Skip to content

EFS : kmsKey issue when using CMK from another account #7641

New issue
New issue
Closed
#11524
Closed
EFS : kmsKey issue when using CMK from another account#7641
#11524
Assignees
shivlaks
Labels
@aws-cdk/aws-efsRelated to Amazon Elastic File SystembugThis issue is a bug.effort/smallSmall work item – less than a day of effortp2
@Cloudrage

Description

@Cloudrage
Cloudrage
opened on Apr 28, 2020

Bug

Can't create an EFS specifying kmsKey with a CMK created on another account.

When creating & specifying the CMK directly on the account where the EFS is created, it's working.

Reproduction Steps

Here the code used to create the EFS :

    const KmsKey= kms.Key.fromKeyArn(this, 'KmsKey', 'MyKeyArnOrMySsmStringParameterWithMyKeyArn);

    const Efs = new efs.FileSystem(this, 'Efs', {
      vpc: vpc,
      encrypted: true,
      kmsKey: KmsKey,
      performanceMode: efs.PerformanceMode.GENERAL_PURPOSE,
      throughputMode: efs.ThroughputMode.PROVISIONED,
      provisionedThroughputPerSecond: cdk.Size.mebibytes(100),
      securityGroup: SecurityGroupEfs
    });

Error Log

Here the error :
| CREATE_FAILED | AWS::EFS::FileSystem | Efs (EfsHost2659FEA6) The request was rejected because the specified key could not be found. [error=NotFoundException]

Environment

  • CLI Version : aws-cli/1.18.46 Python/3.7.3 / CDK Version: 1.35.0 (build e0810c8)
  • Framework Version: npm 6.14.4
  • Language : TypeScript

Other

The code is the same when created with a CMK from the other account or not.
But when the CMK is const fromKeyArn; it won't work.

This is 🐛 Bug Report

Metadata

Metadata

Assignees

Labels

@aws-cdk/aws-efsRelated to Amazon Elastic File SystembugThis issue is a bug.effort/smallSmall work item – less than a day of effortp2

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions