The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
Is your feature request related to a problem? Please describe.
We are using a custom pipeline outside AWS to push our manifest file into the S3 bucket. We manually added the role to the KMS key resource based policy in order to upload to the S3 bucket for control tower. We also constantly upgrade our CFCT customization to the latest version. Each time there is an upgrade, we have to manually add the role to the KMS key resource base policy.
Describe the feature you'd like
Please add a parameter in your cloudformation template to allow custom role/user to be added to the KMS key.
Is your feature request related to a problem? Please describe. We are using a custom pipeline outside AWS to push our manifest file into the S3 bucket. We manually added the role to the KMS key resource based policy in order to upload to the S3 bucket for control tower. We also constantly upgrade our CFCT customization to the latest version. Each time there is an upgrade, we have to manually add the role to the KMS key resource base policy.
Describe the feature you'd like Please add a parameter in your cloudformation template to allow custom role/user to be added to the KMS key.