Terraform: KMS Key assign Roles to it

Created on 3 Mar 2017  ยท  2Comments  ยท  Source: hashicorp/terraform

I have a terraform script which creates a Lambda and links it to an API Gateway end point. This works fine, but the issue I have is that the lambda function used environment variables which are encrypted with a KMS Key.

The lambda is associated with a Role and I need to assign that role to the KMS key. Can someone help with how this is done as currently the lambda cannot decrypt the variables because it does not have access to the key. The only way I can get this to work is to manually go into KMS key in the console and manually add the role under the "Key Users" section, and then everything works.

So basically I need to do the following in terraform:

Create an IAM Role (this works)
Create a KMS Key doing this with (aws_kms_key and aws_kms_alias)
Assign the role to the key

For some reason I've noticed that when I create the key with TF, there is no manual option to add a role anyway, am I creating the key in the wrong way.

May thanks in advance.

provideaws question
Source
picture dhcrees

Most helpful comment

did you find a solution to this problem?

picture heyarnold1 on 24 Apr 2017
👍2

All 2 comments

did you find a solution to this problem?

heyarnold1 picture heyarnold1 on 24 Apr 2017
👍2

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 13 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cpoole picture cpoole  ยท  3Comments
rjinski picture rjinski  ยท  3Comments
allomov picture allomov  ยท  3Comments
carl-youngblood picture carl-youngblood  ยท  3Comments
darron picture darron  ยท  3Comments