diff --git a/examples/2016-10-31/policy_templates/all_policy_templates.yaml b/examples/2016-10-31/policy_templates/all_policy_templates.yaml index 9d652528ef..6b25355d74 100644 --- a/examples/2016-10-31/policy_templates/all_policy_templates.yaml +++ b/examples/2016-10-31/policy_templates/all_policy_templates.yaml @@ -80,6 +80,9 @@ Resources: - KMSDecryptPolicy: KeyId: keyId + - KMSEncryptPolicy: + KeyId: keyId + - SESBulkTemplatedCrudPolicy: IdentityName: name diff --git a/samtranslator/policy_templates_data/policy_templates.json b/samtranslator/policy_templates_data/policy_templates.json index dc1f7cbd77..f44f171ad6 100644 --- a/samtranslator/policy_templates_data/policy_templates.json +++ b/samtranslator/policy_templates_data/policy_templates.json @@ -798,6 +798,32 @@ ] } }, + "KMSEncryptPolicy": { + "Description": "Gives permission to encrypt with KMS Key", + "Parameters": { + "KeyId": { + "Description": "ID of the KMS Key" + } + }, + "Definition": { + "Statement": [ + { + "Action": "kms:Encrypt", + "Effect": "Allow", + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}", + { + "keyId": { + "Ref": "KeyId" + } + } + ] + } + } + ] + } + }, "PollyFullAccessPolicy": { "Description": "Gives full access permissions to Polly lexicon resources", "Parameters": { diff --git a/tests/translator/input/all_policy_templates.yaml b/tests/translator/input/all_policy_templates.yaml index 47509c70ea..f48a6abd98 100644 --- a/tests/translator/input/all_policy_templates.yaml +++ b/tests/translator/input/all_policy_templates.yaml @@ -151,3 +151,6 @@ Resources: - CodeCommitReadPolicy: RepositoryName: name + + - KMSEncryptPolicy: + KeyId: keyId \ No newline at end of file diff --git a/tests/translator/output/all_policy_templates.json b/tests/translator/output/all_policy_templates.json index 5fb0f4012b..7d2c5eb01b 100644 --- a/tests/translator/output/all_policy_templates.json +++ b/tests/translator/output/all_policy_templates.json @@ -1373,6 +1373,25 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy52", + "PolicyDocument": { + "Statement": [ + { + "Action": "kms:Encrypt", + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}", + { + "keyId": "keyId" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": { diff --git a/tests/translator/output/aws-cn/all_policy_templates.json b/tests/translator/output/aws-cn/all_policy_templates.json index ebaac19d1f..348e296004 100644 --- a/tests/translator/output/aws-cn/all_policy_templates.json +++ b/tests/translator/output/aws-cn/all_policy_templates.json @@ -1372,6 +1372,25 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy52", + "PolicyDocument": { + "Statement": [ + { + "Action": "kms:Encrypt", + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}", + { + "keyId": "keyId" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": { diff --git a/tests/translator/output/aws-us-gov/all_policy_templates.json b/tests/translator/output/aws-us-gov/all_policy_templates.json index 52ca4830f1..c46e42d2a5 100644 --- a/tests/translator/output/aws-us-gov/all_policy_templates.json +++ b/tests/translator/output/aws-us-gov/all_policy_templates.json @@ -1373,6 +1373,25 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy52", + "PolicyDocument": { + "Statement": [ + { + "Action": "kms:Encrypt", + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/${keyId}", + { + "keyId": "keyId" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": {