Skip to content

Commit

Permalink
Merge branch 'feature/issue-tokens-from-garage' into release/2.0.0
Browse files Browse the repository at this point in the history
  • Loading branch information
U-lis committed Aug 21, 2024
2 parents 9bc881b + c630bc8 commit fe232ee
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions worker/worker_cdk_stack.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,14 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
resources=[f"arn:aws:kms:{config.region_name}:{config.account_id}:key/{kms_key_id}"]
)
)
resp = ssm.get_parameter(Name=f"{config.stage}_9c_IAP_ADHOC_KMS_KEY_ID", WithDecryption=True)
kms_key_id = resp["Parameter"]["Value"]
role.add_to_policy(
_iam.PolicyStatement(
actions=["kms:GetPublicKey", "kms:Sign"],
resources=[f"arn:aws:kms:{config.region_name}:{config.account_id}:key/{kms_key_id}"]
)
)
role.add_to_policy(
_iam.PolicyStatement(
actions=["ssm:GetParameter"],
Expand Down

0 comments on commit fe232ee

Please sign in to comment.