chore(sdk): remove unnecessary cloud.Bucket encryption config for a…

…ws targets (#4122) Starting January 5, 2023, Amazon S3 automatically applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for every bucket. All new object uploads to Amazon S3 are automatically encrypted at no additional cost and with no impact on performance. SSE-S3 uses 256-bit Advanced Encryption Standard. See [HERE](https://aws.amazon.com/about-aws/whats-new/2023/01/amazon-s3-automatically-encrypts-new-objects/). *By submitting this pull request, I confirm that my contribution is made under the terms of the [Wing Cloud Contribution License](https://github.com/winglang/wing/blob/main/CONTRIBUTION_LICENSE.md)*.
winglang · Sep 9, 2023 · 6fcfe7d · 6fcfe7d
1 parent 28391e8
commit 6fcfe7d
Show file tree

Hide file tree

Showing 50 changed files with 0 additions and 1,458 deletions.
diff --git a/libs/wingsdk/src/target-tf-aws/bucket.ts b/libs/wingsdk/src/target-tf-aws/bucket.ts
@@ -12,7 +12,6 @@ import {
 
 import { S3BucketPolicy } from "../.gen/providers/aws/s3-bucket-policy";
 import { S3BucketPublicAccessBlock } from "../.gen/providers/aws/s3-bucket-public-access-block";
-import { S3BucketServerSideEncryptionConfigurationA } from "../.gen/providers/aws/s3-bucket-server-side-encryption-configuration";
 import { S3Object } from "../.gen/providers/aws/s3-object";
 import * as cloud from "../cloud";
 import * as core from "../core";
@@ -166,18 +165,6 @@ export function createEncryptedBucket(
     forceDestroy: isTestEnvironment ? true : false,
   });
 
-  // best practice: (at-rest) data encryption with Amazon S3-managed keys
-  new S3BucketServerSideEncryptionConfigurationA(scope, "Encryption", {
-    bucket: bucket.bucket,
-    rule: [
-      {
-        applyServerSideEncryptionByDefault: {
-          sseAlgorithm: "AES256",
-        },
-      },
-    ],
-  });
-
   if (isPublic) {
     const publicAccessBlock = new S3BucketPublicAccessBlock(
       scope,

diff --git a/libs/wingsdk/test/target-tf-aws/__snapshots__/bucket.test.ts.snap b/libs/wingsdk/test/target-tf-aws/__snapshots__/bucket.test.ts.snap
@@ -32,18 +32,6 @@ exports[`bucket is public 1`] = `
         "restrict_public_buckets": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "my_bucket_Encryption_3B1569A4": {
-        "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
   },
 }
 `;
@@ -97,14 +85,6 @@ exports[`bucket is public 2`] = `
                     "id": "Default",
                     "path": "root/Default/my_bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/my_bucket/Encryption",
-                  },
                   "PublicAccessBlock": {
                     "constructInfo": {
                       "fqn": "cdktf.TerraformResource",
@@ -183,18 +163,6 @@ exports[`bucket prefix must be lowercase 1`] = `
         "force_destroy": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "The-UncannyBucket_Encryption_4CFC1E98": {
-        "bucket": "\${aws_s3_bucket.The-UncannyBucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
   },
 }
 `;
@@ -217,14 +185,6 @@ exports[`bucket prefix must be lowercase 2`] = `
                     "id": "Default",
                     "path": "root/Default/The-Uncanny.Bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/The-Uncanny.Bucket/Encryption",
-                  },
                 },
                 "constructInfo": {
                   "fqn": "constructs.Construct",
@@ -318,18 +278,6 @@ exports[`bucket prefix valid 1`] = `
         "force_destroy": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "the-uncannybucket_Encryption_78D02B71": {
-        "bucket": "\${aws_s3_bucket.the-uncannybucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
   },
 }
 `;
@@ -383,14 +331,6 @@ exports[`bucket prefix valid 2`] = `
                     "id": "Default",
                     "path": "root/Default/the-uncanny.bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/the-uncanny.bucket/Encryption",
-                  },
                 },
                 "constructInfo": {
                   "fqn": "constructs.Construct",
@@ -540,18 +480,6 @@ exports[`bucket with onCreate method 1`] = `
         "restrict_public_buckets": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "my_bucket_Encryption_3B1569A4": {
-        "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
     "aws_s3_object": {
       "my_bucket_my_bucket-oncreate-OnMessage-7b961f4d_S3Object_AA8B2734": {
         "bucket": "\${aws_s3_bucket.Code.bucket}",
@@ -651,14 +579,6 @@ exports[`bucket with onCreate method 2`] = `
                     "id": "Default",
                     "path": "root/Default/my_bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/my_bucket/Encryption",
-                  },
                   "PublicAccessBlock": {
                     "constructInfo": {
                       "fqn": "cdktf.TerraformResource",
@@ -962,18 +882,6 @@ exports[`bucket with onDelete method 1`] = `
         "restrict_public_buckets": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "my_bucket_Encryption_3B1569A4": {
-        "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
     "aws_s3_object": {
       "my_bucket_my_bucket-ondelete-OnMessage-1de1a361_S3Object_2203B527": {
         "bucket": "\${aws_s3_bucket.Code.bucket}",
@@ -1073,14 +981,6 @@ exports[`bucket with onDelete method 2`] = `
                     "id": "Default",
                     "path": "root/Default/my_bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/my_bucket/Encryption",
-                  },
                   "PublicAccessBlock": {
                     "constructInfo": {
                       "fqn": "cdktf.TerraformResource",
@@ -1478,18 +1378,6 @@ exports[`bucket with onEvent method 1`] = `
         "restrict_public_buckets": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "my_bucket_Encryption_3B1569A4": {
-        "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
     "aws_s3_object": {
       "my_bucket_my_bucket-oncreate-OnMessage-7b961f4d_S3Object_AA8B2734": {
         "bucket": "\${aws_s3_bucket.Code.bucket}",
@@ -1623,14 +1511,6 @@ exports[`bucket with onEvent method 2`] = `
                     "id": "Default",
                     "path": "root/Default/my_bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/my_bucket/Encryption",
-                  },
                   "PublicAccessBlock": {
                     "constructInfo": {
                       "fqn": "cdktf.TerraformResource",
@@ -2194,18 +2074,6 @@ exports[`bucket with onUpdate method 1`] = `
         "restrict_public_buckets": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "my_bucket_Encryption_3B1569A4": {
-        "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
     "aws_s3_object": {
       "my_bucket_my_bucket-onupdate-OnMessage-46c07356_S3Object_0B6EDB66": {
         "bucket": "\${aws_s3_bucket.Code.bucket}",
@@ -2305,14 +2173,6 @@ exports[`bucket with onUpdate method 2`] = `
                     "id": "Default",
                     "path": "root/Default/my_bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/my_bucket/Encryption",
-                  },
                   "PublicAccessBlock": {
                     "constructInfo": {
                       "fqn": "cdktf.TerraformResource",
@@ -2547,18 +2407,6 @@ exports[`bucket with two preflight files 1`] = `
         "restrict_public_buckets": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "my_bucket_Encryption_3B1569A4": {
-        "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
     "aws_s3_object": {
       "my_bucket_S3Object-file1txt_7AFE54AE": {
         "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
@@ -2624,14 +2472,6 @@ exports[`bucket with two preflight files 2`] = `
                     "id": "Default",
                     "path": "root/Default/my_bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/my_bucket/Encryption",
-                  },
                   "PublicAccessBlock": {
                     "constructInfo": {
                       "fqn": "cdktf.TerraformResource",
@@ -2744,18 +2584,6 @@ exports[`bucket with two preflight objects 1`] = `
         "restrict_public_buckets": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "my_bucket_Encryption_3B1569A4": {
-        "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
     "aws_s3_object": {
       "my_bucket_S3Object-file1txt_7AFE54AE": {
         "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
@@ -2821,14 +2649,6 @@ exports[`bucket with two preflight objects 2`] = `
                     "id": "Default",
                     "path": "root/Default/my_bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/my_bucket/Encryption",
-                  },
                   "PublicAccessBlock": {
                     "constructInfo": {
                       "fqn": "cdktf.TerraformResource",
@@ -2923,18 +2743,6 @@ exports[`create a bucket 1`] = `
         "force_destroy": false,
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "my_bucket_Encryption_3B1569A4": {
-        "bucket": "\${aws_s3_bucket.my_bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
   },
 }
 `;
@@ -2988,14 +2796,6 @@ exports[`create a bucket 2`] = `
                     "id": "Default",
                     "path": "root/Default/my_bucket/Default",
                   },
-                  "Encryption": {
-                    "constructInfo": {
-                      "fqn": "cdktf.TerraformResource",
-                      "version": "0.17.0",
-                    },
-                    "id": "Encryption",
-                    "path": "root/Default/my_bucket/Encryption",
-                  },
                 },
                 "constructInfo": {
                   "fqn": "constructs.Construct",

diff --git a/libs/wingsdk/test/target-tf-aws/__snapshots__/captures.test.ts.snap b/libs/wingsdk/test/target-tf-aws/__snapshots__/captures.test.ts.snap
@@ -357,18 +357,6 @@ exports[`function with bucket binding > put operation 2`] = `
         "bucket_prefix": "code-c84a50b1-",
       },
     },
-    "aws_s3_bucket_server_side_encryption_configuration": {
-      "Bucket_Encryption_016FDA0C": {
-        "bucket": "\${aws_s3_bucket.Bucket.bucket}",
-        "rule": [
-          {
-            "apply_server_side_encryption_by_default": {
-              "sse_algorithm": "AES256",
-            },
-          },
-        ],
-      },
-    },
     "aws_s3_object": {
       "Function_S3Object_C62A0C2D": {
         "bucket": "\${aws_s3_bucket.Code.bucket}",