CCM-8572: tidy

Author: harrim91

infrastructure/terraform/components/acct/module_sandbox_kms.tf

@@ -12,31 +12,6 @@ module "kms_sandbox" {
   name            = "sandbox"
   deletion_window = var.kms_deletion_window
   alias           = "alias/${local.csi}-sandbox"
-  # key_policy_documents = [data.aws_iam_policy_document.kms_sandbox.json]
-  iam_delegation = true
-
+  iam_delegation  = true
 }
 
-# data "aws_iam_policy_document" "kms_sandbox" {
-#   statement {
-#     sid    = "AllowEventBridge"
-#     effect = "Allow"
-
-#     principals {
-#       type = "Service"
-
-#       identifiers = [
-#         "events.amazonaws.com",
-#       ]
-#     }
-
-#     actions = [
-#       "kms:Decrypt",
-#       "kms:GenerateDataKey",
-#     ]
-
-#     resources = [
-#       "*",
-#     ]
-#   }
-# }

infrastructure/terraform/components/app/README.md

@@ -36,7 +36,6 @@
 | <a name="input_event_delivery_logging_success_sample_percentage"></a> [event\_delivery\_logging\_success\_sample\_percentage](#input\_event\_delivery\_logging\_success\_sample\_percentage) | Enable caching of events to an S3 bucket | `number` | `0` | no |
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
-| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | ARN of KMS Key used for encrypting application data | `string` | n/a | yes |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_observability_account_id"></a> [observability\_account\_id](#input\_observability\_account\_id) | The Observability Account ID that needs access | `string` | n/a | yes |
 | <a name="input_parent_acct_environment"></a> [parent\_acct\_environment](#input\_parent\_acct\_environment) | Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments | `string` | `"main"` | no |

infrastructure/terraform/components/app/variables.tf

@@ -192,8 +192,3 @@ variable "observability_account_id" {
   type        = string
   description = "The Observability Account ID that needs access"
 }
-
-variable "kms_key_arn" {
-  type        = string
-  description = "ARN of KMS Key used for encrypting application data"
-}