diff options
author | Vincent Ambo <mail@tazj.in> | 2023-06-09T14·52+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2023-06-10T11·23+0000 |
commit | e3778ff6bc97d102aa6d2119e46c174384271f88 (patch) | |
tree | b20d0746d7430deda7b4c52d3fb3a53f6a1c68dc /corp/ops/yandex | |
parent | 75ffea3fe688ed8b010467ec726522af6391c102 (diff) |
fix(corp/ops): let service account use encryption key r/6258
Change-Id: Idd68e849457ecf600b1d9a318846557adfce8575 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8737 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
Diffstat (limited to 'corp/ops/yandex')
-rw-r--r-- | corp/ops/yandex/rih.tf | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/corp/ops/yandex/rih.tf b/corp/ops/yandex/rih.tf index 2db420835a12..fa0243a625c5 100644 --- a/corp/ops/yandex/rih.tf +++ b/corp/ops/yandex/rih.tf @@ -94,7 +94,7 @@ resource "yandex_serverless_container" "rih_backend" { service_account_id = yandex_iam_service_account.rih_backend.id image { - url = "cr.yandex/crpkcq65tn6bhq6puq2o/rih-backend:9cwnx8jvwjw2ckpqg970p4y7cf74z28j" + url = "cr.yandex/crpkcq65tn6bhq6puq2o/rih-backend:dhgw6c4afancx1a3gac6day0bdgd9qhf" } secrets { @@ -197,6 +197,15 @@ resource "yandex_kms_symmetric_key" "backend_data_key" { } } +resource "yandex_kms_symmetric_key_iam_binding" "rih_encryption_access" { + symmetric_key_id = yandex_kms_symmetric_key.backend_data_key.id + role = "kms.keys.encrypter" + + members = [ + "serviceAccount:${yandex_iam_service_account.rih_backend.id}" + ] +} + resource "yandex_storage_bucket" "rih_backend_data" { access_key = yandex_iam_service_account_static_access_key.rih_sa_static_key.access_key secret_key = yandex_iam_service_account_static_access_key.rih_sa_static_key.secret_key |