diff --git a/kms/kms.yaml b/kms/kms.yaml index b4cbf6e..e354159 100644 --- a/kms/kms.yaml +++ b/kms/kms.yaml @@ -1,9 +1,9 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: myKey: Type: AWS::KMS::Key Properties: - Enabled: false + Enabled: true Description: An example symmetric CMK EnableKeyRotation: false PendingWindowInDays: 20 @@ -11,39 +11,39 @@ Resources: Version: '2012-10-17' Id: key-default-1 Statement: - - Sid: Enable IAM User Permissions - Effect: Allow - Principal: - AWS: '*' - Action: kms:* - Resource: '*' - - Sid: Allow administration of the key - Effect: Allow - Principal: - AWS: '*' - Action: - - kms:Create* - - kms:Describe* - - kms:Enable* - - kms:List* - - kms:Put* - - kms:Update* - - kms:Revoke* - - kms:Disable* - - kms:Get* - - kms:Delete* - - kms:ScheduleKeyDeletion - - kms:CancelKeyDeletion - Resource: '*' - - Sid: Allow use of the key - Effect: Allow - Principal: - AWS: '*' - Action: - - kms:DescribeKey - - kms:Encrypt - - kms:Decrypt - - kms:ReEncrypt* - - kms:GenerateDataKey - - kms:GenerateDataKeyWithoutPlaintext - Resource: '*' \ No newline at end of file + - Sid: Enable IAM User Permissions + Effect: Allow + Principal: + AWS: '*' + Action: kms:* + Resource: '*' + - Sid: Allow administration of the key + Effect: Allow + Principal: + AWS: '*' + Action: + - kms:Create* + - kms:Describe* + - kms:Enable* + - kms:List* + - kms:Put* + - kms:Update* + - kms:Revoke* + - kms:Disable* + - kms:Get* + - kms:Delete* + - kms:ScheduleKeyDeletion + - kms:CancelKeyDeletion + Resource: '*' + - Sid: Allow use of the key + Effect: Allow + Principal: + AWS: '*' + Action: + - kms:DescribeKey + - kms:Encrypt + - kms:Decrypt + - kms:ReEncrypt* + - kms:GenerateDataKey + - kms:GenerateDataKeyWithoutPlaintext + Resource: '*'