diff --git a/kms/kms.yaml b/kms/kms.yaml index b4cbf6e..de7c01c 100644 --- a/kms/kms.yaml +++ b/kms/kms.yaml @@ -1,49 +1,49 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: myKey: Type: AWS::KMS::Key Properties: Enabled: false Description: An example symmetric CMK - EnableKeyRotation: false + EnableKeyRotation: true PendingWindowInDays: 20 KeyPolicy: Version: '2012-10-17' Id: key-default-1 Statement: - - Sid: Enable IAM User Permissions - Effect: Allow - Principal: - AWS: '*' - Action: kms:* - Resource: '*' - - Sid: Allow administration of the key - Effect: Allow - Principal: - AWS: '*' - Action: - - kms:Create* - - kms:Describe* - - kms:Enable* - - kms:List* - - kms:Put* - - kms:Update* - - kms:Revoke* - - kms:Disable* - - kms:Get* - - kms:Delete* - - kms:ScheduleKeyDeletion - - kms:CancelKeyDeletion - Resource: '*' - - Sid: Allow use of the key - Effect: Allow - Principal: - AWS: '*' - Action: - - kms:DescribeKey - - kms:Encrypt - - kms:Decrypt - - kms:ReEncrypt* - - kms:GenerateDataKey - - kms:GenerateDataKeyWithoutPlaintext - Resource: '*' \ No newline at end of file + - Sid: Enable IAM User Permissions + Effect: Allow + Principal: + AWS: '*' + Action: kms:* + Resource: '*' + - Sid: Allow administration of the key + Effect: Allow + Principal: + AWS: '*' + Action: + - kms:Create* + - kms:Describe* + - kms:Enable* + - kms:List* + - kms:Put* + - kms:Update* + - kms:Revoke* + - kms:Disable* + - kms:Get* + - kms:Delete* + - kms:ScheduleKeyDeletion + - kms:CancelKeyDeletion + Resource: '*' + - Sid: Allow use of the key + Effect: Allow + Principal: + AWS: '*' + Action: + - kms:DescribeKey + - kms:Encrypt + - kms:Decrypt + - kms:ReEncrypt* + - kms:GenerateDataKey + - kms:GenerateDataKeyWithoutPlaintext + Resource: '*'