Add support for CloudFormation Fn::GetAtt to KMS Key (#1681)

2018-07-13 18:40:54 +08:00 · 2018-07-13 18:40:54 +08:00 · c3b690114c
commit c3b690114c
parent dcdaca8984
3 changed files with 60 additions and 0 deletions
--- a/tests/test_cloudformation/fixtures/kms_key.py
+++ b/tests/test_cloudformation/fixtures/kms_key.py
@ -0,0 +1,39 @@
+from __future__ import unicode_literals
+
+template = {
+    "AWSTemplateFormatVersion": "2010-09-09",
+
+    "Description": "AWS CloudFormation Sample Template to create a KMS Key.  The Fn::GetAtt is used to retrieve the ARN",
+
+    "Resources" : {
+        "myKey" : {
+            "Type" : "AWS::KMS::Key",
+            "Properties" : {
+                "Description": "Sample KmsKey",
+                "EnableKeyRotation": False,
+                "Enabled": True,
+                "KeyPolicy" : {
+                    "Version": "2012-10-17",
+                    "Id": "key-default-1",
+                    "Statement": [
+                        {
+                        "Sid": "Enable IAM User Permissions",
+                        "Effect": "Allow",
+                        "Principal": {
+                            "AWS": { "Fn::Join" : ["" , ["arn:aws:iam::", {"Ref" : "AWS::AccountId"} ,":root" ]] }
+                        },
+                        "Action": "kms:*",
+                        "Resource": "*"
+                        }
+                    ]
+                }
+            }
+        }
+    },
+    "Outputs" : {
+        "KeyArn" : {
+            "Description": "Generated Key Arn",
+            "Value" : { "Fn::GetAtt" : [ "myKey", "Arn" ] }
+        }
+    }
+}