Giters

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code

Home Page:https://aws.amazon.com/cdk

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

custom-resources: "Given KMS key is misconfigured." when tried to updateFirewallEncryptionConfiguration

huyhoang160593 opened this issue · comments

commented

Describe the bug

There is no way to define EncryptionConfiguration in firewall so I have to use custom resources to enable them, but reaching a road block that the lambda use for execute the function cannot be finished. I can easily change them with cli or console, but running this one always return with "Given KMS key is misconfigured."

Expected Behavior

Running the custom resources successfully

Current Behavior

"Given KMS key is misconfigured."

Reproduction Steps

const changeFirewallEncryptionConfig = new AwsCustomResource(
      this,
      "UpdateFirewallEncryptionConfiguration",
      {
        onUpdate: {
          service: "NetworkFirewall",
          action: "updateFirewallEncryptionConfiguration",
          parameters: {
            FirewallName: firewall.firewallName,
            FirewallArn: firewall.attrFirewallArn,
            EncryptionConfiguration: {
              KeyId: firewallCMK.keyArn,
              Type: "CUSTOMER_KMS",
            },
          },
          physicalResourceId: PhysicalResourceId.of(Date.now().toString()),
        },
        policy: AwsCustomResourcePolicy.fromSdkCalls({
          resources: AwsCustomResourcePolicy.ANY_RESOURCE,
        }),
      },
    );
    changeFirewallEncryptionConfig.node.addDependency(firewall);

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.143.0

Framework Version

No response

Node.js Version

20.10.0

OS

Linux

Language

TypeScript

Language Version

No response

Other information

No response

commented

You probably didn't pass correct parameters. This is recommended for custom resource debugging:

  1. Check the lambda log of your custom resource, you should see the parameters sent from SDK calls. Check if the parameters are correct as described in the AWS SDK document. You will want to check here for NetworkFirewall updateFirewallEncryptionConfiguration.
  2. If everything looks good but it still fails, try to write a simple JS app using AWS SDK for JS with exactly the same parameters and see if it works for you.

Hope this helps for the troubleshooting/debugging.

commented

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.