Skip to content

Commit d6f25aa

Browse files
imabhichowimabhichow
committed
chore: update cfn template to allow hierarchical keyring to call kms:GenerateDataKeyWithoutPlaintext
1 parent f44f360 commit d6f25aa

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

cfn/ci_cd.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -382,12 +382,15 @@ Resources:
382382
"Effect": "Allow",
383383
"Resource": [
384384
"arn:aws:kms:*:658956600833:key/*",
385-
"arn:aws:kms:*:658956600833:alias/*"
385+
"arn:aws:kms:*:658956600833:alias/*",
386+
"arn:aws:kms:*:370957321024:key/*",
387+
"arn:aws:kms:*:370957321024:alias/*"
386388
],
387389
"Action": [
388390
"kms:Encrypt",
389391
"kms:Decrypt",
390-
"kms:GenerateDataKey"
392+
"kms:GenerateDataKey",
393+
"kms:GenerateDataKeyWithoutPlaintext"
391394
]
392395
}
393396
]

0 commit comments

Comments
 (0)