kms policies attachment to lambda

Karthikeyannhs · Karthikeyannhs · commit f0675554a0d6 · 2025-07-01T14:44:47.000+01:00
diff --git a/infrastructure/stacks/api-layer/iam_policies.tf b/infrastructure/stacks/api-layer/iam_policies.tf
@@ -150,7 +150,13 @@ data "aws_iam_policy_document" "dynamodb_kms_key_policy" {
       type        = "AWS"
       identifiers = [aws_iam_role.eligibility_lambda_role.arn]
     }
-    actions   = ["kms:Decrypt"]
+    actions = [
+      "kms:Encrypt",
+      "kms:Decrypt",
+      "kms:ReEncrypt*",
+      "kms:GenerateDataKey*",
+      "kms:DescribeKey"
+    ]
     resources = ["*"]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,13 @@ data "aws_iam_policy_document" "dynamodb_kms_key_policy" {`
`150`	`150`	`type = "AWS"`
`151`	`151`	`identifiers = [aws_iam_role.eligibility_lambda_role.arn]`
`152`	`152`	`}`
`153`		`- actions = ["kms:Decrypt"]`
	`153`	`+ actions = [`
	`154`	`+ "kms:Encrypt",`
	`155`	`+ "kms:Decrypt",`
	`156`	`+ "kms:ReEncrypt*",`
	`157`	`+ "kms:GenerateDataKey*",`
	`158`	`+ "kms:DescribeKey"`
	`159`	`+ ]`
`154`	`160`	`resources = ["*"]`
`155`	`161`	`}`
`156`	`162`	`}`