in src/integ_test_resources/ios/sdk/integration/cdk/cdk_integration_tests_ios/kms_stack.py [0:0]
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["kms:CreateKey"],
resources=["*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=all_resources_policy)
alias_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["kms:CreateAlias"],
resources=[f"arn:aws:kms:{self.region}:{self.account}:alias*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=alias_policy)
key_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"kms:CancelKeyDeletion",
"kms:CreateAlias",
"kms:Decrypt",
"kms:DescribeKey",
"kms:DisableKeyRotation",
"kms:Encrypt",
"kms:ScheduleKeyDeletion",
],
resources=[f"arn:aws:kms:{self.region}:{self.account}:key*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=key_policy)