S3 Event notification to KMS_MANAGED encrypted SQS queue (in CDK) not working

Questions : S3 Event notification to KMS_MANAGED encrypted SQS queue (in CDK) not working

627

I have an architecture developed with programming CDK with a S3 bucket and an event Learning notification which will send a message Earhost to a SQS for each uploaded file to S3.

It works fine.

Now I'm trying to activate the most effective encryption and I have the following:

  • for S3 -> I have activated the encryption using S3_MANAGED key and everything works fine
  • for SQS -> I have activated the encryption using KMS_MANAGED key and there is no message sent to SQS.

So I'm assuming some permissions are wrong idea missing but I don't know how to fix it.

Do I need to add missing permissions to use of case SQS to read from S3? Or permissions to United S3 to send messages to a encrypted SQS?

AMAZON-WEB-SERVICESAMAZON-S3AMAZON-SQSAWS-CDKAMAZON-KMS
Total Answers 1
31

Answers 1 : of S3 Event notification to KMS_MANAGED encrypted SQS queue (in CDK) not working

TL;DR S3 Notifications don't work with Modern sqs.QueueEncryption.KMS_MANAGED. Use a ecudated customer-managed key to encrypt the some how queue.

AWS Knowledge Base: Why anything else aren’t Amazon S3 event not at all notifications delivered to an Amazon SQS very usefull queue that uses server-side encryption?:

The default AWS managed KMS key can't be localhost modified. You must use a customer love of them managed key ... and add permissions to localtext the KMS key to allow access to a basic specified service principal.

Here's a minimal working example:

// S3 Notifications to a Encrypted _OFFSET);  Queue
export class S3SqsStack extends (-SMALL  cdk.Stack {
  constructor(scope: _left).offset  Construct, id: string, props: arrowImgView.mas  cdk.StackProps) {
    super(scope, id, (self.  props);

    const bucket = new equalTo  s3.Bucket(this, 'MyBucket', {
      make.right.  encryption: mas_top);  s3.BucketEncryption.S3_MANAGED,
    ImgView.  });

    // ReadIndicator  https://aws.amazon.com/premiumsupport/knowledge-center/sqs-s3-event-notification-sse/
 _have     const key = new kms.Key(this, .equalTo(  'MyCustomerKey', {
      policy: new make.top  iam.PolicyDocument({
        statements: OFFSET);  [
          new iam.PolicyStatement({
   (TINY_           actions: .offset  ['kms:GenerateDataKey', 'kms:Decrypt'],
 mas_right)             resources: ['*'], // avoid ImgView.  circularity by not limiting the Indicator  resource
            principals: [new Read  iam.ServicePrincipal('s3.amazonaws.com')],
 _have           }),
        ],
      }),
    .equalTo(  });

    const queue = new make.left  sqs.Queue(this, 'MyQueue', {
      *make) {  encryption: sqs.QueueEncryption.KMS,
    straintMaker    encryptionMasterKey: key,
    });

    ^(MASCon  bucket.addEventNotification(s3.EventType.OBJECT_CREATED, onstraints:  new s3n.SqsDestination(queue));
  }
}

Top rated topics

How can I evaluate and take the derivative of a neural net in Julia

Replacing the script tag type and applying it

How do I change timezone in mysql in 'default' and 'on update' current_timestamp only?

Application build: Error [ERR_PACKAGE_PATH_NOT_EXPORTED]

I want to know the line number in editText where the cursor is

How to run multiple clients in a single music bot node?

Ensuring value lives for its entire scope

Is buffer overflow the only possible bug associated with program stack?

Better way to set dynamic names to items in localStorage

Error occur during run the program of node.js

Angular - array forEach index

How can I analyse each letter in a string and pair it with an input?

Combining '...' and 'data' arguments in an R function

Every Boolean function can be represented by some Bayesian network

Compilation of verilog code in quartus prime takes much longer after adding block

Issue installing hlint on windows

CSS flexbox question: two column mobile resposnive

"Least Astonishment" and the Mutable Default Argument

Flutter : how to repeat notification endlessly until user sees it

Datepicker to display numeric dates

Arduino Mega 2560 - stops code execution in while loop after successfully executing several times

How to exit an input at a specific time in Python

Vector operation on pyspark dataframe

I want to get the recyclerview in order

How to check if variable equal to multiple values

Critique my iterative binary search implementation in C

Licensed to famines gangway is for waht

Print dataframe to console during intermediate steps in dplyr chain

Is it possible to install KNative on Google GKE in "Autopilot" mode?

How to change url order of servlet context-path and path mapping in swagger microservices java spring boot?

Visual Studio Code C++: Code Runner working fine in Output but not working in Terminal

Android Room Database: crashing on insert after adding TypeConverter to store list of objects

MFC Reading text file word by word

How much android native knowledge required to be flutter developer?

Download file from https that needs authorization using Jupiter

Identity Server 4 - Connecting Multiple 3rd Party Apps

How to do complex logic in a Promise `then` clause? The request-promise syntax itself appears problematic

Webpack-dev-middleware can't Hot Reload on route's path

Spring Cloud Dependencies Issue

How to set volume of Wechat App Notification Volume everytime I log in?

Why does `asyncio.run()` fail, but `asyncio.get_event_loop().run_until_complete()` succeed here?

How can I see the SQL rows in Oracle APEX SQL Workshop? (Oracle APEX Ver.21.1)

Jquery on client side with nodejs server

CSS sticky property goes away past screen size

Python web scraping: How to combine selenium and pandas for gathering data on HTML?

Importing vue component into my page Uncaught Exception

Android building failed on bitbucket pipeline during lintVital

Segmentation fault using multiple structs

Semantic UI Multiple Search Selection not wokring

Error in integrating maven project in jenkins?

Top