Merge pull request #106 from mdr-engineering/feature/ftd_MSOCI-1523_FixSchedulerPermissions

Adds CreateGrant Permissions to the AWS Scheduler

base/aws_scheduler/files/instance-scheduler.template.aws

@@ -1653,6 +1653,23 @@
                   ]
                 ]
               }
+            },
+            {
+              "Effect": "Allow",
+              "Action": [ "kms:CreateGrant" ],
+              "Resource": [
+                {
+                  "Fn::Join": [
+                    ":",
+                    [ "arn:aws:kms", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" }, "key/*" ]
+                  ]
+                }
+              ],
+              "Condition": {
+                "Bool": {
+                  "kms:GrantIsForAWSResource": true
+                }
+              }
             }
           ],
           "Version": "2012-10-17"

base/aws_scheduler/files/instance-scheduler.template.aws-us-gov

@@ -1653,6 +1653,23 @@
                   ]
                 ]
               }
+            },
+            {
+              "Effect": "Allow",
+              "Action": [ "kms:CreateGrant" ],
+              "Resource": [ 
+                { 
+                  "Fn::Join": [ 
+                    ":", 
+                    [ "arn:aws-us-gov:kms", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" }, "key/*" ] 
+                  ] 
+                } 
+              ],
+              "Condition": {
+                "Bool": {
+                  "kms:GrantIsForAWSResource": true
+                }
+              }
             }
           ],
           "Version": "2012-10-17"