Investigate required steps to get CAS working with MIE CMK

aws-solutions / content-analysis-on-aws

As of August 30, 2023, this AWS Solution is no longer available. Existing deployments will continue to run. The functionality provided by Content Analysis on AWS will be superseded with functionality in Media2Cloud on AWS and Content Localization on AWS. We encourage you to explore these solutions.

https://aws.amazon.com/solutions/implementations/aws-content-analysis/

Apache License 2.0

96 stars 47 forks source link

Investigate required steps to get CAS working with MIE CMK #66

Closed brandold closed 1 year ago

brandold commented 2 years ago

MIE has added a stack level CMK that encrypts all services. CAS needs to be able to work with this key.

brandold commented 2 years ago

Need to add "kms:Decrypt" permissions to consumer lambda
Need to add "kms:Encrypt" and "kms:GenerateDataKey" to federated IAM roles
Need to adjust MIE DDB stream lambda IAM role to have "kms:Decrypt" permission in addition to generate data key
Need to add parameter in both CF stacks for retrieving the MIE KMS Key ARN