Open LorneCurrie opened 3 years ago
If you use the ARN of the AWS managed CMK key aws/credentialsmanager
then this is not necessary (and encrypt your secrets with that key). The solutions KMSManagedPolicy
will work with an AWS managed CMK but not with a customer managed CMK
When you use a CMS KMS key to encrypt the report data, the CTRTrigger lambda does not run as it does not have permission to decrypt the data from the Kinesis stream.
Could you add the Cloudformation scripts to add the relevant permissions to the CMS KMS key if one is used, or provide the template that should be manually inserted to the CMS KMS Key policy with the accompanying documentation?
Roles that are affected:
Lambda affected: