Hello,
I am using amazon plugin to build AWS AMI.
In my pcl2
I have sectyion for launch_block_device_mapping
launch_block_device_mappings {
delete_on_termination = true
device_name = "/dev/sda1"
encrypted = true
kms_key_id = "alias/xxxx"
volume_size = 42
volume_type = "gp3"
}
The issue is the CMK keys in my account use key policy and there is no single role/user that has describekey permission. The user/role starting the build has full permission on kms_key_id i am providing but some other keys.
As soon as i kick off a build it fails, and it can’t create instance to build my AMI. I tried removing the block all together as i have default encryption enabled with the correct key which i have full permissions, but build still fails.
How to proceed?
Thanks
S