Skip to content

Commit

Permalink
chore: 🤖 Add kms related iam role for custom keys usage
Browse files Browse the repository at this point in the history
  • Loading branch information
@JingHHe
JingHHe committed Feb 2, 2024
1 parent 948f31a commit 69a8a6c
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion serverless.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ package:

provider:
name: aws
runtime: python3.9
runtime: python3.10
timeout: 30
logRetentionInDays: 14
stage: ${opt:stage, 'dev'}
Expand Down Expand Up @@ -57,6 +57,14 @@ provider:
- "secretsmanager:GetSecretValue"
- "secretsmanager:PutSecretValue"
- "secretsmanager:UpdateSecretVersionStage"
- Effect: "Allow"
Resource: "*"
Action:
- "kms:Encrypt"
- "kms:Decrypt"
- "kms:ReEncrypt*"
- "kms:GenerateDataKey*"
- "kms:DescribeKey"

custom:
file: ${file(./config/serverless.${self:provider.stage}.yml)}
Expand Down

0 comments on commit 69a8a6c

Please sign in to comment.