export function grantKmsKeyPerm()

in src/lib/utils.ts [39:63]

• 25 lines of code
• 1 McCabe index (conditional complexity)

export function grantKmsKeyPerm(key: IKey, logGroupName: string): void {
  key.addToResourcePolicy(new PolicyStatement({
    principals: [new ServicePrincipal('logs.amazonaws.com')],
    actions: [
      'kms:Encrypt*',
      'kms:ReEncrypt*',
      'kms:Decrypt*',
      'kms:GenerateDataKey*',
      'kms:Describe*',
    ],
    resources: [
      '*',
    ],
    conditions: {
      ArnLike: {
        'kms:EncryptionContext:aws:logs:arn': Arn.format({
          service: 'logs',
          resource: 'log-group',
          resourceName: logGroupName,
          arnFormat: ArnFormat.COLON_RESOURCE_NAME,
        }, Stack.of(key)),
      },
    },
  }));
}