0

Why is this even a problem? I set up an aws SES (Simple email service) that will encrypt my messages. So in my template I create the ReceiptRule. 

  ReceiptRule:
    Type: "AWS::SES::ReceiptRule"
    DependsOn: [ TestEmailBucket ]
    Properties:
      RuleSetName: 
        Ref: RuleSetName
      Rule:
        Name: "TestName
        Enabled: true
        Actions: 
          - S3Action:
              BucketName:
                Ref: InboundEmailBucket
              KmsKeyArn: "arn:aws:kms:eu-west-1:XXXXXX:key/XXXXXXX"
        Recipients:
          - Fn::Sub: default-recipient-to-avoid-catch-all${DomainName}

The code above works fine! But of course I don't want to hardcode my KmsKeyArn. So why is it not possible to just set a ref like this: 

Parameters: 
  KmsMasterKeyArn:
    Type: String
    Default: "arn:aws:kms:eu-west-1:XXXXX:key/XXXXXXX"
---------

Actions: 
  - S3Action:
      BucketName:
        Ref: InboundEmailBucket
      KmsKeyArn: 
        Ref: KmsMasterKeyArn

This is not working for me... I have many other places where the ref to KmsMasterKeyArn is working. It's just here, in the S3Action it's not working. Anyone with a solution?

Johan Byrén
  • 890
  • 2
  • 13
  • 28
  • What error do you get? Does it work if you manually place the KmsMasterKeyArnvalue instead of calling Ref? – Deiv Feb 14 '19 at 21:48
  • Yes it works if I set the key manually like this: KmsKeyArn: "arn:aws:kms:eu-west-1:XXXXXX:key/XXXXXXX". But with the Ref:, it fails... I dont get any errors in pipeline but no message is landing in my S3 bucket. It only lands a AMAZON_SES_SETUP_NOTIFICATION in the bucket. – Johan Byrén Feb 15 '19 at 08:29
  • 1
    If there is no error concerning the encryption then there must be something else going on here...I would suggest posting this on the SAM git pages, they would be better suited to help – Deiv Feb 15 '19 at 16:14

0 Answers0