Skip to content

Commit

Permalink
#6 update lambda permission
Browse files Browse the repository at this point in the history
  • Loading branch information
@kunduso
kunduso committed Sep 2, 2024
1 parent adb6beb commit 553c2a8
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
11 changes: 11 additions & 0 deletions lambda_iam_role.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,17 @@ resource "aws_iam_policy" "lambda_policy" {
]
Resource = [aws_kms_key.encryption_rest.arn]
},
{
Effect = "Allow",
Action = [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt",
"kms:GenerateDataKey",
"kms:Describe"
]
Resource = [aws_kms_key.encryption_secret.arn]
},
{
Effect = "Allow",
Action = [
Expand Down
7 changes: 4 additions & 3 deletions rds.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,10 @@ resource "aws_db_instance" "postgresql" {
# CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
deletion_protection = false
#CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
copy_tags_to_snapshot = true
performance_insights_enabled = true
manage_master_user_password = true
copy_tags_to_snapshot = true
performance_insights_enabled = true
manage_master_user_password = true
# password =
master_user_secret_kms_key_id = aws_kms_key.encryption_secret.arn
# master_user_secret_kms_key_id = aws_kms_key.example.arn
# kms_key_id = aws_kms_key.example.arn
Expand Down

0 comments on commit 553c2a8

Please sign in to comment.