Cloud

General discussion

Enabling CloudTrail to encrypt

By Dreyo143 ·
Tags: Cloud
Hello guys,Will this key policy work if updated for cloudtrail.Thanks in advance
{
"Version": "2012-10-17",
"Id": "key-consolepolicy-2",
"Statement": [
{
"Sid": "Enable IAM policies",
"Effect": "Allow",
"Principal": {"AWS": "arn:aws:iam::111122223333:root"},
"Action": "kms:*",
"Resource": "*"
},

{
"Sid": "Allow use of the key",
"Effect": "Allow",
"Principal": {"AWS": [
"arn:aws:iam::111122223333:user/CMKUser",
"arn:aws:iam::111122223333:role/CMKRole",
"arn:aws:iam::444455556666:root"
]},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
},
{
"Sid": "Enable CloudTrail Encrypt Permissions",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "kms:GenerateDataKey*",
"Resource": "*",
"Condition": {
"StringLike": {
"kms:EncryptionContext:aws:cloudtrail:arn": [
"arn:aws:cloudtrail:*:111111111111:trail/*",
"arn:aws:cloudtrail:*:222222222222:trail/*"
]
}
}
}
Thread display: Collapse - | Expand +

All Comments

Collapse -

Re: cloudtrail

by Kees_B Moderator In reply to Enabling CloudTrail to en ...

Apparently, your (unknown) source thought it worked on October 17, 2012.

Maybe better ask their customer service if it's still valid, if you can't find it in their current documentation.

Collapse -

Kees is spot on.

by rproffitt Moderator In reply to Enabling CloudTrail to en ...

That 2012 date is telling. Much has changed over the years. Back to them to see if this is current and if there's a fix and support.

Related Discussions

Related Forums