Skip to content

Commit bd56080

Browse files
toriclstoricls
authored
Merge pull request #34 from grimm26/kms_arn
Get KMS key's Arn and use that where needed instead of its Id.
2 parents 83d2161 + 2cceba2 commit bd56080

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

check-ecs-exec.sh

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -256,6 +256,7 @@ else
256256
printf "${COLOR_YELLOW}Not Configured"
257257
else
258258
printf "${kmsKeyId}"
259+
kmsKeyArn=$(${AWS_CLI_BIN} kms describe-key --key-id $kmsKeyId --query 'KeyMetadata.Arn' --output text)
259260
fi
260261
printf "\n"
261262

@@ -312,7 +313,7 @@ if [[ ! "x${kmsKeyId}" = "xnull" ]]; then
312313
kmsGenerateDataKeyResult=$(${AWS_CLI_BIN} iam simulate-principal-policy \
313314
--policy-source-arn "${MY_IAM_ARN}" \
314315
--action-names "${kmsGenerateDataKey}" \
315-
--resource-arns "${kmsKeyId}" \
316+
--resource-arns "${kmsKeyArn}" \
316317
--output json \
317318
| jq -r ".EvaluationResults[0].EvalDecision")
318319
showEvalResult "${kmsGenerateDataKeyResult}" "${kmsGenerateDataKey}"
@@ -543,7 +544,7 @@ else
543544
kmsEvalResult=$(${AWS_CLI_BIN} iam simulate-principal-policy \
544545
--policy-source-arn "${taskRoleArn}" \
545546
--action-names "${kmsDecrypt}" \
546-
--resource-arns "${kmsKeyId}" \
547+
--resource-arns "${kmsKeyArn}" \
547548
--output json \
548549
| jq -r ".EvaluationResults[0].EvalDecision")
549550
showEvalResult "${kmsEvalResult}" "${kmsDecrypt}"

0 commit comments

Comments
 (0)