1 Answer
- Newest
- Most votes
- Most comments
1
I believe the issue is in the "Principal" field. You can use "*" Or you can use "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" Or you can create your own role with a copy of AWSServiceRoleForAutoScaling.
Relevant content
- Accepted Answerasked 10 months ago
- asked 2 months ago
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
For a bit more detail, here is what the policy should look like and the link to the documentation. You're almost there.
{ "Sid": "Allow service-linked role use of the customer managed key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt" ], "Resource": "*" }
https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-sns-notifications.html#sns-kms-permissions
You can let us know if that works. Thanks.
Hi Team, I want to get alerts for all events in aws. If I put this only then I did not get other alerts like cloud watch and all.
Thanks, Anuj