From 7d56afef8790b9ab4f7c9cfa968f08361bc17806 Mon Sep 17 00:00:00 2001
From: charlesvictor83 <131383326+charlesvictor83@users.noreply.github.com>
Date: Fri, 9 Feb 2024 16:02:45 +0000
Subject: [PATCH] updated KMS actions (#551)

* updated KMS actions

* fmt checks
---
 iac/main/resources/redshift.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/iac/main/resources/redshift.yml b/iac/main/resources/redshift.yml
index 67ab2779e..496245bcf 100644
--- a/iac/main/resources/redshift.yml
+++ b/iac/main/resources/redshift.yml
@@ -39,6 +39,14 @@ IAMRoleRedshiftServerless:
                 - 'glue:GetDatabase'
                 - 'glue:GetDatabases'
                 - 'glue:GetPartitions'
+            - Effect: Allow
+              Resource: !GetAtt KmsKey.Arn
+              Action:
+                - 'kms:Decrypt'
+                - 'kms:Encrypt'
+                - 'kms:DescribeKey'
+                - 'kms:ReEncrypt'
+                - 'kms:GenerateDataKey'
 
 RedshiftSecret:
   Type: 'AWS::SecretsManager::Secret'