search

amazon-connect / amazon-connect-salesforce-lambda

Apache License 2.0
45 stars 34 forks source link

The KMS permission are incorrect #24

Closed LorneCurrie closed 3 years ago

LorneCurrie commented 3 years ago

https://github.com/amazon-connect/amazon-connect-salesforce-lambda/blob/bd5d1e91ab8963193a62cd142226ef3630a2cecf/sam-app/lambda_functions/template.yaml#L215

The Template has them as 

 KMSManagedPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      Path: /
      PolicyDocument:
        Statement:
        - Action:
          - kms:decrypt
          - kms:generatedatakey
          Effect: Allow
          Resource: !Ref SalesforceCredentialsKMSKeyARN
        Version: '2012-10-17'

It should be 

 KMSManagedPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      Path: /
      PolicyDocument:
        Statement:
        - Action:
          - kms:Decrypt
          - kms:GenerateDataKey
          Effect: Allow
          Resource: !Ref SalesforceCredentialsKMSKeyARN
        Version: '2012-10-17'
yiming-amzn commented 3 years ago

Good catch, will push out a fix. Thanks!

yiming-amzn commented 3 years ago

Fix released in v5.15.3. Please let me know if there is any issues. Thanks for reporting the bug!