fix(core): Remove encryption on lifecycle SNS Topic (#163)

Fixes: #162

packages/aws-rfdk/lib/core/lib/staticip-server.ts

@@ -32,7 +32,6 @@ import {
   Role,
   ServicePrincipal,
 } from '@aws-cdk/aws-iam';
-import {Key} from '@aws-cdk/aws-kms';
 import {
   Code,
   Function as LambdaFunction,
@@ -52,7 +51,6 @@ import {
   Construct,
   Duration,
   Lazy,
-  RemovalPolicy,
   Stack,
   Tags,
 } from '@aws-cdk/core';
@@ -403,21 +401,10 @@ export class StaticPrivateIpServer extends Construct implements IConnectable, IG
         assumedBy: new ServicePrincipal('autoscaling.amazonaws.com'),
       });
 
-      const notificationTopicEncryptKeyUniqueId = 'SNSEncryptionKey' + this.removeHyphens('255e9e52-ad03-4ddf-8ff8-274bc10d63d1');
-      const notificationTopicEncryptKey = new Key(stack, notificationTopicEncryptKeyUniqueId, {
-        description: `This key is used to encrypt SNS messages for ${notificationTopicUniqueId}.`,
-        enableKeyRotation: true,
-        removalPolicy: RemovalPolicy.DESTROY,
-        trustAccountIdentities: true,
-      });
-
       notificationTopic = new Topic(stack, notificationTopicUniqueId, {
         displayName: `For RFDK instance-launch notifications for stack '${stack.stackName}'`,
-        masterKey: notificationTopicEncryptKey,
       });
 
-      notificationTopicEncryptKey.grant(notificationRole, 'kms:Decrypt', 'kms:GenerateDataKey');
-
       notificationTopic.addSubscription(new LambdaSubscription(lambdaHandler));
       notificationTopic.grantPublish(notificationRole);
     } else {

packages/aws-rfdk/lib/core/test/staticip-server.test.ts

@@ -8,7 +8,6 @@ import {
   countResources,
   countResourcesLike,
   expect as cdkExpect,
-  expect as expectCDK,
   haveResourceLike,
   objectLike,
   ResourcePart,
@@ -93,48 +92,8 @@ describe('Test StaticIpServer', () => {
       Description: 'Created by RFDK StaticPrivateIpServer to process instance launch lifecycle events in stack \'StackName\'. This lambda attaches an ENI to newly launched instances.',
     }));
 
-    expectCDK(stack).to(haveResourceLike('AWS::KMS::Key', {
-      UpdateReplacePolicy: 'Delete',
-      DeletionPolicy: 'Delete',
-    }, ResourcePart.CompleteDefinition));
-    expectCDK(stack).to(haveResourceLike('AWS::KMS::Key', {
-      KeyPolicy: {
-        Statement: [
-          {
-            Action: 'kms:*',
-            Effect: 'Allow',
-            Principal: {
-              AWS: {
-                'Fn::Join': [
-                  '',
-                  [
-                    'arn:',
-                    {
-                      Ref: 'AWS::Partition',
-                    },
-                    ':iam::',
-                    {
-                      Ref: 'AWS::AccountId',
-                    },
-                    ':root',
-                  ],
-                ],
-              },
-            },
-            Resource: '*',
-          },
-        ],
-      },
-      EnableKeyRotation: true,
-    }));
     cdkExpect(stack).to(haveResourceLike('AWS::SNS::Topic', {
       DisplayName: 'For RFDK instance-launch notifications for stack \'StackName\'',
-      KmsMasterKeyId: {
-        'Fn::GetAtt': [
-          'SNSEncryptionKey255e9e52ad034ddf8ff8274bc10d63d1EDF79FFE',
-          'Arn',
-        ],
-      },
     }));
 
     cdkExpect(stack).to(haveResourceLike('AWS::SNS::Subscription', {
@@ -214,19 +173,6 @@ describe('Test StaticIpServer', () => {
     cdkExpect(stack).to(countResourcesLike('AWS::IAM::Policy', 1, {
       PolicyDocument: {
         Statement: [
-          {
-            Action: [
-              'kms:Decrypt',
-              'kms:GenerateDataKey',
-            ],
-            Effect: 'Allow',
-            Resource: {
-              'Fn::GetAtt': [
-                'SNSEncryptionKey255e9e52ad034ddf8ff8274bc10d63d1EDF79FFE',
-                'Arn',
-              ],
-            },
-          },
           {
             Action: 'sns:Publish',
             Effect: 'Allow',