diff --git a/hello_world/hello_world_app.py b/hello_world/hello_world_app.py index 667bd8f..cfd330d 100644 --- a/hello_world/hello_world_app.py +++ b/hello_world/hello_world_app.py @@ -156,7 +156,7 @@ def __init__( self.encryption_key = kms.Key( self, "EncryptionKey", - description=f"KMS key for {stack.stack_name} log groups, Lambda env, AppConfig, and SNS", + description=f"KMS key for {stack.stack_name} log groups, Lambda env, AppConfig, and SNS [cdk-diff smoke test]", enable_key_rotation=True, # 90 days is a common compliance-aligned cadence (PCI/HIPAA forks # default to 90). Rotation is fully managed by AWS — key ID/ARN diff --git a/hello_world/hello_world_audit_stack.py b/hello_world/hello_world_audit_stack.py index 2216e9c..6d71920 100644 --- a/hello_world/hello_world_audit_stack.py +++ b/hello_world/hello_world_audit_stack.py @@ -91,7 +91,7 @@ def __init__( self.encryption_key = kms.Key( self, "AuditEncryptionKey", - description=f"KMS key for {self.stack_name} CloudTrail audit logs", + description=f"KMS key for {self.stack_name} CloudTrail audit logs [cdk-diff smoke test]", enable_key_rotation=True, rotation_period=Duration.days(90), removal_policy=removal_policy, diff --git a/hello_world/hello_world_data_stack.py b/hello_world/hello_world_data_stack.py index acabc34..3fbc4e5 100644 --- a/hello_world/hello_world_data_stack.py +++ b/hello_world/hello_world_data_stack.py @@ -68,7 +68,7 @@ def __init__(self, scope: Construct, construct_id: str, *, retain_data: bool = F self.encryption_key = kms.Key( self, "DataEncryptionKey", - description=f"KMS key for {self.stack_name} DynamoDB", + description=f"KMS key for {self.stack_name} DynamoDB [cdk-diff smoke test]", enable_key_rotation=True, rotation_period=Duration.days(90), removal_policy=removal_policy, diff --git a/hello_world/hello_world_frontend_stack.py b/hello_world/hello_world_frontend_stack.py index 7267b30..604da29 100644 --- a/hello_world/hello_world_frontend_stack.py +++ b/hello_world/hello_world_frontend_stack.py @@ -221,7 +221,7 @@ def __init__( frontend_encryption_key = kms.Key( self, "FrontendEncryptionKey", - description=f"KMS key for {self.stack_name} S3 bucket and log groups", + description=f"KMS key for {self.stack_name} S3 bucket and log groups [cdk-diff smoke test]", enable_key_rotation=True, # See HelloWorldApp.encryption_key for the rationale — automated # rotation, no dependent redeploys, 90-day compliance baseline. diff --git a/hello_world/hello_world_waf_stack.py b/hello_world/hello_world_waf_stack.py index e4adb5d..bb4f467 100644 --- a/hello_world/hello_world_waf_stack.py +++ b/hello_world/hello_world_waf_stack.py @@ -55,7 +55,7 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs: Any) -> None: waf_encryption_key = kms.Key( self, "WafEncryptionKey", - description=f"KMS key for {self.stack_name} provider log group encryption", + description=f"KMS key for {self.stack_name} provider log group encryption [cdk-diff smoke test]", enable_key_rotation=True, # See HelloWorldApp.encryption_key for the rationale — automated # rotation, no dependent redeploys, 90-day compliance baseline.