Closed austinbyers closed 6 years ago
to: @ryandeivert cc: @airbnb/binaryalert-maintainers size: small
I'm sure there's a permission error, but I couldn't find it - even granting kms:* to Service: s3.amazonaws.com for the KMS key didn't work.
kms:*
Service: s3.amazonaws.com
Use the default S3 encryption for the access logs bucket instead of KMS. KMS is still used to encrypt the primary bucket (for uploads)
Coverage remained the same at 92.516% when pulling e28b2e7a45a36e364a55d1790294d670327a859c on austin-access-logs-sse into 29e339ae6c5abe207e31646c346108ccb74d6bbe on master.
to: @ryandeivert cc: @airbnb/binaryalert-maintainers size: small
Background
121 enabled server-side encryption with KMS for both BinaryAlert S3 buckets. However, access logs could no longer be delivered after this change.
I'm sure there's a permission error, but I couldn't find it - even granting
kms:*
toService: s3.amazonaws.com
for the KMS key didn't work.Changes
Use the default S3 encryption for the access logs bucket instead of KMS. KMS is still used to encrypt the primary bucket (for uploads)
Testing