File tree Expand file tree Collapse file tree 1 file changed +21
-2
lines changed
Expand file tree Collapse file tree 1 file changed +21
-2
lines changed Original file line number Diff line number Diff line change @@ -14,8 +14,8 @@ resource "aws_iam_role" "dynamo_s3_access_role" {
1414 })
1515}
1616
17- resource "aws_iam_role_policy" "dynamo_s3_access_policy " {
18- name = " imms-${ local . resource_scope } -dynamo_s3_access -policy"
17+ resource "aws_iam_role_policy" "dynamo_access_policy " {
18+ name = " imms-${ local . resource_scope } -dynamo-access -policy"
1919 role = . dynamo_s3_access_role . id
2020 policy = jsonencode ({
2121 Version = " 2012-10-17"
@@ -35,3 +35,22 @@ resource "aws_iam_role_policy" "dynamo_s3_access_policy" {
3535 ]
3636 })
3737}
38+
39+ resource "aws_iam_role_policy" "kms_key_access_policy" {
40+ name = " imms-${ local . resource_scope } -kms-key-access-policy"
41+ role = . dynamo_s3_access_role . id
42+ policy = jsonencode ({
43+ Version = " 2012-10-17"
44+ Statement = [
45+ {
46+ Effect = " Allow"
47+ Action = [
48+ " kms:Decrypt"
49+ ],
50+ Resource = [
51+ data.aws_kms_key.existing_dynamo_encryption_key.arn
52+ ]
53+ }
54+ ]
55+ })
56+ }
You can’t perform that action at this time.
0 commit comments