Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

custom-resources: "Given KMS key is misconfigured." when tried to updateFirewallEncryptionConfiguration #30586

Closed
huyhoang160593 opened this issue Jun 19, 2024 · 3 comments
Closed

custom-resources: "Given KMS key is misconfigured." when tried to updateFirewallEncryptionConfiguration #30586

huyhoang160593 opened this issue Jun 19, 2024 · 3 comments
Labels
@aws-cdk/custom-resources Related to AWS CDK Custom Resources bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort p3 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@huyhoang160593
Copy link

Describe the bug

There is no way to define EncryptionConfiguration in firewall so I have to use custom resources to enable them, but reaching a road block that the lambda use for execute the function cannot be finished. I can easily change them with cli or console, but running this one always return with "Given KMS key is misconfigured."

Expected Behavior

Running the custom resources successfully

Current Behavior

"Given KMS key is misconfigured."

Reproduction Steps

const changeFirewallEncryptionConfig = new AwsCustomResource(
      this,
      "UpdateFirewallEncryptionConfiguration",
      {
        onUpdate: {
          service: "NetworkFirewall",
          action: "updateFirewallEncryptionConfiguration",
          parameters: {
            FirewallName: firewall.firewallName,
            FirewallArn: firewall.attrFirewallArn,
            EncryptionConfiguration: {
              KeyId: firewallCMK.keyArn,
              Type: "CUSTOMER_KMS",
            },
          },
          physicalResourceId: PhysicalResourceId.of(Date.now().toString()),
        },
        policy: AwsCustomResourcePolicy.fromSdkCalls({
          resources: AwsCustomResourcePolicy.ANY_RESOURCE,
        }),
      },
    );
    changeFirewallEncryptionConfig.node.addDependency(firewall);

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.143.0

Framework Version

No response

Node.js Version

20.10.0

OS

Linux

Language

TypeScript

Language Version

No response

Other information

No response
@huyhoang160593 huyhoang160593 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 19, 2024
@github-actions github-actions bot added the @aws-cdk/custom-resources Related to AWS CDK Custom Resources label Jun 19, 2024
@pahud
Copy link
Contributor

pahud commented Jun 19, 2024

You probably didn't pass correct parameters. This is recommended for custom resource debugging:

  1. Check the lambda log of your custom resource, you should see the parameters sent from SDK calls. Check if the parameters are correct as described in the AWS SDK document. You will want to check here for NetworkFirewall updateFirewallEncryptionConfiguration.
  2. If everything looks good but it still fails, try to write a simple JS app using AWS SDK for JS with exactly the same parameters and see if it works for you.

Hope this helps for the troubleshooting/debugging.

@pahud pahud added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p3 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jun 19, 2024
@github-actions GitHub Actions
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jun 21, 2024
@github-actions github-actions bot mentioned this issue Jun 24, 2024
Closed
@github-actions github-actions bot added closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 26, 2024
@github-actions github-actions bot mentioned this issue Jul 1, 2024
Closed
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
@aws-cdk/custom-resources Related to AWS CDK Custom Resources bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort p3 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pahud @huyhoang160593 @aws-cdk-automation