Skip to content

Add kmsKeyRef value for Bucket CRD #1649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
philchristensen opened this issue Jan 27, 2023 · 8 comments
Open

Add kmsKeyRef value for Bucket CRD #1649

philchristensen opened this issue Jan 27, 2023 · 8 comments
Labels
service/s3 Indicates issues or PRs that are related to s3-controller.

Comments

@philchristensen
Copy link

Is your feature request related to a problem?
I'm trying to create a Helm chart to deploy an S3 bucket that follows our company security credentials. For each bucket, we create a dedicated KMS key, but I'm not currently able to do that in a single Helm installation.

The Bucket CRD only has a encryption/rules/applyServerSideEncryptionByDefault/kmsMasterKeyID field, and I need to be able to pass a kmsKeyRef object, much like I can when creating a DBInstance object for RDS.

Describe the solution you'd like
I'd like the Bucket CRD to support encryption/rules/applyServerSideEncryptionByDefault/kmsKeyRef so I can pass in the key object I'm creating.

Describe alternatives you've considered
All the examples I can find online depend on using Bash variables to combine k8s manifests with AWS CLI lookups, but I don't have access to these things in an automated, GitOps-based installation process.
@jaypipes
Copy link
Collaborator

This should be a relatively straightforward thing to add, right @RedbackThomson?

@RedbackThomson RedbackThomson added the service/s3 Indicates issues or PRs that are related to s3-controller. label Jan 30, 2023
@RedbackThomson RedbackThomson mentioned this issue Jan 30, 2023
Closed
@ack-bot
Copy link
Collaborator

ack-bot commented Apr 30, 2023

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle stale

@ack-prow ack-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 30, 2023
@ack-bot
Copy link
Collaborator

ack-bot commented May 30, 2023

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle rotten

@ack-prow ack-prow bot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 30, 2023
@ack-bot
Copy link
Collaborator

ack-bot commented Jun 29, 2023

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/close

@ack-prow ack-prow bot closed this as completed Jun 29, 2023
@ack-prow
Copy link

ack-prow bot commented Jun 29, 2023

@ack-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jessebye
Copy link

jessebye commented Oct 16, 2024
edited
Loading

@jaypipes @RedbackThomson Can this be reopened? We have the same use case.

@a-hilaly a-hilaly reopened this Oct 16, 2024
@a-hilaly a-hilaly removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Oct 21, 2024
@jessebye
Copy link

jessebye commented Jan 8, 2025

@jaypipes @a-hilaly we may be able to contribute towards a fix here, but I need a bit of guidance on where to start. This is impacting a use case we have where we create a new KMS key for each bucket and want to reference that KMS key's ARN in the bucket policy (as well as an IAM policy).

@starlightromero starlightromero mentioned this issue Apr 27, 2025
Draft
@michaelhtm
Copy link
Member

Hello!
Thank you for taking initiative to contribute. To allow resource references please follow the following steps: https://aws-controllers-k8s.github.io/community/docs/contributor-docs/code-generator-config/#references-making-a-field-refer-to-another-resource

Feel free to reach out with any questions :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/s3 Indicates issues or PRs that are related to s3-controller.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for KMS and S3 references RedbackThomson/ack-s3-controller
7 participants
@philchristensen @jaypipes @RedbackThomson @jessebye @a-hilaly @ack-bot @michaelhtm