loading...

re: AWS KMS use case with Serverless Application Model (SAM): An end to end solution VIEW POST

TOP OF THREAD FULL DISCUSSION
re: The policy only grants $keyUser access to the key, not the lambda itself. The lambda code still has to authenticate as $keyUser at some point. Wh...

With that Policy, an inline policy for Lamdba is created and assigned to the execution role to have access to key. Lamdba doesn't use KeyUser.

Ok, that's what I thought. You don't really need the $keyUser statement. For using the key, it would probably be more portable to grant access to a role instead of a user anyway.

Code of Conduct Report abuse