updated KMS actions (#551)

* updated KMS actions * fmt checks
govuk-one-login · Feb 9, 2024 · 7d56afe · 7d56afe
1 parent 145210a
commit 7d56afe
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/iac/main/resources/redshift.yml b/iac/main/resources/redshift.yml
@@ -39,6 +39,14 @@ IAMRoleRedshiftServerless:
                 - 'glue:GetDatabase'
                 - 'glue:GetDatabases'
                 - 'glue:GetPartitions'
+            - Effect: Allow
+              Resource: !GetAtt KmsKey.Arn
+              Action:
+                - 'kms:Decrypt'
+                - 'kms:Encrypt'
+                - 'kms:DescribeKey'
+                - 'kms:ReEncrypt'
+                - 'kms:GenerateDataKey'
 
 RedshiftSecret:
   Type: 'AWS::SecretsManager::Secret'