Skip to content

Commit 156648a

Browse files
kris-szlapakris-szlapa
committed
Remove encryptionKey property from s3 buckets
1 parent fc8ef58 commit 156648a

File tree

1 file changed

+5
-10
lines changed

1 file changed

+5
-10
lines changed

packages/cdk/stacks/EpsAssistMeStack.ts

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ export class EpsAssistMeStack extends Stack {
5151
public constructor(scope: App, id: string, props: EpsAssistMeStackProps) {
5252
super(scope, id, props)
5353

54-
// ==== Context/Parameters ====
54+
// Get variables from context
5555
const region = Stack.of(this).region
5656
const account = Stack.of(this).account
5757
const logRetentionInDays = Number(this.node.tryGetContext("logRetentionInDays")) || 14
@@ -97,26 +97,20 @@ export class EpsAssistMeStack extends Stack {
9797
tier: ssm.ParameterTier.STANDARD
9898
})
9999

100-
// ==== KMS Key Import ====
101-
const cloudWatchLogsKmsKey = Key.fromKeyArn(
102-
this, "cloudWatchLogsKmsKey", Fn.importValue("account-resources:CloudwatchLogsKmsKeyArn")
103-
)
104-
105-
// ==== S3 Buckets ====
100+
// Define the S3 bucket for access logs
106101
const accessLogBucket = new Bucket(this, "EpsAssistAccessLogsBucket", {
107102
blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
108103
encryption: BucketEncryption.KMS,
109-
encryptionKey: cloudWatchLogsKmsKey,
110104
removalPolicy: RemovalPolicy.DESTROY,
111105
autoDeleteObjects: true,
112106
enforceSSL: true,
113107
versioned: false,
114108
objectOwnership: ObjectOwnership.BUCKET_OWNER_ENFORCED
115109
})
116110

111+
// Define the S3 bucket for knowledge base documents
117112
const kbDocsBucket = new Bucket(this, "EpsAssistDocsBucket", {
118113
blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
119-
encryptionKey: cloudWatchLogsKmsKey,
120114
encryption: BucketEncryption.KMS,
121115
removalPolicy: RemovalPolicy.DESTROY,
122116
autoDeleteObjects: true,
@@ -127,13 +121,14 @@ export class EpsAssistMeStack extends Stack {
127121
serverAccessLogsPrefix: "s3-access-logs/"
128122
})
129123

130-
// ==== IAM Policies for S3 access (Bedrock Execution Role) ====
124+
// Create an IAM policy for S3 access
131125
const s3AccessListPolicy = new PolicyStatement({
132126
actions: ["s3:ListBucket"],
133127
resources: [kbDocsBucket.bucketArn]
134128
})
135129
s3AccessListPolicy.addCondition("StringEquals", {"aws:ResourceAccount": account})
136130

131+
// Create an IAM policy for S3 access
137132
const s3AccessGetPolicy = new PolicyStatement({
138133
actions: ["s3:GetObject", "s3:Delete*"],
139134
resources: [`${kbDocsBucket.bucketArn}/*`]

0 commit comments

Comments
 (0)