我的帐户位于us-west-2地区。并且在该帐户中创建的KMS密钥具有ARN arn:aws:kms:us-east-1 :: key /。在我的节点模块中,我使用Credstash来解密使用KMS密钥加密的密钥。
var credstash = new Credstash({ 'table': 'tablename', 'awsOpts': { 'region':'region' } });
let secret = credstash.getSecret({name: 'keyname'}).then(result =>{
console.log(result);
});;
我正处于异常之下。
"The ciphertext refers to a customer master key that does not exist,
does not exist in this region, or you are not allowed to access"
以下是sls文件中的IAM策略。
Effect: "Allow"
Action: ["kms:Decrypt"]
Resource: [
Fn::Join: ["", [ "arn:aws:kms:us-east-1:accountid:key/",{"Fn::Sub": "kmskey"}]]
]
解决此问题的任何指示都会有很大帮助
答案 0 :(得分:0)
请使用以下
new Credstash({ 'table': <table-name>, 'awsOpts' : { 'region': 'us-west-2' }, 'kmsOpts': { 'region' : 'us-east-1'}} )