From 1a96b69c45ebd234119f2745afc72fb17db1ab42 Mon Sep 17 00:00:00 2001 From: Ranika Madurawe Date: Tue, 3 Sep 2024 21:36:54 +0530 Subject: [PATCH 1/2] Update S3 Account details --- modules/aws/EKS-Cluster/eks.tf | 2 +- modules/aws/EKS-Cluster/variables.tf | 1 + .../iam_user_policy_attachment.tf | 2 +- modules/aws/S3-Account/s3_account.tf | 6 ++++-- modules/aws/S3-Account/variables.tf | 2 +- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/modules/aws/EKS-Cluster/eks.tf b/modules/aws/EKS-Cluster/eks.tf index 15e5d87..21269a3 100644 --- a/modules/aws/EKS-Cluster/eks.tf +++ b/modules/aws/EKS-Cluster/eks.tf @@ -27,7 +27,7 @@ resource "aws_eks_cluster" "eks_cluster" { endpoint_private_access = var.endpoint_private_access endpoint_public_access = var.endpoint_public_access public_access_cidrs = var.public_access_cidrs - subnet_ids = len(var.cluster_subnet_ids) == 0 ? aws_subnet.eks_subnet[*].id : var.cluster_subnet_ids + subnet_ids = length(var.cluster_subnet_ids) == 0 ? aws_subnet.eks_subnet[*].id : var.cluster_subnet_ids } dynamic "encryption_config" { diff --git a/modules/aws/EKS-Cluster/variables.tf b/modules/aws/EKS-Cluster/variables.tf index 272ee24..281ca3b 100644 --- a/modules/aws/EKS-Cluster/variables.tf +++ b/modules/aws/EKS-Cluster/variables.tf @@ -112,6 +112,7 @@ variable "enable_cloudwatch_agent" { variable "cluster_iam_role_arn" { type = string description = "IAM Role ARN for the EKS Cluster" + default = null } variable "cluster_subnet_ids" { type = list(string) diff --git a/modules/aws/IAM-User-Policy-Attatchment/iam_user_policy_attachment.tf b/modules/aws/IAM-User-Policy-Attatchment/iam_user_policy_attachment.tf index aa44b4c..a768c8d 100644 --- a/modules/aws/IAM-User-Policy-Attatchment/iam_user_policy_attachment.tf +++ b/modules/aws/IAM-User-Policy-Attatchment/iam_user_policy_attachment.tf @@ -11,5 +11,5 @@ resource "aws_iam_user_policy_attachment" "iam_user_policy_attachment" { policy_arn = var.iam_policy_arn - role = var.iam_user_name + user = var.iam_user_name } diff --git a/modules/aws/S3-Account/s3_account.tf b/modules/aws/S3-Account/s3_account.tf index 63d4745..4a190ae 100644 --- a/modules/aws/S3-Account/s3_account.tf +++ b/modules/aws/S3-Account/s3_account.tf @@ -28,7 +28,9 @@ resource "aws_s3_bucket_acl" "bucket_acl" { # trivy:ignore:AVD-AWS-0090 resource "aws_s3_bucket_versioning" "s3_bucket_versioning" { bucket = aws_s3_bucket.s3_bucket.id - enabled = var.versioning_enabled + versioning_configuration { + status = var.versioning_enabled ? "Enabled" : "Suspended" + } } # Ignore: AVD-AWS-0087 (https://avd.aquasec.com/misconfig/avd-aws-0087) @@ -50,7 +52,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "s3_bucket_server_ rule { apply_server_side_encryption_by_default { - kms_master_key_id = var.server_side_encryption.key_id + kms_master_key_id = var.server_side_encryption.kms_key_id sse_algorithm = var.server_side_encryption.algorithm } } diff --git a/modules/aws/S3-Account/variables.tf b/modules/aws/S3-Account/variables.tf index 19eb825..31432aa 100644 --- a/modules/aws/S3-Account/variables.tf +++ b/modules/aws/S3-Account/variables.tf @@ -47,7 +47,7 @@ variable "restrict_public_buckets" { variable "server_side_encryption" { type = object({ algorithm = string - kms_key_id = optional(string) + kms_key_id = optional(string, null) }) description = "Server side encryption to be applied to the bucket" default = { From 6cd25279d0cdbed801fe0329a5b6ada4daef27e3 Mon Sep 17 00:00:00 2001 From: Ranika Madurawe Date: Tue, 3 Sep 2024 21:44:32 +0530 Subject: [PATCH 2/2] Fix formatting issues --- modules/aws/S3-Account/s3_account.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/aws/S3-Account/s3_account.tf b/modules/aws/S3-Account/s3_account.tf index 4a190ae..2c416a0 100644 --- a/modules/aws/S3-Account/s3_account.tf +++ b/modules/aws/S3-Account/s3_account.tf @@ -27,7 +27,7 @@ resource "aws_s3_bucket_acl" "bucket_acl" { # Reason: Versioning has been enabled as a parameter with default value true # trivy:ignore:AVD-AWS-0090 resource "aws_s3_bucket_versioning" "s3_bucket_versioning" { - bucket = aws_s3_bucket.s3_bucket.id + bucket = aws_s3_bucket.s3_bucket.id versioning_configuration { status = var.versioning_enabled ? "Enabled" : "Suspended" }