General discussion

  • Creator
    Topic
  • #2141028

    Enabling CloudTrail to encrypt

    by dreyo143 ·

    Tags: ,

    Hello guys,Will this key policy work if updated for cloudtrail.Thanks in advance
    {
    “Version”: “2012-10-17”,
    “Id”: “key-consolepolicy-2”,
    “Statement”: [
    {
    “Sid”: “Enable IAM policies”,
    “Effect”: “Allow”,
    “Principal”: {“AWS”: “arn:aws:iam::111122223333:root”},
    “Action”: “kms:*”,
    “Resource”: “*”
    },

    {
    “Sid”: “Allow use of the key”,
    “Effect”: “Allow”,
    “Principal”: {“AWS”: [
    “arn:aws:iam::111122223333:user/CMKUser”,
    “arn:aws:iam::111122223333:role/CMKRole”,
    “arn:aws:iam::444455556666:root”
    ]},
    “Action”: [
    “kms:Encrypt”,
    “kms:Decrypt”,
    “kms:ReEncrypt*”,
    “kms:GenerateDataKey*”,
    “kms:DescribeKey”
    ],
    “Resource”: “*”
    },
    {
    “Sid”: “Enable CloudTrail Encrypt Permissions”,
    “Effect”: “Allow”,
    “Principal”: {
    “Service”: “cloudtrail.amazonaws.com”
    },
    “Action”: “kms:GenerateDataKey*”,
    “Resource”: “*”,
    “Condition”: {
    “StringLike”: {
    “kms:EncryptionContext:aws:cloudtrail:arn”: [
    “arn:aws:cloudtrail:*:111111111111:trail/*”,
    “arn:aws:cloudtrail:*:222222222222:trail/*”
    ]
    }
    }
    }

You are posting a reply to: Enabling CloudTrail to encrypt

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Comments

  • Author
    Replies
    • #2419868

      Re: cloudtrail

      by kees_b ·

      In reply to Enabling CloudTrail to encrypt

      Apparently, your (unknown) source thought it worked on October 17, 2012.

      Maybe better ask their customer service if it’s still valid, if you can’t find it in their current documentation.

    • #2419867

      Kees is spot on.

      by rproffitt ·

      In reply to Enabling CloudTrail to encrypt

      That 2012 date is telling. Much has changed over the years. Back to them to see if this is current and if there’s a fix and support.

Viewing 1 reply thread