From be6a6226092a98abdcd680b9303a6ecda18441b8 Mon Sep 17 00:00:00 2001 From: Niall Thomson Date: Fri, 13 Sep 2024 14:40:32 -0700 Subject: [PATCH] fix: Allow appropriate IDE KMS permissions for Terraform cluster creation (#1102) --- lab/iam/policies/base.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lab/iam/policies/base.yaml b/lab/iam/policies/base.yaml index 5261d3e07..1fec16108 100644 --- a/lab/iam/policies/base.yaml +++ b/lab/iam/policies/base.yaml @@ -71,13 +71,14 @@ Statement: Resource: ["*"] Condition: StringLike: - kms:RequestAlias: "alias/${Env}*" + kms:RequestAlias: ["alias/${Env}*", "alias/eks/${Env}*"] - Effect: Allow Action: - kms:CreateAlias - kms:DeleteAlias Resource: - !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/${Env}* + - !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/eks/${Env}* - !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/* - Effect: Allow Action: