Skip to content

Commit

Permalink
Added kms:GenerateDataKey action to KMSEncryptPolicy policy (#3657)
Browse files Browse the repository at this point in the history 
Co-authored-by: Nick Tait <nick.tait@global.ntt>
Co-authored-by: Aayush thapa <84202325+aaythapa@users.noreply.github.com>
  • Loading branch information
@elmaimbo @aaythapa
3 people authored Nov 4, 2024
1 parent 5892219 commit 51b6994
Show file tree
Hide file tree
Showing 5 changed files with 110 additions and 0 deletions.
32 changes: 32 additions & 0 deletions samtranslator/policy_templates_data/policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1275,6 +1275,38 @@
}
}
},
"KMSEncryptPolicy_v2": {
"Definition": {
"Statement": [
{
"Action": [
"kms:Encrypt",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:GenerateDataKeyPair",
"kms:GenerateDataKeyPairWithoutPlaintext"
],
"Effect": "Allow",
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}",
{
"keyId": {
"Ref": "KeyId"
}
}
]
}
}
]
},
"Description": "Gives permission to encrypt with KMS Key",
"Parameters": {
"KeyId": {
"Description": "ID of the KMS Key"
}
}
},
"KinesisCrudPolicy": {
"Definition": {
"Statement": [
Expand Down
3 changes: 3 additions & 0 deletions tests/translator/input/all_policy_templates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,3 +187,6 @@ Resources:

- StepFunctionsCallbackPolicy:
StateMachineName: name

- KMSEncryptPolicy_v2:
KeyId: keyId
25 changes: 25 additions & 0 deletions tests/translator/output/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1726,6 +1726,31 @@
]
},
"PolicyName": "KitchenSinkFunctionRolePolicy63"
},
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"kms:Encrypt",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:GenerateDataKeyPair",
"kms:GenerateDataKeyPairWithoutPlaintext"
],
"Effect": "Allow",
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}",
{
"keyId": "keyId"
}
]
}
}
]
},
"PolicyName": "KitchenSinkFunctionRolePolicy64"
}
],
"Tags": [
Expand Down
25 changes: 25 additions & 0 deletions tests/translator/output/aws-cn/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1726,6 +1726,31 @@
]
},
"PolicyName": "KitchenSinkFunctionRolePolicy63"
},
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"kms:Encrypt",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:GenerateDataKeyPair",
"kms:GenerateDataKeyPairWithoutPlaintext"
],
"Effect": "Allow",
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}",
{
"keyId": "keyId"
}
]
}
}
]
},
"PolicyName": "KitchenSinkFunctionRolePolicy64"
}
],
"Tags": [
Expand Down
25 changes: 25 additions & 0 deletions tests/translator/output/aws-us-gov/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1726,6 +1726,31 @@
]
},
"PolicyName": "KitchenSinkFunctionRolePolicy63"
},
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"kms:Encrypt",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:GenerateDataKeyPair",
"kms:GenerateDataKeyPairWithoutPlaintext"
],
"Effect": "Allow",
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}",
{
"keyId": "keyId"
}
]
}
}
]
},
"PolicyName": "KitchenSinkFunctionRolePolicy64"
}
],
"Tags": [
Expand Down

0 comments on commit 51b6994

Please sign in to comment.