aws-cdk: Circular dependency on s3 notification to a destination when both destination and s3 are encrypted by same CMK

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository’s issues are intended for feature requests and bug reports.

• I’m submitting a …

  • 🪲 bug report

• What is the current behavior? If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

import cdk = require('@aws-cdk/cdk');
import s3 = require('@aws-cdk/aws-s3')
import sqs = require("@aws-cdk/aws-sqs");
import kms = require("@aws-cdk/aws-kms");
import {SqsDestination} from "@aws-cdk/aws-s3-notifications";
import {BucketEncryption} from "@aws-cdk/aws-s3";
import {QueueEncryption} from "@aws-cdk/aws-sqs";

export class TestConstruct extends cdk.Construct {
    constructor(scope: cdk.Construct, id: string) {
        super(scope, id);

        const cmk = new kms.Key(this, 'CDKTest')

        const queue =  new sqs.Queue(this, 'TestQueue', {
            queueName: 'TestQueue',
            encryption: QueueEncryption.Kms,
            encryptionMasterKey: cmk
        })

        const bucket =  new s3.Bucket(this, 'test-ankag-bucket', {
            bucketName: 'test-ankag-bucket',
            encryption: BucketEncryption.Kms,
            encryptionKey: cmk
        })

        bucket.addObjectCreatedNotification(new SqsDestination(queue));
    }
}

Exception: Circular dependency between resources: [TestConstructCDKTest25F6C8B9, TestConstructTestQueuePolicy8D6FDA03, TestConstructtestankagbucket1D7F9833, TestConstructtestankagbucketNotifications6A969D21, TestConstructTestQueue9EDE46FC]

• What is the expected behavior (or behavior of feature suggested)?

s3 notification should be created to sqs without circular dependency exception

• What is the motivation / use case for changing the behavior or adding this feature? This is a bug

• Please tell us about your environment:

  • CDK CLI Version: 0.33
  • Module Version: 0.33
  • OS: [all | Windows 10 | OSX Mojave | Ubuntu | etc… ]
  • Language: [all | TypeScript | Java | Python ] TypeScript

• Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

CDK 0.32 is working fine but when upgrading to CDK 0.33 we had to introduce a SqsDestination and thats when we start seeing this issue