Skip to content

Commit 6fcfe7d

Browse files
garysassanogarysassano
authored
chore(sdk): remove unnecessary cloud.Bucket encryption config for aws targets (#4122)
Starting January 5, 2023, Amazon S3 automatically applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for every bucket. All new object uploads to Amazon S3 are automatically encrypted at no additional cost and with no impact on performance. SSE-S3 uses 256-bit Advanced Encryption Standard. See [HERE](https://aws.amazon.com/about-aws/whats-new/2023/01/amazon-s3-automatically-encrypts-new-objects/). *By submitting this pull request, I confirm that my contribution is made under the terms of the [Wing Cloud Contribution License](https://github.com/winglang/wing/blob/main/CONTRIBUTION_LICENSE.md)*.
1 parent 28391e8 commit 6fcfe7d

File tree

50 files changed

+0
-1458
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+0
-1458
lines changed

libs/wingsdk/src/target-tf-aws/bucket.ts

-13
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@ import {
1212

1313
import { S3BucketPolicy } from "../.gen/providers/aws/s3-bucket-policy";
1414
import { S3BucketPublicAccessBlock } from "../.gen/providers/aws/s3-bucket-public-access-block";
15-
import { S3BucketServerSideEncryptionConfigurationA } from "../.gen/providers/aws/s3-bucket-server-side-encryption-configuration";
1615
import { S3Object } from "../.gen/providers/aws/s3-object";
1716
import * as cloud from "../cloud";
1817
import * as core from "../core";
@@ -166,18 +165,6 @@ export function createEncryptedBucket(
166165
forceDestroy: isTestEnvironment ? true : false,
167166
});
168167

169-
// best practice: (at-rest) data encryption with Amazon S3-managed keys
170-
new S3BucketServerSideEncryptionConfigurationA(scope, "Encryption", {
171-
bucket: bucket.bucket,
172-
rule: [
173-
{
174-
applyServerSideEncryptionByDefault: {
175-
sseAlgorithm: "AES256",
176-
},
177-
},
178-
],
179-
});
180-
181168
if (isPublic) {
182169
const publicAccessBlock = new S3BucketPublicAccessBlock(
183170
scope,

libs/wingsdk/test/target-tf-aws/__snapshots__/bucket.test.ts.snap

-200
Original file line numberDiff line numberDiff line change
@@ -32,18 +32,6 @@ exports[`bucket is public 1`] = `
3232
"restrict_public_buckets": false,
3333
},
3434
},
35-
"aws_s3_bucket_server_side_encryption_configuration": {
36-
"my_bucket_Encryption_3B1569A4": {
37-
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
38-
"rule": [
39-
{
40-
"apply_server_side_encryption_by_default": {
41-
"sse_algorithm": "AES256",
42-
},
43-
},
44-
],
45-
},
46-
},
4735
},
4836
}
4937
`;
@@ -97,14 +85,6 @@ exports[`bucket is public 2`] = `
9785
"id": "Default",
9886
"path": "root/Default/my_bucket/Default",
9987
},
100-
"Encryption": {
101-
"constructInfo": {
102-
"fqn": "cdktf.TerraformResource",
103-
"version": "0.17.0",
104-
},
105-
"id": "Encryption",
106-
"path": "root/Default/my_bucket/Encryption",
107-
},
10888
"PublicAccessBlock": {
10989
"constructInfo": {
11090
"fqn": "cdktf.TerraformResource",
@@ -183,18 +163,6 @@ exports[`bucket prefix must be lowercase 1`] = `
183163
"force_destroy": false,
184164
},
185165
},
186-
"aws_s3_bucket_server_side_encryption_configuration": {
187-
"The-UncannyBucket_Encryption_4CFC1E98": {
188-
"bucket": "\${aws_s3_bucket.The-UncannyBucket.bucket}",
189-
"rule": [
190-
{
191-
"apply_server_side_encryption_by_default": {
192-
"sse_algorithm": "AES256",
193-
},
194-
},
195-
],
196-
},
197-
},
198166
},
199167
}
200168
`;
@@ -217,14 +185,6 @@ exports[`bucket prefix must be lowercase 2`] = `
217185
"id": "Default",
218186
"path": "root/Default/The-Uncanny.Bucket/Default",
219187
},
220-
"Encryption": {
221-
"constructInfo": {
222-
"fqn": "cdktf.TerraformResource",
223-
"version": "0.17.0",
224-
},
225-
"id": "Encryption",
226-
"path": "root/Default/The-Uncanny.Bucket/Encryption",
227-
},
228188
},
229189
"constructInfo": {
230190
"fqn": "constructs.Construct",
@@ -318,18 +278,6 @@ exports[`bucket prefix valid 1`] = `
318278
"force_destroy": false,
319279
},
320280
},
321-
"aws_s3_bucket_server_side_encryption_configuration": {
322-
"the-uncannybucket_Encryption_78D02B71": {
323-
"bucket": "\${aws_s3_bucket.the-uncannybucket.bucket}",
324-
"rule": [
325-
{
326-
"apply_server_side_encryption_by_default": {
327-
"sse_algorithm": "AES256",
328-
},
329-
},
330-
],
331-
},
332-
},
333281
},
334282
}
335283
`;
@@ -383,14 +331,6 @@ exports[`bucket prefix valid 2`] = `
383331
"id": "Default",
384332
"path": "root/Default/the-uncanny.bucket/Default",
385333
},
386-
"Encryption": {
387-
"constructInfo": {
388-
"fqn": "cdktf.TerraformResource",
389-
"version": "0.17.0",
390-
},
391-
"id": "Encryption",
392-
"path": "root/Default/the-uncanny.bucket/Encryption",
393-
},
394334
},
395335
"constructInfo": {
396336
"fqn": "constructs.Construct",
@@ -540,18 +480,6 @@ exports[`bucket with onCreate method 1`] = `
540480
"restrict_public_buckets": false,
541481
},
542482
},
543-
"aws_s3_bucket_server_side_encryption_configuration": {
544-
"my_bucket_Encryption_3B1569A4": {
545-
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
546-
"rule": [
547-
{
548-
"apply_server_side_encryption_by_default": {
549-
"sse_algorithm": "AES256",
550-
},
551-
},
552-
],
553-
},
554-
},
555483
"aws_s3_object": {
556484
"my_bucket_my_bucket-oncreate-OnMessage-7b961f4d_S3Object_AA8B2734": {
557485
"bucket": "\${aws_s3_bucket.Code.bucket}",
@@ -651,14 +579,6 @@ exports[`bucket with onCreate method 2`] = `
651579
"id": "Default",
652580
"path": "root/Default/my_bucket/Default",
653581
},
654-
"Encryption": {
655-
"constructInfo": {
656-
"fqn": "cdktf.TerraformResource",
657-
"version": "0.17.0",
658-
},
659-
"id": "Encryption",
660-
"path": "root/Default/my_bucket/Encryption",
661-
},
662582
"PublicAccessBlock": {
663583
"constructInfo": {
664584
"fqn": "cdktf.TerraformResource",
@@ -962,18 +882,6 @@ exports[`bucket with onDelete method 1`] = `
962882
"restrict_public_buckets": false,
963883
},
964884
},
965-
"aws_s3_bucket_server_side_encryption_configuration": {
966-
"my_bucket_Encryption_3B1569A4": {
967-
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
968-
"rule": [
969-
{
970-
"apply_server_side_encryption_by_default": {
971-
"sse_algorithm": "AES256",
972-
},
973-
},
974-
],
975-
},
976-
},
977885
"aws_s3_object": {
978886
"my_bucket_my_bucket-ondelete-OnMessage-1de1a361_S3Object_2203B527": {
979887
"bucket": "\${aws_s3_bucket.Code.bucket}",
@@ -1073,14 +981,6 @@ exports[`bucket with onDelete method 2`] = `
1073981
"id": "Default",
1074982
"path": "root/Default/my_bucket/Default",
1075983
},
1076-
"Encryption": {
1077-
"constructInfo": {
1078-
"fqn": "cdktf.TerraformResource",
1079-
"version": "0.17.0",
1080-
},
1081-
"id": "Encryption",
1082-
"path": "root/Default/my_bucket/Encryption",
1083-
},
1084984
"PublicAccessBlock": {
1085985
"constructInfo": {
1086986
"fqn": "cdktf.TerraformResource",
@@ -1478,18 +1378,6 @@ exports[`bucket with onEvent method 1`] = `
14781378
"restrict_public_buckets": false,
14791379
},
14801380
},
1481-
"aws_s3_bucket_server_side_encryption_configuration": {
1482-
"my_bucket_Encryption_3B1569A4": {
1483-
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
1484-
"rule": [
1485-
{
1486-
"apply_server_side_encryption_by_default": {
1487-
"sse_algorithm": "AES256",
1488-
},
1489-
},
1490-
],
1491-
},
1492-
},
14931381
"aws_s3_object": {
14941382
"my_bucket_my_bucket-oncreate-OnMessage-7b961f4d_S3Object_AA8B2734": {
14951383
"bucket": "\${aws_s3_bucket.Code.bucket}",
@@ -1623,14 +1511,6 @@ exports[`bucket with onEvent method 2`] = `
16231511
"id": "Default",
16241512
"path": "root/Default/my_bucket/Default",
16251513
},
1626-
"Encryption": {
1627-
"constructInfo": {
1628-
"fqn": "cdktf.TerraformResource",
1629-
"version": "0.17.0",
1630-
},
1631-
"id": "Encryption",
1632-
"path": "root/Default/my_bucket/Encryption",
1633-
},
16341514
"PublicAccessBlock": {
16351515
"constructInfo": {
16361516
"fqn": "cdktf.TerraformResource",
@@ -2194,18 +2074,6 @@ exports[`bucket with onUpdate method 1`] = `
21942074
"restrict_public_buckets": false,
21952075
},
21962076
},
2197-
"aws_s3_bucket_server_side_encryption_configuration": {
2198-
"my_bucket_Encryption_3B1569A4": {
2199-
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
2200-
"rule": [
2201-
{
2202-
"apply_server_side_encryption_by_default": {
2203-
"sse_algorithm": "AES256",
2204-
},
2205-
},
2206-
],
2207-
},
2208-
},
22092077
"aws_s3_object": {
22102078
"my_bucket_my_bucket-onupdate-OnMessage-46c07356_S3Object_0B6EDB66": {
22112079
"bucket": "\${aws_s3_bucket.Code.bucket}",
@@ -2305,14 +2173,6 @@ exports[`bucket with onUpdate method 2`] = `
23052173
"id": "Default",
23062174
"path": "root/Default/my_bucket/Default",
23072175
},
2308-
"Encryption": {
2309-
"constructInfo": {
2310-
"fqn": "cdktf.TerraformResource",
2311-
"version": "0.17.0",
2312-
},
2313-
"id": "Encryption",
2314-
"path": "root/Default/my_bucket/Encryption",
2315-
},
23162176
"PublicAccessBlock": {
23172177
"constructInfo": {
23182178
"fqn": "cdktf.TerraformResource",
@@ -2547,18 +2407,6 @@ exports[`bucket with two preflight files 1`] = `
25472407
"restrict_public_buckets": false,
25482408
},
25492409
},
2550-
"aws_s3_bucket_server_side_encryption_configuration": {
2551-
"my_bucket_Encryption_3B1569A4": {
2552-
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
2553-
"rule": [
2554-
{
2555-
"apply_server_side_encryption_by_default": {
2556-
"sse_algorithm": "AES256",
2557-
},
2558-
},
2559-
],
2560-
},
2561-
},
25622410
"aws_s3_object": {
25632411
"my_bucket_S3Object-file1txt_7AFE54AE": {
25642412
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
@@ -2624,14 +2472,6 @@ exports[`bucket with two preflight files 2`] = `
26242472
"id": "Default",
26252473
"path": "root/Default/my_bucket/Default",
26262474
},
2627-
"Encryption": {
2628-
"constructInfo": {
2629-
"fqn": "cdktf.TerraformResource",
2630-
"version": "0.17.0",
2631-
},
2632-
"id": "Encryption",
2633-
"path": "root/Default/my_bucket/Encryption",
2634-
},
26352475
"PublicAccessBlock": {
26362476
"constructInfo": {
26372477
"fqn": "cdktf.TerraformResource",
@@ -2744,18 +2584,6 @@ exports[`bucket with two preflight objects 1`] = `
27442584
"restrict_public_buckets": false,
27452585
},
27462586
},
2747-
"aws_s3_bucket_server_side_encryption_configuration": {
2748-
"my_bucket_Encryption_3B1569A4": {
2749-
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
2750-
"rule": [
2751-
{
2752-
"apply_server_side_encryption_by_default": {
2753-
"sse_algorithm": "AES256",
2754-
},
2755-
},
2756-
],
2757-
},
2758-
},
27592587
"aws_s3_object": {
27602588
"my_bucket_S3Object-file1txt_7AFE54AE": {
27612589
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
@@ -2821,14 +2649,6 @@ exports[`bucket with two preflight objects 2`] = `
28212649
"id": "Default",
28222650
"path": "root/Default/my_bucket/Default",
28232651
},
2824-
"Encryption": {
2825-
"constructInfo": {
2826-
"fqn": "cdktf.TerraformResource",
2827-
"version": "0.17.0",
2828-
},
2829-
"id": "Encryption",
2830-
"path": "root/Default/my_bucket/Encryption",
2831-
},
28322652
"PublicAccessBlock": {
28332653
"constructInfo": {
28342654
"fqn": "cdktf.TerraformResource",
@@ -2923,18 +2743,6 @@ exports[`create a bucket 1`] = `
29232743
"force_destroy": false,
29242744
},
29252745
},
2926-
"aws_s3_bucket_server_side_encryption_configuration": {
2927-
"my_bucket_Encryption_3B1569A4": {
2928-
"bucket": "\${aws_s3_bucket.my_bucket.bucket}",
2929-
"rule": [
2930-
{
2931-
"apply_server_side_encryption_by_default": {
2932-
"sse_algorithm": "AES256",
2933-
},
2934-
},
2935-
],
2936-
},
2937-
},
29382746
},
29392747
}
29402748
`;
@@ -2988,14 +2796,6 @@ exports[`create a bucket 2`] = `
29882796
"id": "Default",
29892797
"path": "root/Default/my_bucket/Default",
29902798
},
2991-
"Encryption": {
2992-
"constructInfo": {
2993-
"fqn": "cdktf.TerraformResource",
2994-
"version": "0.17.0",
2995-
},
2996-
"id": "Encryption",
2997-
"path": "root/Default/my_bucket/Encryption",
2998-
},
29992799
},
30002800
"constructInfo": {
30012801
"fqn": "constructs.Construct",

libs/wingsdk/test/target-tf-aws/__snapshots__/captures.test.ts.snap

-12
Original file line numberDiff line numberDiff line change
@@ -357,18 +357,6 @@ exports[`function with bucket binding > put operation 2`] = `
357357
"bucket_prefix": "code-c84a50b1-",
358358
},
359359
},
360-
"aws_s3_bucket_server_side_encryption_configuration": {
361-
"Bucket_Encryption_016FDA0C": {
362-
"bucket": "\${aws_s3_bucket.Bucket.bucket}",
363-
"rule": [
364-
{
365-
"apply_server_side_encryption_by_default": {
366-
"sse_algorithm": "AES256",
367-
},
368-
},
369-
],
370-
},
371-
},
372360
"aws_s3_object": {
373361
"Function_S3Object_C62A0C2D": {
374362
"bucket": "\${aws_s3_bucket.Code.bucket}",

0 commit comments

Comments
 (0)