@planetarium/account-aws-kms
TypeScript icon, indicating that this package has built-in type declarations

4.5.0 • Public • Published

@planetarium/account-aws-kms

An npm package for providing AwsKmsKeyStore, an implementation of KeyStore from @planetarium/account that uses AWS KMS as the backend.

Required permissions

Method Required permissions Required for AwsKmsKeyStoreOptions.scopingTags
AwsKmsKeyStore.list() kms:ListKeys kms:ListResourceTags
AwsKmsKeyStore.get() kms:ListKeys kms:ListResourceTags
AwsKmsKeyStore.generate() kms:CreateKey, kms:GetPublicKey kms:TagResource
AwsKmsKeyStore.delete() kms:ScheduleKeyDeletion
AwsKmsAccount.sign()1 kms:Sign

Replace [NUMERIC_ROOT_ACCOUNT_ID] with your [12-digit root account ID][AWSId]:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "kms:GetPublicKey",
        "kms:ScheduleKeyDeletion",
        "kms:DescribeKey",
        "kms:ListResourceTags",
        "kms:Sign",
        "kms:TagResource"
      ],
      "Resource": "arn:aws:kms:*:[NUMERIC_ROOT_ACCOUNT_ID]:key/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "kms:ListKeys",
        "kms:CreateKey"
      ],
      "Resource": "*"
    }
  ]
}
  1. An AwsKmsAccount instance can be obtained from AwsKmsKeyStore.get(). [AWSId]: https://docs.aws.amazon.com/signin/latest/userguide/FindingYourAWSId.html

Readme

Keywords

Package Sidebar

Install

npm i @planetarium/account-aws-kms

Weekly Downloads

256

Version

4.5.0

License

LGPL-2.1-or-later

Unpacked Size

82.5 kB

Total Files

14

Last publish

Collaborators

  • planetarium-9c-dx
  • tkiapril
  • longfin
  • akamig
  • riemannulus
  • moreal
  • libplanet