[NRL-853] Fix perms errors with AWSCC resources for backup restore testing

Author: mattdean3-nhs

terraform/account-wide-infrastructure/dev/main.tf

@@ -10,7 +10,14 @@ provider "aws" {
       workspace    = terraform.workspace
     }
   }
+}
+
+provider "awscc" {
+  region = local.region
 
+  assume_role = {
+    role_arn = "arn:aws:iam::${var.assume_account}:role/${var.assume_role}"
+  }
 }
 
 terraform {

…ource/backup_restore_testing.tf_disabled …/backup-source/backup_restore_testing.tfterraform/account-wide-infrastructure/modules/backup-source/backup_restore_testing.tf_disabled renamed to terraform/account-wide-infrastructure/modules/backup-source/backup_restore_testing.tf terraform/account-wide-infrastructure/modules/backup-source/backup_restore_testing.tf_disabled renamed to terraform/account-wide-infrastructure/modules/backup-source/backup_restore_testing.tf

@@ -25,8 +25,11 @@ data "aws_iam_policy_document" "backup_key_policy" {
   statement {
     sid = "EnableIAMUserPermissions"
     principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", data.aws_caller_identity.current.arn]
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
+        var.terraform_role_arn
+      ]
     }
     actions   = ["kms:*"]
     resources = ["*"]

terraform/account-wide-infrastructure/modules/backup-source/kms.tf

@@ -11,6 +11,6 @@ variable "enable_bucket_force_destroy" {
 
 variable "enable_backups" {
   type        = bool
-  descirption = "enable AWS cloud backups"
+  description = "enable AWS cloud backups"
   default     = false
 }