xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DOC: Provided sample KMS key policy for reference

Browse Source
This commit is contained in:
xpk 2024-02-21 14:08:53 +08:00
parent 9371ec8e5b
commit d56e02214d
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/ManagementGovernance/acm-cert-expiry-notice/README.md
View File

@ -11,6 +11,25 @@ This module sets up event rule and sns notification. Deliver email notifications
An error occurred (ValidationException) when calling the PutAccountConfiguration operation: Days before expiry cannot be over 45. An error occurred (ValidationException) when calling the PutAccountConfiguration operation: Days before expiry cannot be over 45.
``` ```
* KMS key for SNS must allow events.amazonaws.com. Check that this statement is present in the KMS key policy. Otherwise you will get FailedInvocation in event rule graph and there is no other debug info.
```json
{
"Sid": "Allow publish from events",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
```
## Sample Event bridge event ## Sample Event bridge event
```json ```json