Merge pull request #33 from rectalogic/kms

toricls · web-flow · commit 83d2161469a8 · 2021-07-27T10:18:46.000+09:00
Need to pass KMS key ARN when checking kms:Decrypt
diff --git a/check-ecs-exec.sh b/check-ecs-exec.sh
@@ -543,6 +543,7 @@ else
     kmsEvalResult=$(${AWS_CLI_BIN} iam simulate-principal-policy \
       --policy-source-arn "${taskRoleArn}" \
       --action-names "${kmsDecrypt}" \
+      --resource-arns "${kmsKeyId}" \
       --output json \
       | jq -r ".EvaluationResults[0].EvalDecision")
     showEvalResult "${kmsEvalResult}" "${kmsDecrypt}"
