Skip to content

Commit

Permalink
allow permissions for key (#3038)
Browse files Browse the repository at this point in the history
  • Loading branch information
jay-whitwell authored Jan 8, 2025
1 parent fb0b3c7 commit a40f3a1
Showing 1 changed file with 6 additions and 19 deletions.
25 changes: 6 additions & 19 deletions terraform/account/kms.tf
Original file line number Diff line number Diff line change
Expand Up @@ -206,29 +206,16 @@ data "aws_iam_policy_document" "event_receiver_kms" {
}

statement {
sid = "Key Administrator"
sid = "Enable Root account permissions on Key"
effect = "Allow"
actions = ["kms:*"]
resources = ["*"]
actions = [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:TagResource",
"kms:UntagResource",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion"
]

principals {
type = "AWS"
identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/breakglass"]
type = "AWS"
identifiers = [
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
]
}
}
}

0 comments on commit a40f3a1

Please sign in to comment.