Merge pull request #63 from aws/imabhichow/update-cfn-template

imabhichow · web-flow · commit b5fdedefa9f3 · 2023-10-10T12:59:52.000-07:00
chore: update cfn template to allow `kms:GenerateDataKeyWithoutPlaintext` &amp; `kms:ReEncrypt`
diff --git a/cfn/ci_cd.yml b/cfn/ci_cd.yml
@@ -382,12 +382,16 @@ Resources:
               "Effect": "Allow",
               "Resource": [
                 "arn:aws:kms:*:658956600833:key/*",
-                "arn:aws:kms:*:658956600833:alias/*"
+                "arn:aws:kms:*:658956600833:alias/*",
+                "arn:aws:kms:*:370957321024:key/*",
+                "arn:aws:kms:*:370957321024:alias/*"
               ],
               "Action": [
                 "kms:Encrypt",
                 "kms:Decrypt",
-                "kms:GenerateDataKey"
+                "kms:GenerateDataKey",
+                "kms:GenerateDataKeyWithoutPlaintext",
+                "kms:ReEncrypt"
               ]
             }
           ]

Original file line number	Diff line number	Diff line change
`@@ -382,12 +382,16 @@ Resources:`
`382`	`382`	`"Effect": "Allow",`
`383`	`383`	`"Resource": [`
`384`	`384`	`"arn:aws:kms::658956600833:key/",`
`385`		`- "arn:aws:kms::658956600833:alias/"`
	`385`	`+ "arn:aws:kms::658956600833:alias/",`
	`386`	`+ "arn:aws:kms::370957321024:key/",`
	`387`	`+ "arn:aws:kms::370957321024:alias/"`
`386`	`388`	`],`
`387`	`389`	`"Action": [`
`388`	`390`	`"kms:Encrypt",`
`389`	`391`	`"kms:Decrypt",`
`390`		`- "kms:GenerateDataKey"`
	`392`	`+ "kms:GenerateDataKey",`
	`393`	`+ "kms:GenerateDataKeyWithoutPlaintext",`
	`394`	`+ "kms:ReEncrypt"`
`391`	`395`	`]`
`392`	`396`	`}`
`393`	`397`	`]`