Adding support for KMS in StateMachine and Activity resources

aws · Aug 7, 2024 · ce4774b · ce4774b
1 parent 3e3bf6c
commit ce4774b
Showing 1 changed file with 6 additions and 32 deletions.
diff --git a/packages/aws-cdk-lib/aws-stepfunctions/README.md b/packages/aws-cdk-lib/aws-stepfunctions/README.md
@@ -110,27 +110,13 @@ new sfn.StateMachine(this, 'StateMachineFromFile', {
 
 ### Creating a StateMachine with Encryption using a Customer Managed Key
 ```
+const kmsKey = new kms.Key(stack, 'Key');
 const stateMachine = new sfn.StateMachine(this, 'StateMachineWithCMKEncryptionConfiguration', {
       stateMachineName: 'StateMachineWithCMKEncryptionConfiguration',
       definitionBody: sfn.DefinitionBody.fromChainable(sfn.Chain.start(new sfn.Pass(this, 'Pass'))),
       stateMachineType: sfn.StateMachineType.STANDARD,
-      encryptionConfiguration: {
-        kmsKeyId: this.kmsKey.keyId,
-        kmsDataKeyReusePeriodSeconds: 75,
-        type: sfn.EncryptionType.CUSTOMER_MANAGED_KMS_KEY,
-      },
-    });
-```
-
-### Creating a StateMachine with Encryption using an AWS Owned Key
-```
-const stateMachinne = new sfn.StateMachine(this, 'StateMachineWithAOKEncryptionConfiguration', {
-      stateMachineName: 'StateMachineWithAOKEncryptionConfiguration',
-      definitionBody: sfn.DefinitionBody.fromChainable(sfn.Chain.start(new sfn.Pass(this, 'Pass'))),
-      stateMachineType: sfn.StateMachineType.STANDARD,
-      encryptionConfiguration: {
-        type: sfn.EncryptionType.AWS_OWNED_KEY,
-      },
+      kmsKey: kmsKey,
+      kmsDataKeyReusePeriodSeconds: cdk.Duration.seconds(60)
     });
 ```
 
@@ -915,23 +901,11 @@ new CfnOutput(this, 'ActivityArn', { value: activity.activityArn });
 
 ### Creating an Activity with Encryption using a Customer Managed Key
 ```
+const kmsKey = new kms.Key(stack, 'Key');
 const activity = new sfn.Activity(this, 'ActivityWithCMKEncryptionConfiguration', {
       activityName: 'ActivityWithCMKEncryptionConfiguration',
-      encryptionConfiguration: { 
-        kmsKeyId: this.kmsKey.keyId,
-        kmsDataKeyReusePeriodSeconds: 75,
-        type: sfn.EncryptionType.CUSTOMER_MANAGED_KMS_KEY,
-      },
-    });
-```
-
-### Creating an Activity with Encryption using an AWS Owned Key
-```
-const activity = new sfn.Activity(this, 'ActivityWithAOKEncryptionConfiguration', {
-      activityName: 'ActivityWithAOKEncryptionConfiguration',
-      encryptionConfiguration: { 
-        type: sfn.EncryptionType.AWS_OWNED_KEY,
-      },
+      kmsKey: kmsKey,
+      kmsDataKeyReusePeriodSeconds: cdk.Duration.seconds(75),
     });
 ```