feat: Adding sse-kms support for Mountpoint S3 CSI driver EKS IRSA

terraform-aws-modules / terraform-aws-iam

Terraform module to create AWS IAM resources 🇺🇦

https://registry.terraform.io/modules/terraform-aws-modules/iam/aws

Apache License 2.0

779 stars 985 forks source link

feat: Adding sse-kms support for Mountpoint S3 CSI driver EKS IRSA #493

Closed philslab-ninja closed 1 month ago

philslab-ninja commented 2 months ago

Description

To use aws:kms encryption with the Mountpoint S3 CSI driver the IAM policy needs to include kms:Decrypt and kms:GenerateDataKey permissions for the KMS key used for the bucket(s)

Motivation and Context

Without the change usage of Buckets with aws:kms encryption is not possible for Mountpoint S3 CSI driver

Breaking Changes

none

How Has This Been Tested?

[x] I have tested and validated the changes using my fork on existing infrastructure
[x] I have executed pre-commit run -a on my pull request

philslab-ninja commented 2 months ago

@bryantbiggs : If you have the time please review once more, I have changed the variable name as you have suggested

antonbabenko commented 1 month ago

This PR is included in version 5.41.0 :tada:

github-actions[bot] commented 4 weeks ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.