of creating "Mappings" in CloudFormation?
Next:Flutter firebase error Exception has occurred. LateError (LateInitializationError: Local 'fireb
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding