Support deployment bucket server side encryption #63
Description
As Serverless now can be configured to use server side encryption for a pre existing deployment bucket, can we use the same for this plugin?
Metadata
Metadata
Assignees
Type
Projects
Relationships
Development
No branches or pull requests
Participants
Activity
HyperBrain commentedon Jun 29, 2017
The plugin uploads the alias CF templates to the same bucket as SLS does for the base artifacts and templates. I did not test the feature yet. Can you try it and check if there are any issues with the alias uploads?
If there are any, the upload function within the alias plugin should be adapted accordingly to match the semantics found in the latest Serverless framework version.
sbkn commentedon Jun 29, 2017
As far as I can tell the plugin does not respect the
serverSideEncryptionsetting. So if I setdeploymentBucket->serverSideEncryptionto f.e.aws:kmsand configure the pre-existing bucket to deny unencrypted files, the initial template will be uploaded successfully while the alias template will fail withAccess Denied.HyperBrain commentedon Jun 29, 2017
Ok. Then this is a missing feature and the upload of the alias templates should be changed to match the semantics now used in the core framework, i.e. to support the
serverSideEncryptionsetting.[-]Deployment bucket server side encryption[/-][+]Support deployment bucket server side encryption[/+]HyperBrain commentedon Jul 5, 2017
@sbkn The feature is ready
(available in the PR). Although I have still to adapt the unit tests to get the coverage up again, you can already test it.and merged to master. Please leave a feedback here, if it works as expected now.