From 2f710d5b20b7a174166409a433ee9eeb8a19fd1e Mon Sep 17 00:00:00 2001
From: Justin Kufro <jkufro@mitre.org>
Date: Mon, 27 Sep 2021 09:18:42 -0600
Subject: [PATCH] allow logs KMS key to be passed via variable

---
 main.tf      | 18 ++++--------------
 variables.tf |  6 ++++++
 version      |  2 +-
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/main.tf b/main.tf
index 2a056ef..5f8832e 100644
--- a/main.tf
+++ b/main.tf
@@ -45,19 +45,9 @@ resource "aws_kms_key" "HeimdallPassKmsKey" {
   }
 }
 
-##
-# KMS key for encrypting lambda log data
-#
-# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key
-#
-resource "aws_kms_key" "ServerlessHeimdallPusherLogsKmsKey" {
-  description             = "The KMS key used to encrypt ConfigToHdf's logs"
-  deletion_window_in_days = 10
-  enable_key_rotation     = true
-
-  tags = {
-    Name = "ServerlessHeimdallPusherLogsKmsKey"
-  }
+resource "aws_kms_alias" "HeimdallPusherPassKmsKey" {
+  name          = "alias/HeimdallPusherPassKmsKey"
+  target_key_id = aws_kms_key.HeimdallPassKmsKey.key_id
 }
 
 ##
@@ -195,7 +185,7 @@ module "serverless-heimdall-pusher-lambda" {
   image_uri      = "${aws_ecr_repository.mitre_heimdall_pusher.repository_url}:${local.image_version}"
   package_type   = "Image"
 
-  cloudwatch_logs_kms_key_id        = aws_kms_key.ServerlessHeimdallPusherLogsKmsKey.key_id
+  cloudwatch_logs_kms_key_id        = var.cloudwatch_logs_kms_key_id
   cloudwatch_logs_retention_in_days = 30
 
   environment_variables = {
diff --git a/variables.tf b/variables.tf
index 67b4e11..765aa9d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -32,6 +32,12 @@ variable "results_bucket_source_account_id" {
   default     = null
 }
 
+variable "cloudwatch_logs_kms_key_id" {
+  description = "The ARN of the KMS key to use for lambda log encryption."
+  type        = string
+  default     = null
+}
+
 variable "subnet_ids" {
   description = "The subnet ids to deploy the lambda to."
   type        = list(string)
diff --git a/version b/version
index 341cf11..7dff5b8 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-0.2.0
\ No newline at end of file
+0.2.1
\ No newline at end of file