Merge pull request #22 from mitre/groups

v0.16.1
mitre · Sep 27, 2021 · e355e54 · e355e54
2 parents 39d49dd + 1e69ae6
commit e355e54
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 17 deletions.
diff --git a/main.tf b/main.tf
@@ -54,21 +54,6 @@ resource "null_resource" "push_image" {
   }
 }
 
-##
-# KMS key for encrypting lambda log data
-#
-# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key
-#
-resource "aws_kms_key" "ServerlessInSpecLogsKmsKey" {
-  description             = "The KMS key used to encrypt ConfigToHdf's logs"
-  deletion_window_in_days = 10
-  enable_key_rotation     = true
-
-  tags = {
-    Name = "ServerlessInSpecLogsKmsKey"
-  }
-}
-
 ##
 # InSpec Lambda function
 #
@@ -92,7 +77,7 @@ module "serverless-inspec-lambda" {
   vpc_subnet_ids         = var.subnet_ids
   vpc_security_group_ids = var.security_groups
 
-  cloudwatch_logs_kms_key_id        = aws_kms_key.ServerlessInSpecLogsKmsKey.key_id
+  cloudwatch_logs_kms_key_id        = var.cloudwatch_logs_kms_key_id
   cloudwatch_logs_retention_in_days = 30
 
   create_package = false

diff --git a/variables.tf b/variables.tf
@@ -23,6 +23,12 @@ variable "lambda_role_arn" {
   default = ""
 }
 
+variable "cloudwatch_logs_kms_key_id" {
+  description = "The ARN of the KMS key to use for lambda log encryption."
+  type        = string
+  default     = null
+}
+
 variable "lambda_name" {
   description = "The name of the lambda function"
   type = string

diff --git a/version b/version
@@ -1 +1 @@
-0.16.0
+0.16.1