From 02672d85dc252aaf230a4b00d7c4b4db737876fc Mon Sep 17 00:00:00 2001 From: Tim Pugh Date: Sun, 14 Jun 2026 20:20:13 -0700 Subject: [PATCH] =?UTF-8?q?test:=20cdk-diff=20smoke=20test=20=E2=80=94=20b?= =?UTF-8?q?ump=20every=20stack's=20KMS=20key=20description?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Throwaway change to exercise the new cdk-diff CI job end-to-end: appends a marker to the KMS key description in all five stacks so the PR diff comment shows a clean one-line modify per stack. To be closed without merging. --- hello_world/hello_world_app.py | 2 +- hello_world/hello_world_audit_stack.py | 2 +- hello_world/hello_world_data_stack.py | 2 +- hello_world/hello_world_frontend_stack.py | 2 +- hello_world/hello_world_waf_stack.py | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hello_world/hello_world_app.py b/hello_world/hello_world_app.py index 667bd8f..cfd330d 100644 --- a/hello_world/hello_world_app.py +++ b/hello_world/hello_world_app.py @@ -156,7 +156,7 @@ def __init__( self.encryption_key = kms.Key( self, "EncryptionKey", - description=f"KMS key for {stack.stack_name} log groups, Lambda env, AppConfig, and SNS", + description=f"KMS key for {stack.stack_name} log groups, Lambda env, AppConfig, and SNS [cdk-diff smoke test]", enable_key_rotation=True, # 90 days is a common compliance-aligned cadence (PCI/HIPAA forks # default to 90). Rotation is fully managed by AWS — key ID/ARN diff --git a/hello_world/hello_world_audit_stack.py b/hello_world/hello_world_audit_stack.py index 2216e9c..6d71920 100644 --- a/hello_world/hello_world_audit_stack.py +++ b/hello_world/hello_world_audit_stack.py @@ -91,7 +91,7 @@ def __init__( self.encryption_key = kms.Key( self, "AuditEncryptionKey", - description=f"KMS key for {self.stack_name} CloudTrail audit logs", + description=f"KMS key for {self.stack_name} CloudTrail audit logs [cdk-diff smoke test]", enable_key_rotation=True, rotation_period=Duration.days(90), removal_policy=removal_policy, diff --git a/hello_world/hello_world_data_stack.py b/hello_world/hello_world_data_stack.py index acabc34..3fbc4e5 100644 --- a/hello_world/hello_world_data_stack.py +++ b/hello_world/hello_world_data_stack.py @@ -68,7 +68,7 @@ def __init__(self, scope: Construct, construct_id: str, *, retain_data: bool = F self.encryption_key = kms.Key( self, "DataEncryptionKey", - description=f"KMS key for {self.stack_name} DynamoDB", + description=f"KMS key for {self.stack_name} DynamoDB [cdk-diff smoke test]", enable_key_rotation=True, rotation_period=Duration.days(90), removal_policy=removal_policy, diff --git a/hello_world/hello_world_frontend_stack.py b/hello_world/hello_world_frontend_stack.py index 7267b30..604da29 100644 --- a/hello_world/hello_world_frontend_stack.py +++ b/hello_world/hello_world_frontend_stack.py @@ -221,7 +221,7 @@ def __init__( frontend_encryption_key = kms.Key( self, "FrontendEncryptionKey", - description=f"KMS key for {self.stack_name} S3 bucket and log groups", + description=f"KMS key for {self.stack_name} S3 bucket and log groups [cdk-diff smoke test]", enable_key_rotation=True, # See HelloWorldApp.encryption_key for the rationale — automated # rotation, no dependent redeploys, 90-day compliance baseline. diff --git a/hello_world/hello_world_waf_stack.py b/hello_world/hello_world_waf_stack.py index e4adb5d..bb4f467 100644 --- a/hello_world/hello_world_waf_stack.py +++ b/hello_world/hello_world_waf_stack.py @@ -55,7 +55,7 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs: Any) -> None: waf_encryption_key = kms.Key( self, "WafEncryptionKey", - description=f"KMS key for {self.stack_name} provider log group encryption", + description=f"KMS key for {self.stack_name} provider log group encryption [cdk-diff smoke test]", enable_key_rotation=True, # See HelloWorldApp.encryption_key for the rationale — automated # rotation, no dependent redeploys, 90-day compliance baseline.