From 63f67385786e4bcb0173da7981f6701729a235c0 Mon Sep 17 00:00:00 2001
From: Alexandre Hamez <alexandre.hamez@gmail.com>
Date: Mon, 29 Mar 2021 12:14:04 +0200
Subject: [PATCH] Add KMS aliases handling to IAM permissions

Useful when you assign an alias to a KMS key.
---
 docs/iam-permissions.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/iam-permissions.md b/docs/iam-permissions.md
index c175b16429..bd8eb2ef79 100644
--- a/docs/iam-permissions.md
+++ b/docs/iam-permissions.md
@@ -133,11 +133,14 @@ Following IAM permissions are the minimum permissions needed for your IAM user o
                 "logs:ListTagsLogGroup",
                 "logs:PutRetentionPolicy",
                 // Following permissions for working with secrets_encryption example
+                "kms:CreateAlias",
                 "kms:CreateGrant",
                 "kms:CreateKey",
+                "kms:DeleteAlias",
                 "kms:DescribeKey",
                 "kms:GetKeyPolicy",
                 "kms:GetKeyRotationStatus",
+                "kms:ListAliases",
                 "kms:ListResourceTags",
                 "kms:ScheduleKeyDeletion"
             ],