CCL-438 update kms policy to use single statement

UKHomeOffice · Sep 9, 2024 · dd31235 · dd31235
1 parent a8c10a2
commit dd31235
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 8 deletions.
diff --git a/modules/products/static-site/iam.tf b/modules/products/static-site/iam.tf
@@ -92,7 +92,7 @@ data "aws_iam_policy_document" "static_site_policy_document" {
     ]
 
     resources = [
-      aws_kms_key.static_site_kms_test.arn,
+      aws_kms_key.static_site_kms.arn,
     ]
   }
   statement {

diff --git a/modules/products/static-site/kms.tf b/modules/products/static-site/kms.tf
@@ -1,10 +1,10 @@
-resource "aws_kms_key" "static_site_kms_test" {
+resource "aws_kms_key" "static_site_kms" {
   enable_key_rotation = true
   tags                = local.common_tags
 }
 
 resource "aws_kms_key_policy" "static_site_kms_policy" {
-  key_id = aws_kms_key.static_site_kms_test.id
+  key_id = aws_kms_key.static_site_kms.id
   policy = jsonencode({
     Version = "2012-10-17"
     Id      = "static_site_kms_policy"
@@ -18,8 +18,6 @@ resource "aws_kms_key_policy" "static_site_kms_policy" {
         }
         Resource = ["*"]
       },
-    ]
-    Statement = [
       {
         Sid = "CloudFrontServiceKmsPolicy"
         Action = [
@@ -39,7 +37,7 @@ resource "aws_kms_key_policy" "static_site_kms_policy" {
           values   = [aws_cloudfront_distribution.static_site_distribution.arn]
         }
       },
-    ]
-  })
+    ]  
+   })
 }
 
diff --git a/modules/products/static-site/storage.tf b/modules/products/static-site/storage.tf
@@ -24,7 +24,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "static_site_encry
   bucket = aws_s3_bucket.static_site.id
   rule {
     apply_server_side_encryption_by_default {
-      kms_master_key_id = aws_kms_key.static_site_kms_test.arn
+      kms_master_key_id = aws_kms_key.static_site_kms.arn
       sse_algorithm     = "aws:kms"
     }
     bucket_key_enabled = true