Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: examples of least privileged IAM policies for key generation and signing #6

Open
danmx opened this issue Aug 5, 2020 · 1 comment
Open

Docs: examples of least privileged IAM policies for key generation and signing #6

danmx opened this issue Aug 5, 2020 · 1 comment
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@danmx
Copy link
Contributor

danmx commented Aug 5, 2020

We should add least privileged IAM policies for key generation and signing for current examples.
@danmx danmx added enhancement New feature or request documentation Improvements or additions to documentation labels Aug 5, 2020
@matdehaast
Copy link

Having gone through the code base this is what I came up with for just the signing part. I actually think just Sign and GetPublicKey are required but the two extra calls aren't sensitive so added them in case.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": [
                "kms:Verify",
                "kms:Sign",
                "kms:GetPublicKey",
                "kms:DescribeKey"
            ],
            "Resource": "arn:aws:kms:{REGION}:{ACCOUNT_ID}:key/{KEY_ID}"
        }
    ]
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danmx @matdehaast