From d2108991d29cf717718e45609096ab69aab88a69 Mon Sep 17 00:00:00 2001
From: Raghu Vamsi Tekumudi <devops.rv@outlook.com>
Date: Fri, 19 Jan 2024 13:35:39 -0500
Subject: [PATCH] Update KMS CMK Access Policy

CloudWatch Alarm action was failing with the error  "CloudWatch Alarms does not have authorization to access the SNS topic encryption key. it is because of the missing policy
---
 template.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/template.yaml b/template.yaml
index 9f43853..ab1d17b 100644
--- a/template.yaml
+++ b/template.yaml
@@ -181,6 +181,14 @@ Resources:
                 - !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:root"
             Action: 'kms:*'
             Resource: '*'
+          - Effect: Allow
+            Principal:
+              Service:
+                -  cloudwatch.amazonaws.com
+            Action: 
+                - "kms:Decrypt"
+                - "kms:GenerateDataKey*"
+            Resource: '*'
 
 Outputs:
   WebApi: