add permissions required for kms encrypting

aws-solutions-library-samples · Jan 24, 2024 · 203749f · 203749f
1 parent e90d74b
commit 203749f
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/sdlf-cicd/template-cicd-sdlf-repositories.yaml b/sdlf-cicd/template-cicd-sdlf-repositories.yaml
@@ -630,8 +630,19 @@ Resources:
                   - codecommit:DeleteRepository
                   - codecommit:TagResource
                   - codecommit:UntagResource
+                  - codecommit:UpdateRepositoryEncryptionKey
+                  - codecommit:PutRepositoryTriggers
                 Resource:
                   - !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:sdlf-main-*
+              - Effect: Allow  
+                Action:
+                  - kms:Decrypt
+                  - kms:DescribeKey
+                  - kms:Encrypt
+                  - kms:GenerateDataKey*
+                  - kms:ReEncrypt*
+                Resource:
+                  - !Ref pKMSKey
               - Effect: Allow
                 Action:
                   - iam:PassRole