search

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
Apache License 2.0
355 stars 205 forks source link

Allow addition of user/role to be added to the S3 bucket KMS key #137

Open e88z4 opened 1 year ago

e88z4 commented 1 year ago

Is your feature request related to a problem? Please describe. We are using a custom pipeline outside AWS to push our manifest file into the S3 bucket. We manually added the role to the KMS key resource based policy in order to upload to the S3 bucket for control tower. We also constantly upgrade our CFCT customization to the latest version. Each time there is an upgrade, we have to manually add the role to the KMS key resource base policy.

Describe the feature you'd like Please add a parameter in your cloudformation template to allow custom role/user to be added to the KMS key.

balltrev commented 1 year ago

Thanks @e88z4 for bringing this up, I'll make a backlog item with the team to discuss this feature request.