how to configure KMSVerifyPolicy and KMSSignPolicy

[deafwolf]

I've written a couple of lambda functions for signing and verifying, but I can't configure a policy for the functions, right now there's only KMSDecryptPolicy and KMSEncryptPolicy, no KMSVerifyPolicy or KMSSignPolicy.

I can only configure lambda functions as user on kms gui now.

Is there a better way to do this, or should I implement KMSVerifyPolicy and KMSSignPolicy?

[GavinZZ]

Hi @deafwolf thanks for creating an issue. Unfortunately, the workaround currently would be manually defining the Lambda Function role and IAM policy with proper permissions you want.

We welcome contribution and would love to see a PR if you're willing to. FYI, policy template PRs will go through security reviews and may take a while, but we will keep you updated on PR if you decide to implement them.