Merge pull request #31 from confusdcodr/key-rotation

Update kms integration and enable key rotation
plus3it · Jan 2, 2020 · a86dc88 · a86dc88
2 parents ae4b677 + eb16947
commit a86dc88
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 6 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2.2.1
+current_version = 2.2.2
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### 2.2.2
+
+**Released**: 2020.01.02
+
+**Commit Delta**: [Change from 2.1.0 release](https://github.com/plus3it/terraform-aws-tardigrade-cloudtrail/compare/2.2.1...2.2.2)
+
+**Summary**:
+
+*   Update kms module version and add key-rotation variable
+
 ### 2.2.1
 
 **Released**: 2020.01.02

diff --git a/main.tf b/main.tf
@@ -2,23 +2,26 @@ provider "aws" {}
 
 ### LOCALS ###
 locals {
+  # cloudwatch log group integration
   create_log_group            = var.cloud_watch_logs_group_name == null
   cloud_watch_logs_group_name = local.create_log_group ? "/aws/cloudtrail/${format("%v", var.cloudtrail_name)}" : var.cloud_watch_logs_group_name
   cloud_watch_logs_group_arn  = local.create_log_group ? join("", aws_cloudwatch_log_group.this.*.arn) : data.aws_cloudwatch_log_group.this[0].arn
 
   create_log_group_role     = var.cloud_watch_logs_role_arn == null
   cloud_watch_logs_role_arn = local.create_log_group_role ? join("", aws_iam_role.this.*.arn) : var.cloud_watch_logs_role_arn
 
-  kms_key_alias  = "terraform-cloudtrail-kms-key"
+  # kms integration
   create_kms_key = var.create_cloudtrail && var.kms_key_id == null
+  kms_key_alias  = "terraform-cloudtrail-kms-key"
   kms_key_id     = local.create_kms_key ? module.kms.keys[local.kms_key_alias].arn : var.kms_key_id
   kms_key_policy = local.create_kms_key ? data.aws_iam_policy_document.kms_key_policy[0].json : ""
 
   keys = [
     {
-      alias       = local.kms_key_alias,
-      description = local.kms_key_alias,
-      policy      = local.kms_key_policy
+      alias               = local.kms_key_alias,
+      description         = local.kms_key_alias,
+      policy              = local.kms_key_policy,
+      enable_key_rotation = true
     }
   ]
 }
@@ -59,7 +62,7 @@ resource "aws_iam_policy_attachment" "this" {
 }
 
 module "kms" {
-  source = "git::https://github.com/plus3it/terraform-aws-tardigrade-kms.git?ref=0.0.1"
+  source = "git::https://github.com/plus3it/terraform-aws-tardigrade-kms.git?ref=0.0.2"
 
   providers = {
     aws = aws