custom-resources: "Given KMS key is misconfigured." when tried to updateFirewallEncryptionConfiguration
huyhoang160593 opened this issue · comments
Describe the bug
There is no way to define EncryptionConfiguration in firewall so I have to use custom resources to enable them, but reaching a road block that the lambda use for execute the function cannot be finished. I can easily change them with cli or console, but running this one always return with "Given KMS key is misconfigured."
Expected Behavior
Running the custom resources successfully
Current Behavior
"Given KMS key is misconfigured."
Reproduction Steps
const changeFirewallEncryptionConfig = new AwsCustomResource(
this,
"UpdateFirewallEncryptionConfiguration",
{
onUpdate: {
service: "NetworkFirewall",
action: "updateFirewallEncryptionConfiguration",
parameters: {
FirewallName: firewall.firewallName,
FirewallArn: firewall.attrFirewallArn,
EncryptionConfiguration: {
KeyId: firewallCMK.keyArn,
Type: "CUSTOMER_KMS",
},
},
physicalResourceId: PhysicalResourceId.of(Date.now().toString()),
},
policy: AwsCustomResourcePolicy.fromSdkCalls({
resources: AwsCustomResourcePolicy.ANY_RESOURCE,
}),
},
);
changeFirewallEncryptionConfig.node.addDependency(firewall);
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.143.0
Framework Version
No response
Node.js Version
20.10.0
OS
Linux
Language
TypeScript
Language Version
No response
Other information
No response
You probably didn't pass correct parameters. This is recommended for custom resource debugging:
- Check the lambda log of your custom resource, you should see the parameters sent from SDK calls. Check if the parameters are correct as described in the AWS SDK document. You will want to check here for NetworkFirewall updateFirewallEncryptionConfiguration.
- If everything looks good but it still fails, try to write a simple JS app using AWS SDK for JS with exactly the same parameters and see if it works for you.
Hope this helps for the troubleshooting/debugging.
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.