Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ffc81e90b9
Branches Tags
xdr-terraform-m...
/
submodules
/
iam
/
standard_iam_policies
/
policy-mdr_iam_admin.tf

policy-mdr_iam_admin.tf 698 B
History Raw

1234567891011121314151617181920212223242526272829303132 
  1. data "aws_iam_policy_document" "iam_admin_kms" {
    2. 

  2. 

  3.   statement {
    4. 

  4.     sid    = "AllowKMSthings"
    5. 

  5.     effect = "Allow"
    6. 

  6.     actions = [
    7. 

  7.       "kms:Create*",
    8. 

  8.       "kms:Describe*",
    9. 

  9.       "kms:Enable*",
    10. 

  10.       "kms:List*",
    11. 

  11.       "kms:Put*",
    12. 

  12.       "kms:Update*",
    13. 

  13.       "kms:Revoke*",
    14. 

  14.       "kms:Disable*",
    15. 

  15.       "kms:Get*",
    16. 

  16.       "kms:Delete*",
    17. 

  17.       "kms:TagResource",
    18. 

  18.       "kms:UntagResource",
    19. 

  19.       "kms:ScheduleKeyDeletion",
    20. 

  20.       "kms:CancelKeyDeletion"
    21. 

  21.     ]
    22. 

  22.     resources = ["*"]
    23. 

  23.   }
    24. 

  24. 

  25. }
    26. 

  26. 

  27. resource "aws_iam_policy" "iam_admin_kms" {
    28. 

  28.   name        = "iam_admin_kms"
    29. 

  29.   path        = "/user/"
    30. 

  30.   description = "KMS access for IAM admins"
    31. 

  31.   policy      = data.aws_iam_policy_document.iam_admin_kms.json
    32. 

  32. }
    33.