[英]AWS KMS Decrypt Error Credstash
My aws account is in us-west-2 region. 我的aws帐户位于us-west-2地区。 and the KMS key created in that account has ARN arn:aws:kms:us-east-1::key/.
并且在该帐户中创建的KMS密钥具有ARN arn:aws:kms:us-east-1 :: key /。 In my node module, I am using Credstash to decrypt the key which is encrypted using the KMS key.
在我的节点模块中,我正在使用Credstash解密使用KMS密钥加密的密钥。
var credstash = new Credstash({ 'table': 'tablename', 'awsOpts': { 'region':'region' } });
let secret = credstash.getSecret({name: 'keyname'}).then(result =>{
console.log(result);
});;
I am getting below exception. 我在例外之下。
"The ciphertext refers to a customer master key that does not exist,
does not exist in this region, or you are not allowed to access"
Below is the IAM policy in sls file. 以下是sls文件中的IAM策略。
Effect: "Allow"
Action: ["kms:Decrypt"]
Resource: [
Fn::Join: ["", [ "arn:aws:kms:us-east-1:accountid:key/",{"Fn::Sub": "kmskey"}]]
]
Any pointers to fix this issue will be of great help 任何解决此问题的建议都将有很大帮助
请使用以下
new Credstash({ 'table': <table-name>, 'awsOpts' : { 'region': 'us-west-2' }, 'kmsOpts': { 'region' : 'us-east-1'}} )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.