fix: kms policy fixed (#55)

* fix: kms policy fixed * tflint error fixed
clouddrove · Sep 15, 2023 · a95d8c8 · a95d8c8
1 parent 7d9828a
commit a95d8c8
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 12 deletions.
diff --git a/_example/complete/example.tf b/_example/complete/example.tf
@@ -2,7 +2,7 @@
 ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
 ####----------------------------------------------------------------------------------
 provider "aws" {
-  region = "eu-west-1"
+  region = "us-west-1"
 }
 
 locals {
@@ -31,7 +31,7 @@ module "public_subnets" {
   name               = "public-subnet"
   environment        = local.environment
   label_order        = local.label_order
-  availability_zones = ["eu-west-1b", "eu-west-1c"]
+  availability_zones = ["us-west-1b", "us-west-1c"]
   vpc_id             = module.vpc.vpc_id
   cidr_block         = module.vpc.vpc_cidr_block
   type               = "public"
@@ -91,7 +91,7 @@ module "ec2" {
   ssh_allowed_ports = [22]
   #Instance
   instance_count = 1
-  ami            = "ami-08d658f84a6d84a80"
+  ami            = "ami-0f8e81a3da6e2510a"
   instance_type  = "t2.nano"
 
   #Keypair

diff --git a/main.tf b/main.tf
@@ -120,6 +120,8 @@ resource "aws_kms_key" "default" {
   tags                     = module.labels.tags
 }
 
+data "aws_caller_identity" "this" {}
+
 resource "aws_kms_alias" "default" {
   count         = var.enable && var.kms_key_enabled && var.kms_key_id == "" ? 1 : 0
   name          = coalesce(var.alias, format("alias/%v", module.labels.id))
@@ -133,12 +135,11 @@ data "aws_iam_policy_document" "kms" {
     effect = "Allow"
     principals {
       type        = "AWS"
-      identifiers = ["*"]
+      identifiers = [format("arn:aws:iam::%s:root", data.aws_caller_identity.this.account_id)]
     }
     actions   = ["kms:*"]
     resources = ["*"]
   }
-
 }
 
 ##----------------------------------------------------------------------------------

diff --git a/variables.tf b/variables.tf
@@ -234,7 +234,7 @@ variable "cpu_core_count" {
 
 variable "iam_instance_profile" {
   type        = string
-  default     = ""
+  default     = null
   description = "The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile."
 }
 
@@ -495,12 +495,6 @@ variable "public_key" {
   sensitive   = true
 }
 
-variable "key_path" {
-  type        = string
-  default     = ""
-  description = "Name  (e.g. `~/.ssh/id_rsa.pub`)."
-}
-
 ###### spot
 variable "spot_instance_enabled" {
   type        = bool