serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard
verified publisher icon aws

KMSEncryptPolicy cannot be used to encrypt

Open john-aws opened this issue 5 years ago • 4 comments

Related to #1186, is the KMSEncryptPolicy policy template actually usable as written? It can't be used to publish KMS-encrypted data to an SNS topic, for example, because KMSEncryptPolicy doesn't include kms:GenerateDataKey.

john-aws avatar Nov 13 '20 14:11 john-aws

I second this. I'm facing the exact same issue.

sanwar-oc avatar Jan 07 '21 23:01 sanwar-oc

what's the workaround for this? can someone help?

astroanu avatar Mar 19 '21 05:03 astroanu

@wchengru Hi, what kind of example are you looking for?

I'm looking for a more usable out-of-the-box SAM policy template, for example:

kms:Encrypt
kms:ReEncrypt*
kms:GenerateDataKey*
kms:DescribeKey

john-aws avatar Mar 19 '21 15:03 john-aws