fix: need to add in cipher context to kms encryption op

bryantbiggs · bryantbiggs · commit b230c29fd2a1 · 2020-12-14T14:02:34.000-05:00
diff --git a/modules/rds_enhanced_monitoring_forwarder/main.tf b/modules/rds_enhanced_monitoring_forwarder/main.tf
@@ -5,7 +5,7 @@ locals {
   role_name   = coalesce(var.role_name, var.name)
   policy_name = coalesce(var.policy_name, var.name)
 
-  dd_api_key = try(data.aws_secretsmanager_secret_version.datadog_api_key[0].secret_string, "")
+  dd_api_key  = try(data.aws_secretsmanager_secret_version.datadog_api_key[0].secret_string, "")
   api_app_key = <<EOF
 {"api_key":"${local.dd_api_key}", "app_key":"${var.dd_app_key}"}
 EOF
@@ -155,4 +155,5 @@ resource "aws_kms_ciphertext" "this" {
 
   key_id    = data.aws_kms_key.this[0].id
   plaintext = var.dd_app_key != "" ? local.api_app_key : local.api_key
+  context   = { LambdaFunctionName = var.name }
 }
diff --git a/modules/vpc_flow_log_forwarder/main.tf b/modules/vpc_flow_log_forwarder/main.tf
@@ -5,7 +5,7 @@ locals {
   role_name   = coalesce(var.role_name, var.name)
   policy_name = coalesce(var.policy_name, var.name)
 
-  dd_api_key = try(data.aws_secretsmanager_secret_version.datadog_api_key[0].secret_string, "")
+  dd_api_key  = try(data.aws_secretsmanager_secret_version.datadog_api_key[0].secret_string, "")
   api_app_key = <<EOF
 {"api_key":"${local.dd_api_key}", "app_key":"${var.dd_app_key}"}
 EOF
@@ -166,7 +166,7 @@ data "aws_secretsmanager_secret_version" "datadog_api_key" {
 resource "aws_kms_ciphertext" "this" {
   count = var.create ? 1 : 0
 
-  key_id = data.aws_kms_key.this[0].id
-
+  key_id    = data.aws_kms_key.this[0].id
   plaintext = var.dd_app_key != "" ? local.api_app_key : local.api_key
+  context   = { LambdaFunctionName = var.name }
 }
