aws-cdk.app-staging-synthesizer-alpha 2.127.0a0__tar.gz → 2.128.0a0__tar.gz

{aws-cdk.app-staging-synthesizer-alpha-2.127.0a0/src/aws_cdk.app_staging_synthesizer_alpha.egg-info → aws-cdk.app-staging-synthesizer-alpha-2.128.0a0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.app-staging-synthesizer-alpha
-Version: 2.127.0a0
+Version: 2.128.0a0
 Summary: Cdk synthesizer for with app-scoped staging stack
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -57,9 +57,13 @@ are as follows:
 To get started, update your CDK App with a new `defaultStackSynthesizer`:
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
-        app_id="my-app-id"
+        app_id="my-app-id",  # put a unique id here
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED
     )
 )
 ```
@@ -119,9 +123,13 @@ synthesizer will create a new Staging Stack in each environment the CDK App is d
 its staging resources. To use this kind of synthesizer, use `AppStagingSynthesizer.defaultResources()`.
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
 
         # The following line is optional. By default it is assumed you have bootstrapped in the same
         # region(s) as the stack(s) you are deploying.
@@ -142,8 +150,14 @@ source code. As part of the `DefaultStagingStack`, an S3 bucket and IAM role wil
 used to upload the asset to S3.
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
-    default_stack_synthesizer=AppStagingSynthesizer.default_resources(app_id="my-app-id")
+    default_stack_synthesizer=AppStagingSynthesizer.default_resources(
+        app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED
+    )
 )
 
 stack = Stack(app, "my-stack")
@@ -163,9 +177,13 @@ You can customize some or all of the roles you'd like to use in the synthesizer
 if all you need is to supply custom roles (and not change anything else in the `DefaultStagingStack`):
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         deployment_identities=DeploymentIdentities.specify_roles(
             cloud_formation_execution_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/Execute"),
             deployment_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/Deploy"),
@@ -183,9 +201,13 @@ and `CloudFormationExecutionRole` in the
 [bootstrap template](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml).
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         deployment_identities=DeploymentIdentities.cli_credentials()
     )
 )
@@ -196,9 +218,13 @@ assumable by the deployment role. You can also specify an existing IAM role for
 `fileAssetPublishingRole` or `imageAssetPublishingRole`:
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         file_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/S3Access"),
         image_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/ECRAccess")
     )
@@ -250,9 +276,13 @@ to a previous version of an application just by doing a CloudFormation deploymen
 template, without rebuilding and republishing assets.
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         deploy_time_file_asset_lifetime=Duration.days(100)
     )
 )
@@ -268,9 +298,13 @@ purged.
 To change the number of revisions stored, use `imageAssetVersionCount`:
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         image_asset_version_count=10
     )
 )
@@ -284,9 +318,13 @@ or `emptyOnDelete` turned on. This creates custom resources under the hood to fa
 cleanup. To turn this off, specify `autoDeleteStagingAssets: false`.
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         auto_delete_staging_assets=False
     )
 )
@@ -294,20 +332,20 @@ app = App(
 
 ### Staging Bucket Encryption
 
-By default, the staging resources will be stored in an S3 Bucket with KMS encryption. To use
-SSE-S3, set `stagingBucketEncryption` to `BucketEncryption.S3_MANAGED`.
+You must explicitly specify the encryption type for the staging bucket via the `stagingBucketEncryption` property. In
+future versions of this package, the default will be `BucketEncryption.S3_MANAGED`.
 
-```python
-from aws_cdk.aws_s3 import BucketEncryption
+In previous versions of this package, the default was to use KMS encryption for the staging bucket. KMS keys cost
+$1/month, which could result in unexpected costs for users who are not aware of this. As we stabilize this module
+we intend to make the default S3-managed encryption, which is free. However, the migration path from KMS to S3
+managed encryption for existing buckets is not straightforward. Therefore, for now, this property is required.
 
+If you have an existing staging bucket encrypted with a KMS key, you will likely want to set this property to
+`BucketEncryption.KMS`. If you are creating a new staging bucket, you can set this property to
+`BucketEncryption.S3_MANAGED` to avoid the cost of a KMS key.
 
-app = App(
-    default_stack_synthesizer=AppStagingSynthesizer.default_resources(
-        app_id="my-app-id",
-        staging_bucket_encryption=BucketEncryption.S3_MANAGED
-    )
-)
-```
+You can learn more about choosing a bucket encryption type in the
+[S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html).
 
 ## Using a Custom Staging Stack per Environment
 

{aws-cdk.app-staging-synthesizer-alpha-2.127.0a0 → aws-cdk.app-staging-synthesizer-alpha-2.128.0a0}/README.md

@@ -31,9 +31,13 @@ are as follows:
 To get started, update your CDK App with a new `defaultStackSynthesizer`:
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
-        app_id="my-app-id"
+        app_id="my-app-id",  # put a unique id here
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED
     )
 )
 ```
@@ -93,9 +97,13 @@ synthesizer will create a new Staging Stack in each environment the CDK App is d
 its staging resources. To use this kind of synthesizer, use `AppStagingSynthesizer.defaultResources()`.
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
 
         # The following line is optional. By default it is assumed you have bootstrapped in the same
         # region(s) as the stack(s) you are deploying.
@@ -116,8 +124,14 @@ source code. As part of the `DefaultStagingStack`, an S3 bucket and IAM role wil
 used to upload the asset to S3.
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
-    default_stack_synthesizer=AppStagingSynthesizer.default_resources(app_id="my-app-id")
+    default_stack_synthesizer=AppStagingSynthesizer.default_resources(
+        app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED
+    )
 )
 
 stack = Stack(app, "my-stack")
@@ -137,9 +151,13 @@ You can customize some or all of the roles you'd like to use in the synthesizer
 if all you need is to supply custom roles (and not change anything else in the `DefaultStagingStack`):
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         deployment_identities=DeploymentIdentities.specify_roles(
             cloud_formation_execution_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/Execute"),
             deployment_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/Deploy"),
@@ -157,9 +175,13 @@ and `CloudFormationExecutionRole` in the
 [bootstrap template](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml).
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         deployment_identities=DeploymentIdentities.cli_credentials()
     )
 )
@@ -170,9 +192,13 @@ assumable by the deployment role. You can also specify an existing IAM role for
 `fileAssetPublishingRole` or `imageAssetPublishingRole`:
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         file_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/S3Access"),
         image_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/ECRAccess")
     )
@@ -224,9 +250,13 @@ to a previous version of an application just by doing a CloudFormation deploymen
 template, without rebuilding and republishing assets.
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         deploy_time_file_asset_lifetime=Duration.days(100)
     )
 )
@@ -242,9 +272,13 @@ purged.
 To change the number of revisions stored, use `imageAssetVersionCount`:
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         image_asset_version_count=10
     )
 )
@@ -258,9 +292,13 @@ or `emptyOnDelete` turned on. This creates custom resources under the hood to fa
 cleanup. To turn this off, specify `autoDeleteStagingAssets: false`.
 
 ```python
+from aws_cdk.aws_s3 import BucketEncryption
+
+
 app = App(
     default_stack_synthesizer=AppStagingSynthesizer.default_resources(
         app_id="my-app-id",
+        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
         auto_delete_staging_assets=False
     )
 )
@@ -268,20 +306,20 @@ app = App(
 
 ### Staging Bucket Encryption
 
-By default, the staging resources will be stored in an S3 Bucket with KMS encryption. To use
-SSE-S3, set `stagingBucketEncryption` to `BucketEncryption.S3_MANAGED`.
+You must explicitly specify the encryption type for the staging bucket via the `stagingBucketEncryption` property. In
+future versions of this package, the default will be `BucketEncryption.S3_MANAGED`.
 
-```python
-from aws_cdk.aws_s3 import BucketEncryption
+In previous versions of this package, the default was to use KMS encryption for the staging bucket. KMS keys cost
+$1/month, which could result in unexpected costs for users who are not aware of this. As we stabilize this module
+we intend to make the default S3-managed encryption, which is free. However, the migration path from KMS to S3
+managed encryption for existing buckets is not straightforward. Therefore, for now, this property is required.
 
+If you have an existing staging bucket encrypted with a KMS key, you will likely want to set this property to
+`BucketEncryption.KMS`. If you are creating a new staging bucket, you can set this property to
+`BucketEncryption.S3_MANAGED` to avoid the cost of a KMS key.
 
-app = App(
-    default_stack_synthesizer=AppStagingSynthesizer.default_resources(
-        app_id="my-app-id",
-        staging_bucket_encryption=BucketEncryption.S3_MANAGED
-    )
-)
-```
+You can learn more about choosing a bucket encryption type in the
+[S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html).
 
 ## Using a Custom Staging Stack per Environment
 

{aws-cdk.app-staging-synthesizer-alpha-2.127.0a0 → aws-cdk.app-staging-synthesizer-alpha-2.128.0a0}/setup.py

@@ -5,7 +5,7 @@ kwargs = json.loads(
     """
 {
     "name": "aws-cdk.app-staging-synthesizer-alpha",
-    "version": "2.127.0.a0",
+    "version": "2.128.0.a0",
     "description": "Cdk synthesizer for with app-scoped staging stack",
     "license": "Apache-2.0",
     "url": "https://github.com/aws/aws-cdk",
@@ -26,7 +26,7 @@ kwargs = json.loads(
     ],
     "package_data": {
         "aws_cdk.app_staging_synthesizer_alpha._jsii": [
-            "app-staging-synthesizer-alpha@2.127.0-alpha.0.jsii.tgz"
+            "app-staging-synthesizer-alpha@2.128.0-alpha.0.jsii.tgz"
         ],
         "aws_cdk.app_staging_synthesizer_alpha": [
             "py.typed"
@@ -34,7 +34,7 @@ kwargs = json.loads(
     },
     "python_requires": "~=3.8",
     "install_requires": [
-        "aws-cdk-lib>=2.127.0, <3.0.0",
+        "aws-cdk-lib>=2.128.0, <3.0.0",
         "constructs>=10.0.0, <11.0.0",
         "jsii>=1.94.0, <2.0.0",
         "publication>=0.0.3",