Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(terraform): ensure kms key policy is defined #5235

Merged
merged 4 commits into from
Jun 21, 2023
Merged

feat(terraform): ensure kms key policy is defined #5235

merged 4 commits into from
Jun 21, 2023

Conversation

JamesWoolfenden
Copy link
Contributor

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@JamesWoolfenden JamesWoolfenden temporarily deployed to scan-security June 20, 2023 12:05 — with GitHub Actions Inactive
gruebel
gruebel approved these changes Jun 20, 2023
View reviewed changes
Copy link
Contributor

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍺

@gruebel gruebel merged commit 2a4f679 into main Jun 21, 2023
@gruebel gruebel deleted the feat/kms_key_policy branch June 21, 2023 12:13
@JackChap
Copy link

Hi, just curious on the rationale for this? As it's an optional parameter on both CDK and Terraform. Granted it does generate a default policy if none is attached, but it's still optional?

@JamesWoolfenden
Copy link
Contributor Author

JamesWoolfenden commented Jun 29, 2023
edited
Loading

  • One of main reasons for using using a CMK rather than the managed AWS keys is that you can set policies on the keys usage, as to who/what can you the key and how.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gruebel gruebel gruebel approved these changes

@YaaraVerner YaaraVerner YaaraVerner approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@JamesWoolfenden @JackChap @gruebel @YaaraVerner