Error:-
While running the terraform i came across the IAM permission issue which prevented access to the kms key
KMSKeyNotAccessibleFault: The specified KMS key does not exist, is not enabled or you do not have permissions to access it.
Cause:-
The issue is caused because the IAM role being used by terraform is missing the permission of "kms:CreateGrant"
Solution :-
To resolve the issue in the IAM policy please grant the following permission "kms:CreateGrant" to the relevant kms key. that should solve the issue
{
"Action": [
"kms:Sign",
"kms:ReEncrypt*",
"kms:GetPublicKey",
"kms:GenerateDataKey*",
"kms:Encrypt",
"kms:DescribeKey",
"kms:Decrypt",
"kms:CreateGrant"
],
"Effect": "Allow",
"Resource": [
"arn:aws:kms:ap-south-1:121294719847:key/e96772364-f678-4589-82aa-396casdafu",
"arn:aws:kms:ap-south-1:121294719847:key/6415234-e778-4355-a224-8f42341234",
"arn:aws:kms:ap-south-1:121294719847:key/077b234-b165-4d5c-be78-a174ad23"
]
}
0 comments:
Post a Comment