NRL-1187 update kms reosurces

jackleary · jackleary · commit 12f5e13fb867 · 2024-12-30T16:20:47.000Z
diff --git a/terraform/infrastructure/modules/firehose/iam_firehose.tf b/terraform/infrastructure/modules/firehose/iam_firehose.tf
@@ -44,9 +44,7 @@ data "aws_iam_policy_document" "firehose" {
       "kms:Decrypt",
     ]
 
-    resources = [
-      aws_kms_key.firehose.arn,
-    ]
+    resources = local.iam_kms_resources
   }
   statement {
     actions = [
diff --git a/terraform/infrastructure/modules/firehose/locals.tf b/terraform/infrastructure/modules/firehose/locals.tf
@@ -40,4 +40,11 @@ locals {
     firehose_reporting_stream_arn = var.reporting_infra_toggle ? aws_kinesis_firehose_delivery_stream.reporting_stream[0].arn : null
   }
 
+  iam_kms_resources = var.reporting_infra_toggle ? [
+    aws_kms_key.firehose.arn,
+    aws_kms_key.glue.arn,
+    ] : [
+    aws_kms_key.firehose.arn,
+  ]
+
 }

Original file line number	Diff line number	Diff line change
`@@ -44,9 +44,7 @@ data "aws_iam_policy_document" "firehose" {`
`44`	`44`	`"kms:Decrypt",`
`45`	`45`	`]`
`46`	`46`
`47`		`- resources = [`
`48`		`- aws_kms_key.firehose.arn,`
`49`		`- ]`
	`47`	`+ resources = local.iam_kms_resources`
`50`	`48`	`}`
`51`	`49`	`statement {`
`52`	`50`	`actions = [`
Original file line number	Diff line number	Diff line change
`@@ -40,4 +40,11 @@ locals {`
`40`	`40`	`firehose_reporting_stream_arn = var.reporting_infra_toggle ? aws_kinesis_firehose_delivery_stream.reporting_stream[0].arn : null`
`41`	`41`	`}`
`42`	`42`
	`43`	`+ iam_kms_resources = var.reporting_infra_toggle ? [`
	`44`	`+ aws_kms_key.firehose.arn,`
	`45`	`+ aws_kms_key.glue.arn,`
	`46`	`+ ] : [`
	`47`	`+ aws_kms_key.firehose.arn,`
	`48`	`+ ]`
	`49`	`+`
`43`	`50`	`}`