From 152ea37b24bed89c5ee86ae1533fe9582968035a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 10 Oct 2024 19:15:20 +0100 Subject: [PATCH] Update Policy Master Permissions List (#2742) Co-authored-by: nia-vf1 --- .../master_policy_permissions_list.json | 6 ++++-- .../master_policy_permissions_list.yaml | 8 ++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/data/policy_permissions_list/master_policy_permissions_list.json b/data/policy_permissions_list/master_policy_permissions_list.json index a72dfa284c..b9a5ae8593 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.json +++ b/data/policy_permissions_list/master_policy_permissions_list.json @@ -2665,12 +2665,14 @@ { "name": "kms:CreateGrant", "read_only": true, - "required": true + "required": false, + "description": "Only required if using Customer Managed KMS Key on Volumes mounted by EC2 Instance(s)" }, { "name": "kms:Decrypt", "read_only": true, - "required": true + "required": false, + "description": "Only required if using Customer Managed KMS Key on Volumes mounted by EC2 Instance(s)" }, { "name": "ec2:CreateTags", diff --git a/data/policy_permissions_list/master_policy_permissions_list.yaml b/data/policy_permissions_list/master_policy_permissions_list.yaml index a92f4e3160..1764464f0b 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.yaml +++ b/data/policy_permissions_list/master_policy_permissions_list.yaml @@ -1528,10 +1528,14 @@ required: true - name: kms:CreateGrant read_only: true - required: true + required: false + description: Only required if using Customer Managed KMS Key on Volumes mounted + by EC2 Instance(s) - name: kms:Decrypt read_only: true - required: true + required: false + description: Only required if using Customer Managed KMS Key on Volumes mounted + by EC2 Instance(s) - name: ec2:CreateTags read_only: true required: false