-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(kms): do not change the principal to root for imported resources …
…in dependent Stacks (#10299) We have logic in KMS Key that checks whether the grantee is from a Stack that depends on the Key's Stack. It's required because KMS validated that the principals contained in its Key policy actually exist, and fails if they don't, so in that case, we switch to using the root principal instead. However, that logic only makes sense for newly created resources; for imported resources, like those with `Role.fromRoleArn`, they already exist, so no need to make this switch. Fixes #10166. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information
Showing
2 changed files
with
36 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters