|
|
@@ -221,6 +221,20 @@ data "aws_iam_policy_document" "lambda_policy_doc" {
|
|
|
|
|
|
effect = "Allow"
|
|
|
}
|
|
|
+
|
|
|
+ # FTD: Needs KMS access
|
|
|
+ statement {
|
|
|
+ actions = [
|
|
|
+ "kms:GenerateDataKey",
|
|
|
+ "kms:Decrypt"
|
|
|
+ ]
|
|
|
+
|
|
|
+ resources = [
|
|
|
+ "*",
|
|
|
+ ]
|
|
|
+
|
|
|
+ effect = "Allow"
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
resource "aws_iam_policy" "lambda_transform_policy" {
|
|
|
@@ -324,6 +338,20 @@ data "aws_iam_policy_document" "kinesis_firehose_policy_document" {
|
|
|
|
|
|
effect = "Allow"
|
|
|
}
|
|
|
+
|
|
|
+ # FTD: Needs KMS access
|
|
|
+ statement {
|
|
|
+ actions = [
|
|
|
+ "kms:GenerateDataKey",
|
|
|
+ "kms:Decrypt"
|
|
|
+ ]
|
|
|
+
|
|
|
+ resources = [
|
|
|
+ "*",
|
|
|
+ ]
|
|
|
+
|
|
|
+ effect = "Allow"
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
resource "aws_iam_policy" "kinesis_firehose_iam_policy" {
|
|
|
@@ -383,6 +411,20 @@ data "aws_iam_policy_document" "cloudwatch_to_fh_access_policy" {
|
|
|
aws_iam_role.cloudwatch_to_firehose_trust.arn,
|
|
|
]
|
|
|
}
|
|
|
+
|
|
|
+ # FTD: Needs KMS access
|
|
|
+ statement {
|
|
|
+ actions = [
|
|
|
+ "kms:GenerateDataKey",
|
|
|
+ "kms:Decrypt"
|
|
|
+ ]
|
|
|
+
|
|
|
+ resources = [
|
|
|
+ "*",
|
|
|
+ ]
|
|
|
+
|
|
|
+ effect = "Allow"
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
resource "aws_iam_policy" "cloudwatch_to_fh_access_policy" {
|
|
|
@@ -403,4 +445,3 @@ resource "aws_cloudwatch_log_subscription_filter" "cloudwatch_log_filter" {
|
|
|
log_group_name = var.name_cloudwatch_logs_to_ship
|
|
|
filter_pattern = var.subscription_filter_pattern
|
|
|
}
|
|
|
-
|
Fred Damstra [afs macbook]