security-and-compliance-account/stacks/pipeline_stack/cdk_stack.py [304:320]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            statement = iam.PolicyStatement(
                sid = 'KmsAllowKeyUsage',
                actions = [
                    'kms:Decrypt',
                    'kms:DescribeKey',
                    'kms:Encrypt',
                    'kms:GenerateDataKey',
                    'kms:GenerateDataKeyWithoutPlainText',
                    'kms:ReEncrypt',
                    'kms:ReEncryptTo',
                    'kms:ReEncryptFrom',
                    'kms:TagResource',
                    'kms:CreateKey'
                ],
                effect = iam.Effect.ALLOW,
                principals = [
                    iam.ArnPrincipal(
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



workload-account/stacks/pipeline_stack/cdk_stack.py [532:548]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            statement = iam.PolicyStatement(
                sid = 'KmsAllowKeyUsage',
                actions = [
                    'kms:Decrypt',
                    'kms:DescribeKey',
                    'kms:Encrypt',
                    'kms:GenerateDataKey',
                    'kms:GenerateDataKeyWithoutPlainText',
                    'kms:ReEncrypt',
                    'kms:ReEncryptTo',
                    'kms:ReEncryptFrom',
                    'kms:TagResource',
                    'kms:CreateKey'
                ],
                effect = iam.Effect.ALLOW,
                principals = [
                    iam.ArnPrincipal(
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -