Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Distinguish between kms:ReEncryptFrom and kms:ReEncryptTo when finding kms:ReEncrypt #27

Open
flosell opened this issue Jan 21, 2018 · 0 comments
Labels
bug generate-feature Issues regarding the generation of IAM Policies from Events

Comments

@flosell
Copy link
Owner

flosell commented Jan 21, 2018

The KMS ReEncrypt API call has special IAM behavior, it maps to kms:ReEncryptFrom or kms:ReEncryptTo: https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html

Currently, we map to kms:ReEncrypt*, which is not precise. Try to figure out from other CloudTrail information what the right action is

@flosell flosell added the bug label Jan 21, 2018
@flosell flosell added the generate-feature Issues regarding the generation of IAM Policies from Events label Jul 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug generate-feature Issues regarding the generation of IAM Policies from Events
Projects
None yet
Development

No branches or pull requests

1 participant