search

FormidableLabs / terraform-aws-serverless

Infrastructure support for Serverless framework apps, done the right way
https://registry.terraform.io/modules/FormidableLabs/serverless/aws
MIT License
144 stars 19 forks source link

Feature/Option: KMS #11

Open ryan-roemer opened 5 years ago

ryan-roemer commented 5 years ago

Dependencies:

# TODO(IamPolicyDeveloper): KMS: Use keys
- Effect: Allow
  Action:
  - kms:Encrypt
  - kms:GenerateDataKey
  - kms:Decrypt
  Resource:
  - !GetAtt KmsKey.Arn
# TODO(IamPolicyAdmin): KMS: Manage keys
- Effect: Allow
  Action:
  - kms:Create*
  - kms:Describe*
  - kms:Enable*
  - kms:List*
  - kms:Put*
  - kms:Update*
  - kms:Revoke*
  - kms:Disable*
  - kms:Get*
  - kms:Delete*
  - kms:TagResource
  - kms:UntagResource
  - kms:ScheduleKeyDeletion
  - kms:CancelKeyDeletion
  Resource:
  - !GetAtt KmsKey.Arn
# TODO(IamPolicyLambdaExecution): KMS: Read keys
- Effect: Allow
  Action:
  - kms:Decrypt
  Resource:
  - !GetAtt KmsKey.Arn
# SecretsManager: Read secrets
- Effect: Allow
  Action:
  - secretsmanager:GetSecretValue
  Resource:
  - !Sub "arn:aws:secretsmanager:${AwsRegion}:${AWS::AccountId}:secret:${ServiceName}/${Stage}/*"