From 7f466cd1e2c30d9a993a0980ff23e2d6a55ce17d Mon Sep 17 00:00:00 2001 From: Jerome Wolff Date: Mon, 12 Jun 2023 13:05:09 +0200 Subject: [PATCH] fix: enable kms key rotation as default (#4) --- README.md | 8 ++++---- main.tf | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ee9e675..0c1b9a8 100644 --- a/README.md +++ b/README.md @@ -84,13 +84,13 @@ No outputs. - resource.aws_cloudwatch_log_metric_filter.main (main.tf#24) - resource.aws_cloudwatch_metric_alarm.main (main.tf#38) -- resource.aws_kms_alias.main (main.tf#69) +- resource.aws_kms_alias.main (main.tf#71) - resource.aws_kms_key.main (main.tf#59) -- resource.aws_sns_topic.main (main.tf#108) -- resource.awscc_chatbot_slack_channel_configuration.main (main.tf#118) +- resource.aws_sns_topic.main (main.tf#110) +- resource.awscc_chatbot_slack_channel_configuration.main (main.tf#120) - data source.aws_caller_identity.current (main.tf#18) - data source.aws_cloudwatch_log_group.cloudtrail (main.tf#20) -- data source.aws_iam_policy_document.kms (main.tf#76) +- data source.aws_iam_policy_document.kms (main.tf#78) # Examples ### Complete diff --git a/main.tf b/main.tf index 999c2b7..f1e9693 100644 --- a/main.tf +++ b/main.tf @@ -59,9 +59,11 @@ resource "aws_cloudwatch_metric_alarm" "main" { resource "aws_kms_key" "main" { count = var.sns_kms_master_key_id == null ? 1 : 0 - description = "KMS key for CloudTrail alerts SNS topic." + description = "KMS key for CloudTrail alerts SNS topic." + policy = data.aws_iam_policy_document.kms[0].json + deletion_window_in_days = 7 - policy = data.aws_iam_policy_document.kms[0].json + enable_key_rotation = true tags = var.tags }