Skip to content

Commit a5f1756

Browse files
author
ryanbratten
committed
Allow S3-to-S3-copier lambda access to the queues KMS key
1 parent 5335397 commit a5f1756

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

terraform/modules/db-snapshot-to-s3/40-s3-to-s3-copier-lambda.tf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,17 @@ data "aws_iam_policy_document" "s3_to_s3_copier_lambda" {
101101
]
102102
}
103103
}
104+
105+
statement {
106+
actions = [
107+
"kms:GenerateDataKey*",
108+
"kms:Decrypt"
109+
]
110+
effect = "Allow"
111+
resources = [
112+
aws_kms_key.s3_to_s3_copier_kms_key.arn
113+
]
114+
}
104115
}
105116

106117
resource "aws_iam_policy" "s3_to_s3_copier_lambda" {

0 commit comments

Comments
 (0)