search

fdmsantos / terraform-aws-kinesis-firehose

Dynamic Terraform module, which creates a Kinesis Firehose Stream and others resources like Cloudwatch, IAM Roles and Security Groups that integrate with Kinesis Firehose. Supports all destinations and all Kinesis Firehose Features.
https://registry.terraform.io/modules/fdmsantos/kinesis-firehose/aws/latest
Apache License 2.0
11 stars 8 forks source link

fix: change kinesisDecrypt to kmsDecrypt #6

Closed SlavaNL closed 11 months ago

SlavaNL commented 11 months ago

When kinesis_source_is_encrypted: true and kinesis_source_kms_arn is specified to read the data from encrypted Kinesis stream, Firehose can't decrypt the data because has no permission to do this action

Firehose does not have access to the KMS Key used to encrypt/decrypt the Kinesis Stream. Please grant the Firehose delivery role access to the key. 

Kinesis.KMS.AccessDeniedException

Fix is simple, change kinesis:Decrypt to kms:Decrypt because there is no AWS action called kinesis:Decrypt

fdmsantos commented 11 months ago

This PR is included in version 2.2.1 :tada:

fdmsantos commented 11 months ago

Thanks @SlavaNL