Added KMSEncryptPolicy policy template and related test changes

Author: william.merz

examples/2016-10-31/policy_templates/all_policy_templates.yaml

@@ -80,6 +80,9 @@ Resources:
         - KMSDecryptPolicy:
             KeyId: keyId
 
+        - KMSEncryptPolicy:
+            KeyId: keyId
+
         - SESBulkTemplatedCrudPolicy:
             IdentityName: name
 

samtranslator/policy_templates_data/policy_templates.json

@@ -798,6 +798,32 @@
         ]
       }
     },
+    "KMSEncryptPolicy": {
+      "Description": "Gives permission to encrypt with KMS Key",
+      "Parameters": {
+        "KeyId": {
+          "Description": "ID of the KMS Key"
+        }
+      },
+      "Definition": {
+        "Statement": [
+          {
+            "Action": "kms:Encrypt",
+            "Effect": "Allow",
+            "Resource": {
+              "Fn::Sub": [
+                "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}",
+                {
+                  "keyId": {
+                    "Ref": "KeyId"
+                  }
+                }
+              ]
+            }
+          }
+        ]
+      }
+    },
     "PollyFullAccessPolicy": {
       "Description": "Gives full access permissions to Polly lexicon resources",
       "Parameters": {

tests/translator/input/all_policy_templates.yaml

@@ -151,3 +151,6 @@ Resources:
 
         - CodeCommitReadPolicy:
             RepositoryName: name
+
+        - KMSEncryptPolicy:
+            KeyId: keyId

tests/translator/output/all_policy_templates.json

@@ -1373,6 +1373,25 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy52",
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "kms:Encrypt",
+                  "Resource": {
+                    "Fn::Sub": [
+                      "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}",
+                      {
+                        "keyId": "keyId"
+                      }
+                    ]
+                  },
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ],
         "AssumeRolePolicyDocument": {

tests/translator/output/aws-cn/all_policy_templates.json

@@ -1372,6 +1372,25 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy52",
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "kms:Encrypt",
+                  "Resource": {
+                    "Fn::Sub": [
+                      "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}",
+                      {
+                        "keyId": "keyId"
+                      }
+                    ]
+                  },
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ],
         "AssumeRolePolicyDocument": {

tests/translator/output/aws-us-gov/all_policy_templates.json

@@ -1373,6 +1373,25 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy52",
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": "kms:Encrypt",
+                  "Resource": {
+                    "Fn::Sub": [
+                      "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}",
+                      {
+                        "keyId": "keyId"
+                      }
+                    ]
+                  },
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ],
         "AssumeRolePolicyDocument": {