DEPRECATED-lambda-cfn icon indicating copy to clipboard operation
DEPRECATED-lambda-cfn copied to clipboard
verified publisher icon mapbox

Better parameter encryption logic

Open zmully opened this issue 7 years ago • 0 comments

To encrypt parameters, you have to pass -k and this is really easy to forget to do. Since this is passed through to cfn-config which actually implements this behavior it will be difficult change.

Some thoughts:

  • lambda-cfn defaults to passing just -k to cfn-config and we add another option -nok or something to override that default. If you pass -k <kmsArn> it gets passed wholesale to cfn-config
    • -k with no arn defaults to the kms id alias/cloudformation, what happens if that doesn't exist?

zmully avatar Feb 08 '18 21:02 zmully