(aws-apprunner): support a customer managed key #30365

mazyu36 · 2024-05-28T22:12:14Z

Describe the feature

Support a customer managed key to encrypt all stored copies of your application source image or source bundle.
At the moment, L2 Construct (alpha module) cannot use a customer managed key.

Use Case

In App Runner, the source code and images that are copied are typically encrypted using AWS-managed keys.
However, there may be cases where you want to use a customer-managed key for encryption to enhance security or meet auditing requirements.

For this purpose, App Runner supports encryption using customer-managed keys.

Proposed Solution

Add a property to use a KMS key

Other Information

No response

Acknowledgements

I may be able to implement this feature request
This feature might incur a breaking change

CDK version used

2.143.0

Environment details (OS name and version, etc.)

all

khushail · 2024-05-29T00:58:31Z

Thanks @mazyu36 for submitting the PR !

…30352) ### Issue # (if applicable) Close #30365. ### Reason for this change AppRunner supports for using a customer managed key to encrypt all stored copies of your application source image or source bundle. https://docs.aws.amazon.com/apprunner/latest/dg/security-data-protection-encryption.html But L2 Construct (alpha module) cannot use a customer managed key. ### Description of changes Add kmsKey property to the Service class. ### Description of how you validated changes Add unit tests and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2024-05-30T02:38:54Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

…ws#30352) ### Issue # (if applicable) Close aws#30365. ### Reason for this change AppRunner supports for using a customer managed key to encrypt all stored copies of your application source image or source bundle. https://docs.aws.amazon.com/apprunner/latest/dg/security-data-protection-encryption.html But L2 Construct (alpha module) cannot use a customer managed key. ### Description of changes Add kmsKey property to the Service class. ### Description of how you validated changes Add unit tests and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws-cdk-automation · 2024-07-25T20:50:44Z

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

mazyu36 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels May 28, 2024

github-actions bot added the @aws-cdk/aws-apprunner Related to the apprunner package label May 28, 2024

mazyu36 mentioned this issue May 28, 2024

feat(apprunner): add kmsKey property for the AppRunner Service class #30352

Merged

1 task

khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels May 29, 2024

khushail self-assigned this May 29, 2024

khushail changed the title ~~apprunner: support a customer managed key~~ (aws-apprunner): support a customer managed key May 29, 2024

khushail added p2 effort/small Small work item – less than a day of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels May 29, 2024

khushail removed their assignment May 29, 2024

mergify bot closed this as completed in #30352 May 30, 2024

This was referenced Jun 1, 2024

Monthly issue metrics report #30413

Closed

Weekly issue metrics report #30433

Closed

NOUIY mentioned this issue Jun 22, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#105

Open

kazimanzurrashid mentioned this issue Jun 29, 2024

[Snyk] Upgrade aws-cdk-lib from 2.144.0 to 2.145.0 kazimanzurrashid/aws-scheduler-go#821

Open

This was referenced Jun 29, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#106

Open

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#107

Open

This was referenced Jul 12, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#108

Open

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#109

Open

This was referenced Jul 19, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#110

Open

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#111

Open

aws locked as resolved and limited conversation to collaborators Jul 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(aws-apprunner): support a customer managed key #30365

(aws-apprunner): support a customer managed key #30365

mazyu36 commented May 28, 2024

khushail commented May 29, 2024

github-actions bot commented May 30, 2024

aws-cdk-automation commented Jul 25, 2024