Skip to content
This repository was archived by the owner on Oct 23, 2025. It is now read-only.

Commit c316d58

Browse files
zrfrzrfr
committed
fix: relax KMS key ID property transforms
We have property transforms that transform KMS key IDs into regex patterns matching the ARNs returned by the RDS API. These patterns did not work correctly in all regions, causing false drift detections to be reported. This change fixes the issue by relaxing the patterns so that they match when executed in all regions.
1 parent c906d0c commit c316d58

File tree

3 files changed

+7
-7
lines changed

3 files changed

+7
-7
lines changed

aws-rds-customdbengineversion/aws-rds-customdbengineversion.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@
120120
"propertyTransform": {
121121
"/properties/Engine": "$lowercase(Engine)",
122122
"/properties/EngineVersion": "$lowercase(EngineVersion)",
123-
"/properties/KMSKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", KMSKeyId])"
123+
"/properties/KMSKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", KMSKeyId])"
124124
},
125125
"required": [
126126
"Engine",

aws-rds-dbcluster/aws-rds-dbcluster.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -413,10 +413,10 @@
413413
"/properties/EnableHttpEndpoint": "$lowercase($string(EngineMode)) = 'serverless' ? EnableHttpEndpoint : ($lowercase($string(Engine)) in ['aurora-postgresql', 'aurora-mysql'] ? EnableHttpEndpoint : false )",
414414
"/properties/Engine": "$lowercase(Engine)",
415415
"/properties/EngineVersion": "$join([$string(EngineVersion), \".*\"])",
416-
"/properties/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", KmsKeyId])",
417-
"/properties/MasterUserSecret/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", MasterUserSecret.KmsKeyId])",
416+
"/properties/KmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", KmsKeyId])",
417+
"/properties/MasterUserSecret/KmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", MasterUserSecret.KmsKeyId])",
418418
"/properties/NetworkType": "$lowercase(NetworkType)",
419-
"/properties/PerformanceInsightsKmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", PerformanceInsightsKmsKeyId])",
419+
"/properties/PerformanceInsightsKmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", PerformanceInsightsKmsKeyId])",
420420
"/properties/PreferredMaintenanceWindow": "$lowercase(PreferredMaintenanceWindow)",
421421
"/properties/SnapshotIdentifier": "$lowercase(SnapshotIdentifier)",
422422
"/properties/SourceDBClusterIdentifier": "$lowercase(SourceDBClusterIdentifier)",

aws-rds-dbinstance/aws-rds-dbinstance.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -482,11 +482,11 @@
482482
"/properties/DBSubnetGroupName": "$lowercase(DBSubnetGroupName)",
483483
"/properties/Engine": "$lowercase(Engine)",
484484
"/properties/EngineVersion": "$join([$string(EngineVersion), \".*\"])",
485-
"/properties/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", KmsKeyId])",
486-
"/properties/MasterUserSecret/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", MasterUserSecret.KmsKeyId])",
485+
"/properties/KmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", KmsKeyId])",
486+
"/properties/MasterUserSecret/KmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", MasterUserSecret.KmsKeyId])",
487487
"/properties/NetworkType": "$lowercase(NetworkType)",
488488
"/properties/OptionGroupName": "$lowercase(OptionGroupName)",
489-
"/properties/PerformanceInsightsKMSKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", PerformanceInsightsKMSKeyId])",
489+
"/properties/PerformanceInsightsKMSKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", PerformanceInsightsKMSKeyId])",
490490
"/properties/PreferredMaintenanceWindow": "$lowercase(PreferredMaintenanceWindow)",
491491
"/properties/SourceDBInstanceAutomatedBackupsArn": "$lowercase(SourceDBInstanceAutomatedBackupsArn)",
492492
"/properties/SourceDBInstanceIdentifier": "$lowercase(SourceDBInstanceIdentifier)",

0 commit comments

Comments
 (0)