Imported Bucket configuration with CMK enabled.

Remarks

Use this configuration to use existing bucket, a bucket not created by accelerator solution.

Hierarchy

  • ImportedCustomerManagedEncryptionKeyBucketConfig

Implements

Constructors

Properties

applyAcceleratorManagedBucketPolicy: undefined | boolean = undefined

Flag indicating Accelerator to apply solution generated policy to imported bucket.

Remarks

Accelerator solution creates bucket resource policy based on various security services enabled by the solution. Example when macie is enabled, macie service will need access to the bucket, accelerator solution dynamically generate policy statements based on various services require access to the bucket.

Default value is false, accelerator managed policy will NOT be applied to bucket resource policy. When external policy files are provided through s3ResourcePolicyAttachments policy files, solution will add policies from the files to the imported bucket resource policy. If no external policy files are provided and value for this parameter is left to false, solution will not make changes to bucket resource policy. When value is set to true, accelerator solution will replace bucket resource policy with accelerator managed policies along with policies from external policy files if provided.

createAcceleratorManagedKey: undefined | boolean = undefined

Flag indicating solution should create CMK and apply to imported bucket.

Remarks

When the value is false, solution will not create KSM key, instead existing bucket encryption will be used and modified based on other parameters. When the value is true, solution will create KMS key and apply solution managed policy to the key. Once Accelerator pipeline executed with the value set to true, changing the value back to false, will case stack failure. Set this value to true when this will no longer be changed to false.

Default

false

name: string = ''

Imported bucket name

Generated using TypeDoc