File tree Expand file tree Collapse file tree 1 file changed +4
-13
lines changed Expand file tree Collapse file tree 1 file changed +4
-13
lines changed Original file line number Diff line number Diff line change @@ -714,9 +714,6 @@ Resources:
714714 - s3vectors:GetVectors
715715 - s3vectors:DeleteVectors
716716 Resource : !GetAtt S3VectorBucketAndIndex.IndexArn
717- Condition :
718- StringEquals :
719- aws:ResourceAccount : !Sub ${AWS::AccountId}
720717 - !Ref " AWS::NoValue"
721718 - !If
722719 - IsS3DataSource
@@ -731,19 +728,13 @@ Resources:
731728 Resource :
732729 - !Sub " arn:${AWS::Partition}:s3:::${pKnowledgeBaseBucketName}"
733730 - !GetAtt S3VectorBucketAndIndex.BucketArn
734- Condition :
735- StringEquals :
736- aws:ResourceAccount : !Sub ${AWS::AccountId}
737731 - Sid : S3GetObject
738732 Effect : Allow
739733 Action :
740734 - s3:GetObject
741735 Resource :
742736 - !Sub " arn:${AWS::Partition}:s3:::${pKnowledgeBaseBucketName}/*"
743737 - !GetAtt S3VectorBucketAndIndex.BucketArn
744- Condition :
745- StringEquals :
746- aws:ResourceAccount : !Sub ${AWS::AccountId}
747738 - !Ref " AWS::NoValue"
748739 - !If
749740 - IsCustomerManagedKey
@@ -753,12 +744,12 @@ Resources:
753744 Statement :
754745 - Effect : Allow
755746 Action :
756- - kms:GenerateDataKey
747+ - kms:Encrypt
757748 - kms:Decrypt
749+ - kms:ReEncrypt*
750+ - kms:GenerateDataKey*
751+ - kms:DescribeKey
758752 Resource : !Ref pCustomerManagedEncryptionKeyArn
759- Condition :
760- StringEquals :
761- kms:ViaService : !Sub "s3.${AWS::Region}.${AWS::URLSuffix}"
762753 - !Ref " AWS::NoValue"
763754
764755 #
You can’t perform that action at this time.
0 commit comments