class KmsConstruct(Construct): @property def key(self): return self._key def __init__(self, scope: Construct, id: str, name: str) -> None: super().__init__(scope, id) self._key = Key(self, f"kms_key_{name}") self._key.add_alias(f"alias/kms-{name}") self._key.add_to_resource_policy( PolicyStatement(effect=Effect.ALLOW, actions=["kms:*"], principals=[AnyPrincipal()], resources=["*"]))
class BaseKMS(Construct): key: Key = None def __init__(self, scope: Construct, id: str, envs: EnvSettings): super().__init__(scope, id) self.key = Key(self, id="Key", alias=f"alias/{envs.project_name}") self.key.add_to_resource_policy( PolicyStatement(actions=["kms:Encrypt", "kms:Decrypt"], principals=[AccountRootPrincipal()], resources=["*"])) CfnOutput( self, "KmsKeyArnOutput", export_name=self.get_kms_arn_output_export_name(envs), value=self.key.key_arn, ) @staticmethod def get_kms_arn_output_export_name(envs): return f"{envs.project_name}-kmsKeyArn"