I have below code to create KMS via CF, however I am getting template error from this section. Is there anything thats missing here?
KmsKey:
Type: AWS::KMS::Key
Properties:
Description: KMS-Key
KeyPolicy:
Version: "2012-10-17"
Id: encryption-key
EnableKeyRotation: "True"
PendingWindowInDays: 7
Statement:
- Sid: Allow administration of the key
Effect: Allow
Resource: "*"
Principal:
AWS: arn:aws:iam::#{AWS::AccountId}:root
Action:
- kms:Create*
- kms:Describe*
- kms:Enable*
- kms:List*
- kms:Put*
- kms:Update*
- kms:Revoke*
- kms:Disable*
- kms:Get*
- kms:Delete*
- kms:ScheduleKeyDeletion
- kms:CancelKeyDeletion
The only thing that is apperent at the moment is that the following:
AWS: arn:aws:iam::#{AWS::AccountId}:root
should be:
AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"