我正在使用 AWS CDK 创建 S3、SQS 和 KMS 资源。我已经在 S3 和 SQS 资源上启用了加密。当我从 S3 启用通知到 SQS 时,出现了循环依赖错误。当我从代码中删除 KMS 设置时,它正常工作。
GitHub 仓库:https://github.com/techcoderunner/s3-sqs-kms-sample
from aws_cdk import aws_kms as kms
from aws_cdk import aws_s3 as s3
from aws_cdk import aws_sqs as sqs
from aws_cdk import aws_s3_notifications as s3notif
kms_key = kms.Key(self, 'ssl_s3_sqs_kms_key',
alias='sslS3SqsKmsKey',
description='This is kms key',
enabled=True,
enable_key_rotation=True,
policy=kms_policy_document,
)
# Create the S3 bucket
bucket = s3.Bucket(
self, "ssl_s3_bucket_raw_kms",
bucket_name="ssl-s3-bucket-kms-raw",
encryption=s3.BucketEncryption.KMS,
encryption_key=kms_key,
)
# Create the SQS queue
queue = sqs.Queue(
self, "ssl_sqs_event_queue",
queue_name="ssl-sqs-kms-event-queue",
encryption=sqs.QueueEncryption.KMS,
encryption_master_key=kms_key,
)
# Create S3 notification object which points to SQS
notification = s3notif.SqsDestination(queue)
filter1 = s3.NotificationKeyFilter(prefix="home/")
# Attach notificaton event to S3 bucket
bucket.add_event_notification(s3.EventType.OBJECT_CREATED,notification,filter1)