aws
diff --git a/‎.cfnlintrc.yaml‎
Lines changed: 1 addition & 0 deletions b/‎.cfnlintrc.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎samtranslator/internal/schema_source/aws_serverless_function.py‎
Lines changed: 5 additions & 2 deletions b/‎samtranslator/internal/schema_source/aws_serverless_function.py‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎samtranslator/model/sam_resources.py‎
Lines changed: 10 additions & 3 deletions b/‎samtranslator/model/sam_resources.py‎
Lines changed: 10 additions & 3 deletions
diff --git a/‎samtranslator/plugins/globals/globals.py‎
Lines changed: 2 additions & 1 deletion b/‎samtranslator/plugins/globals/globals.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎samtranslator/schema/schema.json‎
Lines changed: 10 additions & 2 deletions b/‎samtranslator/schema/schema.json‎
Lines changed: 10 additions & 2 deletions
diff --git a/‎schema_source/sam.schema.json‎
Lines changed: 10 additions & 2 deletions b/‎schema_source/sam.schema.json‎
Lines changed: 10 additions & 2 deletions
@@ -131,6 +131,7 @@ ignore_templates:
   - tests/translator/output/**/function_with_mq.json  # Property "EventSourceArn" can Fn::GetAtt to a resource of types [AWS::DynamoDB::GlobalTable, AWS::DynamoDB::Table, AWS::Kinesis::Stream, AWS::Kinesis::StreamConsumer, AWS::SQS::Queue]
   - tests/translator/output/**/function_with_mq_using_autogen_role.json  # Property "EventSourceArn" can Fn::GetAtt to a resource of types [AWS::DynamoDB::GlobalTable, AWS::DynamoDB::Table, AWS::Kinesis::Stream, AWS::Kinesis::StreamConsumer, AWS::SQS::Queue]
   - tests/translator/output/**/function_with_recursive_loop.json  # Invalid Property Resources/RecursiveLoopParameterFunction/Properties/RecursiveLoop
+  - tests/translator/output/**/function_with_sourcekmskeyarn.json  # Invalid Property Resources/SourceKMSKeyArnParameterFunction/Properties/SourceKMSKeyArn
   - tests/translator/output/**/function_with_tracing.json # Obsolete DependsOn on resource
   - tests/translator/output/**/api_with_propagate_tags.json # TODO: Intentional error transform tests. Will be updated.
   - tests/translator/output/**/function_with_intrinsics_resource_attribute.json # CFN now supports intrinsics in DeletionPolicy
 
@@ -105,12 +105,12 @@ class DeadLetterQueue(BaseModel):
 
 class EventInvokeOnFailure(BaseModel):
     Destination: Optional[SamIntrinsicable[str]] = eventinvokeonfailure("Destination")
-    Type: Optional[Literal["SQS", "SNS", "Lambda", "EventBridge"]] = eventinvokeonfailure("Type")
+    Type: Optional[Literal["SQS", "SNS", "Lambda", "EventBridge", "S3Bucket"]] = eventinvokeonfailure("Type")
 
 
 class EventInvokeOnSuccess(BaseModel):
     Destination: Optional[SamIntrinsicable[str]] = eventinvokeonsuccess("Destination")
-    Type: Optional[Literal["SQS", "SNS", "Lambda", "EventBridge"]] = eventinvokeonsuccess("Type")
+    Type: Optional[Literal["SQS", "SNS", "Lambda", "EventBridge", "S3Bucket"]] = eventinvokeonsuccess("Type")
 
 
 class EventInvokeDestinationConfig(BaseModel):
@@ -516,6 +516,7 @@ class ScheduleV2Event(BaseModel):
 RuntimeManagementConfig = Optional[PassThroughProp]  # TODO: check the type
 LoggingConfig = Optional[PassThroughProp]  # TODO: add documentation
 RecursiveLoop = Optional[PassThroughProp]
+SourceKMSKeyArn = Optional[PassThroughProp]
 
 
 class Properties(BaseModel):
@@ -643,6 +644,7 @@ class Properties(BaseModel):
     VpcConfig: Optional[VpcConfig] = prop("VpcConfig")
     LoggingConfig: Optional[PassThroughProp]  # TODO: add documentation
     RecursiveLoop: Optional[PassThroughProp]  # TODO: add documentation
+    SourceKMSKeyArn: Optional[PassThroughProp]  # TODO: add documentation
 
 
 class Globals(BaseModel):
@@ -702,6 +704,7 @@ class Globals(BaseModel):
     RuntimeManagementConfig: Optional[RuntimeManagementConfig] = prop("RuntimeManagementConfig")
     LoggingConfig: Optional[PassThroughProp]  # TODO: add documentation
     RecursiveLoop: Optional[PassThroughProp]  # TODO: add documentation
+    SourceKMSKeyArn: Optional[PassThroughProp]  # TODO: add documentation
 
 
 class Resource(ResourceAttributes):
 
@@ -1,4 +1,4 @@
-""" SAM macro definitions """
+""" SAM macro definitions """
 
 import copy
 from contextlib import suppress
@@ -181,6 +181,7 @@ class SamFunction(SamResourceMacro):
         "RuntimeManagementConfig": PassThroughProperty(False),
         "LoggingConfig": PassThroughProperty(False),
         "RecursiveLoop": PassThroughProperty(False),
+        "SourceKMSKeyArn": PassThroughProperty(False),
     }
 
     FunctionName: Optional[Intrinsicable[str]]
@@ -224,6 +225,7 @@ class SamFunction(SamResourceMacro):
     FunctionUrlConfig: Optional[Dict[str, Any]]
     LoggingConfig: Optional[Dict[str, Any]]
     RecursiveLoop: Optional[str]
+    SourceKMSKeyArn: Optional[str]
 
     event_resolver = ResourceTypeResolver(
         samtranslator.model.eventsources,
@@ -439,7 +441,7 @@ def _validate_and_inject_resource(
         ARN property, so to handle conditional ifs we have to inject if conditions in the auto created
         SQS/SNS resources as well as in the policy documents.
         """
-        accepted_types_list = ["SQS", "SNS", "EventBridge", "Lambda"]
+        accepted_types_list = ["SQS", "SNS", "EventBridge", "Lambda", "S3Bucket"]
         auto_inject_list = ["SQS", "SNS"]
         resource: Optional[Union[SNSTopic, SQSQueue]] = None
         policy = {}
@@ -630,6 +632,8 @@ def _add_event_invoke_managed_policy(
                 return IAMRolePolicies.event_bus_put_events_role_policy(dest_arn, logical_id)
             if _type == "Lambda":
                 return IAMRolePolicies.lambda_invoke_function_role_policy(dest_arn, logical_id)
+            if _type == "S3Bucket":
+                return IAMRolePolicies.s3_send_event_payload_role_policy(dest_arn, logical_id)
         return {}
 
     def _construct_role(
@@ -885,7 +889,10 @@ def _construct_inline_code(*args: Any, **kwargs: Dict[str, Any]) -> Dict[str, An
         else:
             raise InvalidResourceException(self.logical_id, "Either 'InlineCode' or 'CodeUri' must be set.")
         dispatch_function: Callable[..., Dict[str, Any]] = artifact_dispatch[filtered_key]
-        return dispatch_function(artifacts[filtered_key], self.logical_id, filtered_key)
+        code_dict = dispatch_function(artifacts[filtered_key], self.logical_id, filtered_key)
+        if self.SourceKMSKeyArn and packagetype == ZIP:
+            code_dict["SourceKMSKeyArn"] = self.SourceKMSKeyArn
+        return code_dict
 
     def _construct_version(  # noqa: PLR0912
         self,
 
@@ -55,6 +55,7 @@ class Globals:
             "RuntimeManagementConfig",
             "LoggingConfig",
             "RecursiveLoop",
+            "SourceKMSKeyArn",
         ],
         # Everything except
         #   DefinitionBody: because its hard to reason about merge of Swagger dictionaries
@@ -100,7 +101,7 @@ class Globals:
     }
     # unreleased_properties *must be* part of supported_properties too
     unreleased_properties: Dict[str, List[str]] = {
-        SamResourceType.Function.value: ["RuntimeManagementConfig", "RecursiveLoop"],
+        SamResourceType.Function.value: ["RuntimeManagementConfig", "RecursiveLoop", "SourceKMSKeyArn"],
     }
 
     def __init__(self, template: Dict[str, Any]) -> None:
 
@@ -274993,7 +274993,8 @@
             "SQS",
             "SNS",
             "Lambda",
-            "EventBridge"
+            "EventBridge",
+            "S3Bucket"
           ],
           "markdownDescription": "Type of the resource referenced in the destination\\. Supported types are `SQS`, `SNS`, `Lambda`, and `EventBridge`\\.  \n*Type*: String  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.  \n*Additional notes*: If the type is SQS/SNS and the `Destination` property is left blank, then the SQS/SNS resource is auto generated by SAM\\. To reference the resource, use `<function-logical-id>.DestinationQueue` for SQS or `<function-logical-id>.DestinationTopic` for SNS\\. If the type is Lambda/EventBridge, `Destination` is required\\.",
           "title": "Type",
@@ -275023,7 +275024,8 @@
             "SQS",
             "SNS",
             "Lambda",
-            "EventBridge"
+            "EventBridge",
+            "S3Bucket"
           ],
           "markdownDescription": "Type of the resource referenced in the destination\\. Supported types are `SQS`, `SNS`, `Lambda`, and `EventBridge`\\.  \n*Type*: String  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.  \n*Additional notes*: If the type is SQS/SNS and the `Destination` property is left blank, then the SQS/SNS resource is auto generated by SAM\\. To reference the resource, use `<function-logical-id>.DestinationQueue` for SQS or `<function-logical-id>.DestinationTopic` for SNS\\. If the type is Lambda/EventBridge, `Destination` is required\\.",
           "title": "Type",
@@ -278794,6 +278796,9 @@
           "markdownDescription": "Create a snapshot of any new Lambda function version\\. A snapshot is a cached state of your initialized function, including all of its dependencies\\. The function is initialized just once and the cached state is reused for all future invocations, improving application performance by reducing the number of times your function must be initialized\\. To learn more, see [Improving startup performance with Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) in the *AWS Lambda Developer Guide*\\.  \n*Type*: [SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html)  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the [`SnapStart`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html) property of an `AWS::Lambda::Function` resource\\.",
           "title": "SnapStart"
         },
+        "SourceKMSKeyArn": {
+          "$ref": "#/definitions/PassThroughProp"
+        },
         "Tags": {
           "markdownDescription": "A map \\(string to string\\) that specifies the tags added to this function\\. For details about valid keys and values for tags, see [Tag Key and Value Requirements](https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html#configuration-tags-restrictions) in the *AWS Lambda Developer Guide*\\.  \nWhen the stack is created, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function\\.  \n*Type*: Map  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is similar to the [`Tags`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags) property of an `AWS::Lambda::Function` resource\\. The `Tags` property in AWS SAM consists of key\\-value pairs \\(whereas in AWS CloudFormation this property consists of a list of `Tag` objects\\)\\. Also, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function\\.",
           "title": "Tags",
@@ -279188,6 +279193,9 @@
           "markdownDescription": "Create a snapshot of any new Lambda function version\\. A snapshot is a cached state of your initialized function, including all of its dependencies\\. The function is initialized just once and the cached state is reused for all future invocations, improving application performance by reducing the number of times your function must be initialized\\. To learn more, see [Improving startup performance with Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) in the *AWS Lambda Developer Guide*\\.  \n*Type*: [SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html)  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the [`SnapStart`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html) property of an `AWS::Lambda::Function` resource\\.",
           "title": "SnapStart"
         },
+        "SourceKMSKeyArn": {
+          "$ref": "#/definitions/PassThroughProp"
+        },
         "Tags": {
           "markdownDescription": "A map \\(string to string\\) that specifies the tags added to this function\\. For details about valid keys and values for tags, see [Tag Key and Value Requirements](https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html#configuration-tags-restrictions) in the *AWS Lambda Developer Guide*\\.  \nWhen the stack is created, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function\\.  \n*Type*: Map  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is similar to the [`Tags`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags) property of an `AWS::Lambda::Function` resource\\. The `Tags` property in AWS SAM consists of key\\-value pairs \\(whereas in AWS CloudFormation this property consists of a list of `Tag` objects\\)\\. Also, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function\\.",
           "title": "Tags",
 
@@ -1260,7 +1260,8 @@
             "SQS",
             "SNS",
             "Lambda",
-            "EventBridge"
+            "EventBridge",
+            "S3Bucket"
           ],
           "markdownDescription": "Type of the resource referenced in the destination\\. Supported types are `SQS`, `SNS`, `Lambda`, and `EventBridge`\\.  \n*Type*: String  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.  \n*Additional notes*: If the type is SQS/SNS and the `Destination` property is left blank, then the SQS/SNS resource is auto generated by SAM\\. To reference the resource, use `<function-logical-id>.DestinationQueue` for SQS or `<function-logical-id>.DestinationTopic` for SNS\\. If the type is Lambda/EventBridge, `Destination` is required\\.",
           "title": "Type",
@@ -1290,7 +1291,8 @@
             "SQS",
             "SNS",
             "Lambda",
-            "EventBridge"
+            "EventBridge",
+            "S3Bucket"
           ],
           "markdownDescription": "Type of the resource referenced in the destination\\. Supported types are `SQS`, `SNS`, `Lambda`, and `EventBridge`\\.  \n*Type*: String  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.  \n*Additional notes*: If the type is SQS/SNS and the `Destination` property is left blank, then the SQS/SNS resource is auto generated by SAM\\. To reference the resource, use `<function-logical-id>.DestinationQueue` for SQS or `<function-logical-id>.DestinationTopic` for SNS\\. If the type is Lambda/EventBridge, `Destination` is required\\.",
           "title": "Type",
@@ -5537,6 +5539,9 @@
           "markdownDescription": "Create a snapshot of any new Lambda function version\\. A snapshot is a cached state of your initialized function, including all of its dependencies\\. The function is initialized just once and the cached state is reused for all future invocations, improving application performance by reducing the number of times your function must be initialized\\. To learn more, see [Improving startup performance with Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) in the *AWS Lambda Developer Guide*\\.  \n*Type*: [SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html)  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the [`SnapStart`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html) property of an `AWS::Lambda::Function` resource\\.",
           "title": "SnapStart"
         },
+        "SourceKMSKeyArn": {
+          "$ref": "#/definitions/PassThroughProp"
+        },
         "Tags": {
           "markdownDescription": "A map \\(string to string\\) that specifies the tags added to this function\\. For details about valid keys and values for tags, see [Tag Key and Value Requirements](https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html#configuration-tags-restrictions) in the *AWS Lambda Developer Guide*\\.  \nWhen the stack is created, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function\\.  \n*Type*: Map  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is similar to the [`Tags`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags) property of an `AWS::Lambda::Function` resource\\. The `Tags` property in AWS SAM consists of key\\-value pairs \\(whereas in AWS CloudFormation this property consists of a list of `Tag` objects\\)\\. Also, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function\\.",
           "title": "Tags",
@@ -6122,6 +6127,9 @@
           "markdownDescription": "Create a snapshot of any new Lambda function version\\. A snapshot is a cached state of your initialized function, including all of its dependencies\\. The function is initialized just once and the cached state is reused for all future invocations, improving application performance by reducing the number of times your function must be initialized\\. To learn more, see [Improving startup performance with Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) in the *AWS Lambda Developer Guide*\\.  \n*Type*: [SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html)  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the [`SnapStart`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html) property of an `AWS::Lambda::Function` resource\\.",
           "title": "SnapStart"
         },
+        "SourceKMSKeyArn": {
+          "$ref": "#/definitions/PassThroughProp"
+        },
         "Tags": {
           "markdownDescription": "A map \\(string to string\\) that specifies the tags added to this function\\. For details about valid keys and values for tags, see [Tag Key and Value Requirements](https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html#configuration-tags-restrictions) in the *AWS Lambda Developer Guide*\\.  \nWhen the stack is created, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function\\.  \n*Type*: Map  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is similar to the [`Tags`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags) property of an `AWS::Lambda::Function` resource\\. The `Tags` property in AWS SAM consists of key\\-value pairs \\(whereas in AWS CloudFormation this property consists of a list of `Tag` objects\\)\\. Also, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function\\.",
           "title": "Tags",