add permission for multi-regions key (#76)

Julian-Chu · web-flow · commit 0c4c17276336 · 2024-05-22T20:12:14.000Z
Description of changes: add permission to create multiple region key ref: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-auth.html Service-linked role — Principals who create multi-Region primary keys must have iam:CreateServiceLinkedRole permission. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
diff --git a/config/iam/recommended-inline-policy b/config/iam/recommended-inline-policy
@@ -16,9 +16,10 @@
                 "kms:UntagResource",
                 "iam:ListGroups",
                 "iam:ListRoles",
-                "iam:ListUsers"
+                "iam:ListUsers",
+                "iam:CreateServiceLinkedRole"
             ],
             "Resource": "*"
         }
     ]
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -16,9 +16,10 @@`
`16`	`16`	`"kms:UntagResource",`
`17`	`17`	`"iam:ListGroups",`
`18`	`18`	`"iam:ListRoles",`
`19`		`- "iam:ListUsers"`
	`19`	`+ "iam:ListUsers",`
	`20`	`+ "iam:CreateServiceLinkedRole"`
`20`	`21`	`],`
`21`	`22`	`"Resource": "*"`
`22`	`23`	`}`
`23`	`24`	`]`
`24`		`-}`
	`25`	`+}`