NRL-1187 pull correct kms key

jackleary · jackleary · commit 4c8322b4b7e9 · 2024-12-30T17:22:19.000Z
diff --git a/terraform/infrastructure/data.tf b/terraform/infrastructure/data.tf
@@ -46,3 +46,7 @@ data "aws_s3_bucket" "source-data-bucket" {
   count  = local.is_dev_env ? 1 : 0
   bucket = "${local.shared_prefix}-source-data-bucket"
 }
+
+data "aws_kms_key" "glue" {
+  count = local.is_dev_env ? 1 : 0
+}
diff --git a/terraform/infrastructure/firehose.tf b/terraform/infrastructure/firehose.tf
@@ -9,5 +9,6 @@ module "firehose__processor" {
   splunk_index           = local.splunk_index
   destination            = "splunk"
   reporting_bucket_arn   = local.reporting_bucket_arn
+  reporting_kms_arn      = local.reporting_kms_arn
   reporting_infra_toggle = local.is_dev_env
 }
diff --git a/terraform/infrastructure/locals.tf b/terraform/infrastructure/locals.tf
@@ -30,6 +30,7 @@ locals {
 
   # Logic / vars for reporting
   reporting_bucket_arn = local.is_dev_env ? data.aws_s3_bucket.source-data-bucket[0].arn : null
+  reporting_kms_arn    = local.is_dev_env ? data.aws_kms_key.glue[0].arn : null
   firehose_lambda_subscriptions = local.is_dev_env ? [
     module.firehose__processor.firehose_subscription,
     module.firehose__processor.firehose_reporting_subscription
diff --git a/terraform/infrastructure/modules/firehose/locals.tf b/terraform/infrastructure/modules/firehose/locals.tf
@@ -40,11 +40,9 @@ locals {
     firehose_reporting_stream_arn = var.reporting_infra_toggle ? aws_kinesis_firehose_delivery_stream.reporting_stream[0].arn : null
   }
 
-  iam_kms_resources = var.reporting_infra_toggle ? [
+  iam_kms_resources = compact([
     aws_kms_key.firehose.arn,
-    aws_kms_key.glue.arn,
-    ] : [
-    aws_kms_key.firehose.arn,
-  ]
+    data.aws_kms_key.glue.arn
+  ])
 
 }
diff --git a/terraform/infrastructure/modules/firehose/vars.tf b/terraform/infrastructure/modules/firehose/vars.tf
@@ -40,6 +40,11 @@ variable "reporting_bucket_arn" {
   default = null
 }
 
+variable "reporting_kms_arn" {
+  type    = string
+  default = null
+}
+
 variable "reporting_infra_toggle" {
   type = bool
 }

Original file line number	Diff line number	Diff line change
`@@ -46,3 +46,7 @@ data "aws_s3_bucket" "source-data-bucket" {`
`46`	`46`	`count = local.is_dev_env ? 1 : 0`
`47`	`47`	`bucket = "${local.shared_prefix}-source-data-bucket"`
`48`	`48`	`}`
	`49`	`+`
	`50`	`+data "aws_kms_key" "glue" {`
	`51`	`+ count = local.is_dev_env ? 1 : 0`
	`52`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -9,5 +9,6 @@ module "firehose__processor" {`
`9`	`9`	`splunk_index = local.splunk_index`
`10`	`10`	`destination = "splunk"`
`11`	`11`	`reporting_bucket_arn = local.reporting_bucket_arn`
	`12`	`+ reporting_kms_arn = local.reporting_kms_arn`
`12`	`13`	`reporting_infra_toggle = local.is_dev_env`
`13`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,11 +40,9 @@ locals {`
`40`	`40`	`firehose_reporting_stream_arn = var.reporting_infra_toggle ? aws_kinesis_firehose_delivery_stream.reporting_stream[0].arn : null`
`41`	`41`	`}`
`42`	`42`
`43`		`- iam_kms_resources = var.reporting_infra_toggle ? [`
	`43`	`+ iam_kms_resources = compact([`
`44`	`44`	`aws_kms_key.firehose.arn,`
`45`		`- aws_kms_key.glue.arn,`
`46`		`- ] : [`
`47`		`- aws_kms_key.firehose.arn,`
`48`		`- ]`
	`45`	`+ data.aws_kms_key.glue.arn`
	`46`	`+ ])`
`49`	`47`
`50`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,11 @@ variable "reporting_bucket_arn" {`
`40`	`40`	`default = null`
`41`	`41`	`}`
`42`	`42`
	`43`	`+variable "reporting_kms_arn" {`
	`44`	`+ type = string`
	`45`	`+ default = null`
	`46`	`+}`
	`47`	`+`
`43`	`48`	`variable "reporting_infra_toggle" {`
`44`	`49`	`type = bool`
`45`	`50`	`}`