Skip to content

Commit 3f66d16

Browse files
author
Farid Nouri Neshat
committed
feat(kms): implement .grant methods for Alias.fromAliasName with kms:ResourceAliases condition
closes: #22697
1 parent e7a6e14 commit 3f66d16

File tree

12 files changed

+867
-13
lines changed

12 files changed

+867
-13
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.alias-from-alias-name.js.snapshot/aws-cdk-kms.assets.json

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.alias-from-alias-name.js.snapshot/aws-cdk-kms.template.json

Lines changed: 124 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,124 @@
1+
{
2+
"Resources": {
3+
"Role1ABCC5F0": {
4+
"Type": "AWS::IAM::Role",
5+
"Properties": {
6+
"AssumeRolePolicyDocument": {
7+
"Statement": [
8+
{
9+
"Action": "sts:AssumeRole",
10+
"Effect": "Allow",
11+
"Principal": {
12+
"AWS": {
13+
"Fn::Join": [
14+
"",
15+
[
16+
"arn:",
17+
{
18+
"Ref": "AWS::Partition"
19+
},
20+
":iam::",
21+
{
22+
"Ref": "AWS::AccountId"
23+
},
24+
":root"
25+
]
26+
]
27+
}
28+
}
29+
}
30+
],
31+
"Version": "2012-10-17"
32+
}
33+
}
34+
},
35+
"RoleDefaultPolicy5FFB7DAB": {
36+
"Type": "AWS::IAM::Policy",
37+
"Properties": {
38+
"PolicyDocument": {
39+
"Statement": [
40+
{
41+
"Action": [
42+
"kms:Decrypt",
43+
"kms:Encrypt",
44+
"kms:GenerateDataKey*",
45+
"kms:GenerateMac",
46+
"kms:ReEncrypt*",
47+
"kms:Sign",
48+
"kms:Verify",
49+
"kms:VerifyMac"
50+
],
51+
"Condition": {
52+
"ForAnyValue:StringEquals": {
53+
"kms:ResourceAliases": "alias/MyKey"
54+
}
55+
},
56+
"Effect": "Allow",
57+
"Resource": {
58+
"Fn::Join": [
59+
"",
60+
[
61+
"arn:",
62+
{
63+
"Ref": "AWS::Partition"
64+
},
65+
":kms:",
66+
{
67+
"Ref": "AWS::Region"
68+
},
69+
":",
70+
{
71+
"Ref": "AWS::AccountId"
72+
},
73+
":key/*"
74+
]
75+
]
76+
}
77+
}
78+
],
79+
"Version": "2012-10-17"
80+
},
81+
"PolicyName": "RoleDefaultPolicy5FFB7DAB",
82+
"Roles": [
83+
{
84+
"Ref": "Role1ABCC5F0"
85+
}
86+
]
87+
}
88+
}
89+
},
90+
"Parameters": {
91+
"BootstrapVersion": {
92+
"Type": "AWS::SSM::Parameter::Value<String>",
93+
"Default": "/cdk-bootstrap/hnb659fds/version",
94+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
95+
}
96+
},
97+
"Rules": {
98+
"CheckBootstrapVersion": {
99+
"Assertions": [
100+
{
101+
"Assert": {
102+
"Fn::Not": [
103+
{
104+
"Fn::Contains": [
105+
[
106+
"1",
107+
"2",
108+
"3",
109+
"4",
110+
"5"
111+
],
112+
{
113+
"Ref": "BootstrapVersion"
114+
}
115+
]
116+
}
117+
]
118+
},
119+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
120+
}
121+
]
122+
}
123+
}
124+
}

packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.alias-from-alias-name.js.snapshot/cdk.out

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.alias-from-alias-name.js.snapshot/integ.json

Lines changed: 12 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.alias-from-alias-name.js.snapshot/kmsaliasfromaliasnameDefaultTestDeployAssertFD733AC7.assets.json

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.alias-from-alias-name.js.snapshot/kmsaliasfromaliasnameDefaultTestDeployAssertFD733AC7.template.json

Lines changed: 36 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)