aws-deployment-framework icon indicating copy to clipboard operation
aws-deployment-framework copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Update regional.yml

Open schoemme opened this issue 5 months ago • 0 comments

Add kms:Encrypt, kms:GenerateDataKey*, and kms:ReEncrypt* actions to allow use of key

Why?

These permissions are needed for cross-account roles to access the artifact bucket.

Issue #, if available: https://github.com/awslabs/aws-deployment-framework/issues/756

What?

Description of changes:

Added:

  • kms:Encrypt
  • kms:GenerateDataKey*
  • kms:ReEncrypt* ...actions to DeploymentFrameworkRegionalKMSKey's "Allow use of the key" statement

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

schoemme avatar Aug 29 '24 15:08 schoemme