chore: add kms:GenerateRandom permission to CI role (#1345)

imabhichow · web-flow · commit 56ebd5d068a7 · 2025-03-19T17:48:24.000-07:00
diff --git a/cfn/ESDK-Hierarchy-CI.yaml b/cfn/ESDK-Hierarchy-CI.yaml
@@ -262,7 +262,16 @@ Resources:
                 "arn:aws:kms:*:${AWS::AccountId}:key/${EccP384}",
                 "arn:aws:kms:*:${AWS::AccountId}:key/${EccP521}"
               ]
-            }
+            },
+            {
+              "Effect": "Allow",
+              "Action": [
+                "kms:GenerateRandom"
+              ],
+              "Resource": [
+                "*"
+              ]
+            }   
           ]
         }
       ManagedPolicyName: Hierarchical-GitHub-KMS-Key-Policy

Original file line number	Diff line number	Diff line change
`@@ -262,7 +262,16 @@ Resources:`
`262`	`262`	`"arn:aws:kms:*:${AWS::AccountId}:key/${EccP384}",`
`263`	`263`	`"arn:aws:kms:*:${AWS::AccountId}:key/${EccP521}"`
`264`	`264`	`]`
`265`		`- }`
	`265`	`+ },`
	`266`	`+ {`
	`267`	`+ "Effect": "Allow",`
	`268`	`+ "Action": [`
	`269`	`+ "kms:GenerateRandom"`
	`270`	`+ ],`
	`271`	`+ "Resource": [`
	`272`	`+ "*"`
	`273`	`+ ]`
	`274`	`+ }`
`266`	`275`	`]`
`267`	`276`	`}`
`268`	`277`	`ManagedPolicyName: Hierarchical-GitHub-KMS-Key-Policy`