From e9d8f463b5e699b32d6a2eb11892a6c8feccc71b Mon Sep 17 00:00:00 2001 From: Brandon Achu Date: Thu, 29 Sep 2022 09:30:18 -0400 Subject: [PATCH] TME-1761: Update kms key policy to allow the caller as kms key admin --- kms.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/kms.tf b/kms.tf index c8eacb9..ac09f99 100644 --- a/kms.tf +++ b/kms.tf @@ -6,8 +6,11 @@ data "aws_iam_policy_document" "cloudtrail_key_policy_document" { sid = "Enable IAM User Permissions" effect = "Allow" principals { - type = "AWS" - identifiers = ["arn:aws:iam::${local.customer_aws_account_id}:root"] + type = "AWS" + identifiers = [ + "arn:aws:iam::${local.customer_aws_account_id}:root", + data.aws_caller_identity.current.arn + ] } actions = ["kms:*"] resources = ["*"]