英文:
TS2345: 'trustAccountIdentities' does not exist in type 'KeyProps' error in cdkv2
问题
I upgraded my cdk project from v1 to v2. It's complaining about trustAccountIdentities existence in cdkv2.
error at the time of build:
> error TS2345: Argument of type '{ enableKeyRotation: true; enabled: true; removalPolicy: cdk.RemovalPolicy.DESTROY; trustAccountIdentities: boolean; }' is not assignable to parameter of type 'KeyProps'.
Object literal may only specify known properties, and 'trustAccountIdentities' does not exist in type 'KeyProps'.
It was given the same way in cdkv1. My code is as below
const account = new AccountCustomResource(this, StackConfiguration.name+ '-BucketKmsAccountCustomResource');
/** Added code to create Custom kms key*/
const MyKmsKey = new kms.Key(this, (mykey).toLowerCase(), {
enableKeyRotation: true,
enabled: true,
removalPolicy: cdk.RemovalPolicy.DESTROY,
trustAccountIdentities: true
});
MyKmsKey.addAlias(mykey);
I tried commenting the trustAccountIdentities line and the build worked fine, but then it's giving an issue while deployment with the below error.
> Stack Deployments Failed: AccessDenied: User: arn:aws:sts::<arn#>:assumed-role/cdk-<some#>-deploy-role-<some#>-
英文:
I upgraded my cdk project from v1 to v2. It's complaining about trustAccountIdentities existance in cdkv2.
error at the time of build:
> error TS2345: Argument of type '{ enableKeyRotation: true; enabled: true; removalPolicy: cdk.RemovalPolicy.DESTROY; trustAccountIdentities: boolean; }' is not assignable to parameter of type 'KeyProps'.
Object literal may only specify known properties, and 'trustAccountIdentities' does not exist in type 'KeyProps'.
It was given same way in cdkv1. My code is as below
const account = new AccountCustomResource(this, StackConfiguration.name+ '-BucketKmsAccountCustomResource');
/** Added code to create Custom kms key*/
const MyKmsKey = new kms.Key(this, (mykey).toLowerCase(), {
enableKeyRotation: true,
enabled: true,
removalPolicy: cdk.RemovalPolicy.DESTROY,
trustAccountIdentities: true
});
MyKmsKey.addAlias(mykey);
I tried commenting trustAccountIdentities line and build worked fine but then it's giving issue while deployment with below error.
> Stack Deployments Failed: AccessDenied: User: arn:aws:sts::<arn#>:assumed-role/cdk-<some#>-deploy-role-<some#>-<AWS-region>/aws-cdk-bamboo is not authorized to perform: iam:PassRole on resource: arn:aws:iam::<some#>:role/cloud-services/pipeline-elevated-access with an explicit deny in an identity-based policy
答案1
得分: 1
trustAccountIdentities 属性已弃用。如果您希望将其视为 true,请使用 @aws-cdk/aws-kms:defaultKeyPolicies feature flag。
该信息来源于 KMSProps source code 文档字符串。它还解释了:
> 如果设置了 @aws-cdk/aws-kms:defaultKeyPolicies 功能标志(新项目的默认设置),此标志将始终被视为 'true',无需显式设置。
英文:
The trustAccountIdentities property is deprecated. If you need it treated as true, use the @aws-cdk/aws-kms:defaultKeyPolicies feature flag.
That info is from the KMSProps source code docstrings. It also explains that:
> If the @aws-cdk/aws-kms:defaultKeyPolicies feature flag is set (the default for new projects), this flag will always be treated as 'true' and does not need to be explicitly set.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论