Skip to content

fix(iam): IEncryptedResource extends IEnvironmentAware instead of IResource #36787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mergify merged 1 commit into from
Jan 23, 2026
Merged

fix(iam): IEncryptedResource extends IEnvironmentAware instead of IResource #36787

mergify merged 1 commit into from
Jan 23, 2026
+12 −5

Conversation

@mrgrain
Copy link
Contributor

@mrgrain mrgrain commented Jan 23, 2026
edited
Loading

Reason for this change

The IEncryptedResource interface currently extends IResource, which requires implementations to be full CDK resources. By changing it to extend IEnvironmentAware instead, we allow for more flexible implementations that only need environment information to function correctly with encryption grants.

This change also aligns the GrantableResources.isEncryptedResource() type guard to accept IEnvironmentAware instead of IConstruct, making the API more consistent with the interface it guards.

Today, all AWS vended constructs that implement IEncryptedResource already implement IResource directly.

Description of changes

  • Changed IEncryptedResource to extend IEnvironmentAware instead of cdk.IResource
  • Updated GrantableResources.isEncryptedResource() parameter type from IConstruct to IEnvironmentAware
  • Removed the [awslint:interface-extends-ref] directive as it's no longer applicable

BREAKING CHANGE: Receivers of IEncryptedResource objects now have fewer guarantees about the shape of the object. If you still require an IResource, change the type to IEncryptedResource & IResource and/or add a type guard check using Resource.isResource(). Implementations of IEncryptedResource no longer need to implement IResource but must continue to implement IEnvironmentAware. Since IResource extends IEnvironmentAware, there is no change for implementors. Calls to GrantableResources.isEncryptedResource() now require an IEnvironmentAware argument instead of IConstruct.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

N/A

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label Jan 23, 2026
@aws-cdk-automation aws-cdk-automation requested a review from a team January 23, 2026 13:27
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jan 23, 2026
aws-cdk-automation
aws-cdk-automation previously requested changes Jan 23, 2026
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@mrgrain mrgrain changed the title feat(aws-iam)!: change IEncryptedResource to extend IEnvironmentAware feat(aws-iam)!: IEncryptedResource extends IEnvironmentAware instead of IResource Jan 23, 2026
@mrgrain mrgrain changed the title feat(aws-iam)!: IEncryptedResource extends IEnvironmentAware instead of IResource feat(aws-iam): IEncryptedResource extends IEnvironmentAware instead of IResource Jan 23, 2026
@mrgrain mrgrain added pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Jan 23, 2026
@mrgrain mrgrain changed the title feat(aws-iam): IEncryptedResource extends IEnvironmentAware instead of IResource feat(iam): IEncryptedResource extends IEnvironmentAware instead of IResource Jan 23, 2026
@mrgrain
feat(aws-iam)!: change IEncryptedResource to extend IEnvironmentAware
4ef156b 
BREAKING CHANGE: `IEncryptedResource` now extends `IEnvironmentAware` instead of `cdk.IResource`. The `GrantableResources.isEncryptedResource()` method now requires an `IEnvironmentAware` parameter instead of `IConstruct`.
@mrgrain mrgrain force-pushed the mrgrain/feat/aws-iam/encrypted-resource-extends-environment-aware branch from 1f0f1eb to 4ef156b Compare January 23, 2026 13:57
@mrgrain mrgrain changed the title feat(iam): IEncryptedResource extends IEnvironmentAware instead of IResource feat(core): IEncryptedResource extends IEnvironmentAware instead of IResource Jan 23, 2026
@mrgrain mrgrain changed the title feat(core): IEncryptedResource extends IEnvironmentAware instead of IResource feat: IEncryptedResource extends IEnvironmentAware instead of IResource Jan 23, 2026
@mrgrain mrgrain added the pr-linter/exempt-breaking-change The PR linter will not require stability in stable modules label Jan 23, 2026
@mrgrain mrgrain changed the title feat: IEncryptedResource extends IEnvironmentAware instead of IResource feat(iam): IEncryptedResource extends IEnvironmentAware instead of IResource Jan 23, 2026
@mrgrain mrgrain changed the title feat(iam): IEncryptedResource extends IEnvironmentAware instead of IResource fix(iam): IEncryptedResource extends IEnvironmentAware instead of IResource Jan 23, 2026
@aws-cdk-automation aws-cdk-automation dismissed their stale review January 23, 2026 14:22

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@mergify
Copy link
Contributor

mergify bot commented Jan 23, 2026

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 90ad834 into main Jan 23, 2026
39 of 42 checks passed
@mergify mergify bot deleted the mrgrain/feat/aws-iam/encrypted-resource-extends-environment-aware branch January 23, 2026 14:40
@mergify
Copy link
Contributor

mergify bot commented Jan 23, 2026

Merge Queue Status

✅ The pull request has been merged at 4ef156b

This pull request spent 7 seconds in the queue, with no time running CI.
The checks were run in-place.

Required conditions to merge

@github-actions
Copy link
Contributor

github-actions bot commented Jan 23, 2026

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 23, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. p2 pr-linter/exempt-breaking-change The PR linter will not require stability in stable modules pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mrgrain @rix0rrr @aws-cdk-automation