Skip to content

Commit

Permalink
Add KMS-CMK and KMS policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@franklinpashok
franklinpashok committed Feb 21, 2024
1 parent 5dcaff1 commit 8cf79b1
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
4 changes: 2 additions & 2 deletions modules/logging_configuration/local.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# tflint-ignore: terraform_unused_declarations
locals {
cloudwatch_log_group_name = var.enable_logging ? (var.override_cloudwatch_log_group_name != "" ? var.override_cloudwatch_log_group_name : aws_cloudwatch_log_group.cloudwatch_log_group[0].arn) : ""
account_id = data.aws_caller_identity.current.account_id
aws_region = data.aws_region.current.name
account_id = data.aws_caller_identity.current.account_id
aws_region = data.aws_region.current.name
}
1 change: 1 addition & 0 deletions modules/logging_configuration/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ resource "aws_verifiedaccess_instance_logging_configuration" "this" {

}

#checkov:skip=CKV_AWS_338:Ensure CloudWatch log groups retains logs for at least 1 year
resource "aws_cloudwatch_log_group" "cloudwatch_log_group" {

Check failure on line 32 in modules/logging_configuration/main.tf

View workflow job for this annotation

GitHub Actions / ci / Security Checks 

CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
count = var.create_cloudwatch_log_group && var.enable_logging ? 1 : 0
name = var.cloudwatch_log_group_name
Expand Down

0 comments on commit 8cf79b1

Please sign in to comment.