<p>Is it possible to get a KMS Key ARN using CloudFormation using an alias? I want to give specific permissions to a Key in my AWS Account.</p> <p>Something like the following?</p> <pre class="prettyprint"><code> - Effect: Allow Action: kms:Decrypt Resource: - 'Fn::GetAtt': - 'alias/someAliasOfAKMSKey' - 'arn' </code></pre>

How to get an AWS SSM Key Arn from an Alias using CloudFormation?

Is it possible to get a KMS Key ARN using CloudFormation using an alias? I want to give specific permissions to a Key in my AWS Account.

Something like the following?

  - Effect: Allow
    Action: kms:Decrypt
    Resource:
      - 'Fn::GetAtt': 
        - 'alias/someAliasOfAKMSKey'
        - 'arn'

765

asked Jan 29 '19 22:01

You can do something like this:

- Effect: Allow
  Action:
  - kms:Decrypt
  Resource:
  - !Sub 'arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/someKeyNameOfAKMSKey'

140

answered Nov 15 '22 03:11

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!