Merge pull request #34 from grimm26/kms_arn

toricls · web-flow · commit bd56080e73c4 · 2021-08-06T14:34:46.000+09:00
Get KMS key's Arn and use that where needed instead of its Id.
diff --git a/check-ecs-exec.sh b/check-ecs-exec.sh
@@ -256,6 +256,7 @@ else
     printf "${COLOR_YELLOW}Not Configured"
   else
     printf "${kmsKeyId}"
+    kmsKeyArn=$(${AWS_CLI_BIN} kms describe-key --key-id $kmsKeyId --query 'KeyMetadata.Arn' --output text)
   fi
   printf "\n"
 
@@ -312,7 +313,7 @@ if [[ ! "x${kmsKeyId}" = "xnull" ]]; then
   kmsGenerateDataKeyResult=$(${AWS_CLI_BIN} iam simulate-principal-policy \
     --policy-source-arn "${MY_IAM_ARN}" \
     --action-names "${kmsGenerateDataKey}" \
-    --resource-arns "${kmsKeyId}" \
+    --resource-arns "${kmsKeyArn}" \
     --output json \
     | jq -r ".EvaluationResults[0].EvalDecision")
   showEvalResult "${kmsGenerateDataKeyResult}" "${kmsGenerateDataKey}"
@@ -543,7 +544,7 @@ else
     kmsEvalResult=$(${AWS_CLI_BIN} iam simulate-principal-policy \
       --policy-source-arn "${taskRoleArn}" \
       --action-names "${kmsDecrypt}" \
-      --resource-arns "${kmsKeyId}" \
+      --resource-arns "${kmsKeyArn}" \
       --output json \
       | jq -r ".EvaluationResults[0].EvalDecision")
     showEvalResult "${kmsEvalResult}" "${kmsDecrypt}"
