You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"error":"AccessDeniedException: User: arn:aws:sts::77777777777:assumed-role/ack-kms-202501100234234234243243234/234728374242842 is not authorized to perform: kms:EnableKeyRotation on resource: arn:aws:kms:us-west-2:777777777:key/aaaaaaa-bbbb-ccc-ddd-dfasfasdfse434 because no identity-based policy allows the kms:EnableKeyRotation action\n\tstatus code: 400, request id: 2342dsfsdf-fdef-4fe3-94e7-3w4wsfds8834"
Steps to reproduce
Deploy ack-kms
Deploy key crd
apiVersion: kms.services.k8s.aws/v1alpha1
kind: Key
metadata:
name: samplekey
namespace: db
spec:
description: sample key for secretsmanager
enableKeyRotation: true
keySpec: SYMMETRIC_DEFAULT
keyUsage: ENCRYPT_DECRYPT
tags:
- tagKey: Name
tagValue: sampleykey
Expected outcome
Create key w/ auto key rotation enabled.
Actual result
a partially created key w/ autorotation setting disabled.
Environment
AWS
Kubernetes version
Using EKS (yes/no), if so version? EKS 1.30
AWS service targeted (S3, RDS, etc.) KMS key
The text was updated successfully, but these errors were encountered:
Describe the bug
The policy recommended in https://github.com/aws-controllers-k8s/kms-controller/blob/main/config/iam/recommended-inline-policy does not include kms:EnableKeyRotation causing the following error during creation of resource.
Steps to reproduce
Expected outcome
Create key w/ auto key rotation enabled.
Actual result
a partially created key w/ autorotation setting disabled.
Environment
AWS
The text was updated successfully, but these errors were encountered: