Describe the feature
DeployTimeSubstitutedFile is an extension of BucketDeployment that allows users to upload individual files and specify to make substitutions in the file.
Our CDK assets bucket is encrypted and we need to grant the DeployTimeSubstitutedFile access to our KMS key. In the past we have used BucketDeployment and passed a role via the BucketDeployment props with right set of permissions.
Reference: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment.BucketDeployment.html#role
Use Case
Fetch assets from encrypted KMS S3 Buckets
Proposed Solution
Expose the role as parameter within DeployTimeSubstitutedFileProps and pass it down to BucketDeployment parent
Other Information
No response
Acknowledgements
CDK version used
2.93.0
Environment details (OS name and version, etc.)
Mac
Describe the feature
DeployTimeSubstitutedFile is an extension of BucketDeployment that allows users to upload individual files and specify to make substitutions in the file.
Our CDK assets bucket is encrypted and we need to grant the
DeployTimeSubstitutedFileaccess to our KMS key. In the past we have usedBucketDeploymentand passed a role via theBucketDeploymentprops with right set of permissions.Reference: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment.BucketDeployment.html#role
Use Case
Fetch assets from encrypted KMS S3 Buckets
Proposed Solution
Expose the role as parameter within
DeployTimeSubstitutedFilePropsand pass it down toBucketDeploymentparentOther Information
No response
Acknowledgements
CDK version used
2.93.0
Environment details (OS name and version, etc.)
Mac