CodeDeploy role access to DB_PASSWORD key pair

[brunosegiu]

I got an error in my first deployment:

[stderr]botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetParameter operation: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access. (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 5f642215-959a-11e8-bfd1-81a81941d54a)

when the script tried to read the DB_PASSWORD parameter. I went back to the Encryption keys manager and granted the CodeDeploy role access to use it. I was wondering whether I messed up at an earlier step or it's necessary to configure access for the role.