Skip to content

[Bug] Add kms_key_administrators_arns to rule_store module and resolve Terraform symlink issues#56

Merged
rdiers merged 2 commits into
airbnb:masterfrom
rdiers:rad/update-tf-kms-vars-params
Jun 13, 2025
Merged

[Bug] Add kms_key_administrators_arns to rule_store module and resolve Terraform symlink issues#56
rdiers merged 2 commits into
airbnb:masterfrom
rdiers:rad/update-tf-kms-vars-params

Conversation

@rdiers

@rdiers rdiers commented Jun 12, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

[Bug] Add kms_key_administrators_arns to rule_store module and resolve Terraform symlink issues

to: @natesinger
cc: @airbnb/rudolph-maintainers

Background

[Bug] Add kms_key_administrators_arns to rule_store module

Changes

  • Add the variable/parameter for kms_key_administrators_arns
  • Resolve Terraform plan/apply issues with symlink

Testing

Deployment to test/my own development instances:

make deploy ENV=dev
...
Terraform will perform the following actions:
...
  # module.santa_api.module.rule_store.aws_kms_key.store_sse_key will be updated in-place
  ~ resource "aws_kms_key" "store_sse_key" {
        id                                 = "******
      ~ policy                             = jsonencode(
          ~ {
              ~ Statement = [
                    # (2 unchanged elements hidden)
                    {
                        Action    = [
                            "kms:List*",
                            "kms:Get*",
                            "kms:Describe*",
                        ]
                        Effect    = "Allow"
                        Principal = {
                            Service = "dynamodb.amazonaws.com"
                        }
                        Resource  = "*"
                        Sid       = "Allow DynamoDB to get information about the CMK"
                    },
                  + {
                      + Action    = [
                          + "kms:Update*",
                          + "kms:UntagResource",
                          + "kms:TagResource",
                          + "kms:ScheduleKeyDeletion",
                          + "kms:Revoke*",
                          + "kms:ReEncrypt*",
                          + "kms:Put*",
                          + "kms:List*",
                          + "kms:Get*",
                          + "kms:GenerateDataKey*",
                          + "kms:Encrypt",
                          + "kms:Enable*",
                          + "kms:Disable*",
                          + "kms:DescribeKey",
                          + "kms:Describe*",
                          + "kms:Delete*",
                          + "kms:Decrypt",
                          + "kms:Create*",
                          + "kms:CancelKeyDeletion",
                        ]
                      + Effect    = "Allow"
                      + Principal = {
                          + AWS = [
                              + "*****",
                              + "*****,
                            ]
                        }
                      + Resource  = "*"
                      + Sid       = "Allow access for Key Administrators"
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        tags                               = {}
        # (10 unchanged attributes hidden)
    }
...
Plan: 3 to add, 8 to change, 3 to destroy.
Apply complete! Resources: 3 added, 8 changed, 3 destroyed.

Outputs:
sync_base_url = "https://***********"

@rdiers rdiers changed the title [Bug] Add kms_key_administrators_arns to rule_store module [Bug] Add kms_key_administrators_arns to rule_store module and resolve Terraform symlnk issues Jun 13, 2025
@rdiers rdiers changed the title [Bug] Add kms_key_administrators_arns to rule_store module and resolve Terraform symlnk issues [Bug] Add kms_key_administrators_arns to rule_store module and resolve Terraform symlnk issues Jun 13, 2025
@rdiers rdiers changed the title [Bug] Add kms_key_administrators_arns to rule_store module and resolve Terraform symlnk issues [Bug] Add kms_key_administrators_arns to rule_store module and resolve Terraform symlink issues Jun 13, 2025
@rdiers rdiers merged commit 4105ae9 into airbnb:master Jun 13, 2025
@rdiers rdiers deleted the rad/update-tf-kms-vars-params branch June 13, 2025 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@natesinger natesinger natesinger approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rdiers @natesinger