File tree Expand file tree Collapse file tree 5 files changed +110
-0
lines changed
samtranslator/policy_templates_data Expand file tree Collapse file tree 5 files changed +110
-0
lines changed Original file line number Diff line number Diff line change 12751275 }
12761276 }
12771277 },
1278+ "KMSEncryptPolicy_v2" : {
1279+ "Definition" : {
1280+ "Statement" : [
1281+ {
1282+ "Action" : [
1283+ " kms:Encrypt"
1284+ " kms:GenerateDataKey"
1285+ " kms:GenerateDataKeyWithoutPlaintext"
1286+ " kms:GenerateDataKeyPair"
1287+ " kms:GenerateDataKeyPairWithoutPlaintext"
1288+ ],
1289+ "Effect" : " Allow"
1290+ "Resource" : {
1291+ "Fn::Sub" : [
1292+ " arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}"
1293+ {
1294+ "keyId" : {
1295+ "Ref" : " KeyId"
1296+ }
1297+ }
1298+ ]
1299+ }
1300+ }
1301+ ]
1302+ },
1303+ "Description" : " Gives permission to encrypt with KMS Key"
1304+ "Parameters" : {
1305+ "KeyId" : {
1306+ "Description" : " ID of the KMS Key"
1307+ }
1308+ }
1309+ },
12781310 "KinesisCrudPolicy" : {
12791311 "Definition" : {
12801312 "Statement" : [
Original file line number Diff line number Diff line change @@ -187,3 +187,6 @@ Resources:
187187
188188 - StepFunctionsCallbackPolicy :
189189 StateMachineName : name
190+
191+ - KMSEncryptPolicy_v2 :
192+ KeyId : keyId
Original file line number Diff line number Diff line change 17261726 ]
17271727 },
17281728 "PolicyName" : " KitchenSinkFunctionRolePolicy63"
1729+ },
1730+ {
1731+ "PolicyDocument" : {
1732+ "Statement" : [
1733+ {
1734+ "Action" : [
1735+ " kms:Encrypt"
1736+ " kms:GenerateDataKey"
1737+ " kms:GenerateDataKeyWithoutPlaintext"
1738+ " kms:GenerateDataKeyPair"
1739+ " kms:GenerateDataKeyPairWithoutPlaintext"
1740+ ],
1741+ "Effect" : " Allow"
1742+ "Resource" : {
1743+ "Fn::Sub" : [
1744+ " arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}"
1745+ {
1746+ "keyId" : " keyId"
1747+ }
1748+ ]
1749+ }
1750+ }
1751+ ]
1752+ },
1753+ "PolicyName" : " KitchenSinkFunctionRolePolicy64"
17291754 }
17301755 ],
17311756 "Tags" : [
Original file line number Diff line number Diff line change 17261726 ]
17271727 },
17281728 "PolicyName" : " KitchenSinkFunctionRolePolicy63"
1729+ },
1730+ {
1731+ "PolicyDocument" : {
1732+ "Statement" : [
1733+ {
1734+ "Action" : [
1735+ " kms:Encrypt"
1736+ " kms:GenerateDataKey"
1737+ " kms:GenerateDataKeyWithoutPlaintext"
1738+ " kms:GenerateDataKeyPair"
1739+ " kms:GenerateDataKeyPairWithoutPlaintext"
1740+ ],
1741+ "Effect" : " Allow"
1742+ "Resource" : {
1743+ "Fn::Sub" : [
1744+ " arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}"
1745+ {
1746+ "keyId" : " keyId"
1747+ }
1748+ ]
1749+ }
1750+ }
1751+ ]
1752+ },
1753+ "PolicyName" : " KitchenSinkFunctionRolePolicy64"
17291754 }
17301755 ],
17311756 "Tags" : [
Original file line number Diff line number Diff line change 17261726 ]
17271727 },
17281728 "PolicyName" : " KitchenSinkFunctionRolePolicy63"
1729+ },
1730+ {
1731+ "PolicyDocument" : {
1732+ "Statement" : [
1733+ {
1734+ "Action" : [
1735+ " kms:Encrypt"
1736+ " kms:GenerateDataKey"
1737+ " kms:GenerateDataKeyWithoutPlaintext"
1738+ " kms:GenerateDataKeyPair"
1739+ " kms:GenerateDataKeyPairWithoutPlaintext"
1740+ ],
1741+ "Effect" : " Allow"
1742+ "Resource" : {
1743+ "Fn::Sub" : [
1744+ " arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}"
1745+ {
1746+ "keyId" : " keyId"
1747+ }
1748+ ]
1749+ }
1750+ }
1751+ ]
1752+ },
1753+ "PolicyName" : " KitchenSinkFunctionRolePolicy64"
17291754 }
17301755 ],
17311756 "Tags" : [
You can’t perform that action at this time.
0 commit comments