wso2 · chirangaalwis · Sep 3, 2024 · Sep 3, 2024 · Sep 3, 2024
diff --git a/modules/aws/EKS-Cluster/eks.tf b/modules/aws/EKS-Cluster/eks.tf
@@ -27,7 +27,7 @@ resource "aws_eks_cluster" "eks_cluster" {
     endpoint_private_access = var.endpoint_private_access
     endpoint_public_access  = var.endpoint_public_access
     public_access_cidrs     = var.public_access_cidrs
-    subnet_ids              = len(var.cluster_subnet_ids) == 0 ? aws_subnet.eks_subnet[*].id : var.cluster_subnet_ids
+    subnet_ids              = length(var.cluster_subnet_ids) == 0 ? aws_subnet.eks_subnet[*].id : var.cluster_subnet_ids
   }
 
   dynamic "encryption_config" {

diff --git a/modules/aws/EKS-Cluster/variables.tf b/modules/aws/EKS-Cluster/variables.tf
@@ -112,6 +112,7 @@ variable "enable_cloudwatch_agent" {
 variable "cluster_iam_role_arn" {
   type        = string
   description = "IAM Role ARN for the EKS Cluster"
+  default     = null
 }
 variable "cluster_subnet_ids" {
   type        = list(string)

diff --git a/modules/aws/IAM-User-Policy-Attatchment/iam_user_policy_attachment.tf b/modules/aws/IAM-User-Policy-Attatchment/iam_user_policy_attachment.tf
@@ -11,5 +11,5 @@
 
 resource "aws_iam_user_policy_attachment" "iam_user_policy_attachment" {
   policy_arn = var.iam_policy_arn
-  role       = var.iam_user_name
+  user       = var.iam_user_name
 }
diff --git a/modules/aws/S3-Account/s3_account.tf b/modules/aws/S3-Account/s3_account.tf
@@ -28,7 +28,9 @@ resource "aws_s3_bucket_acl" "bucket_acl" {
 # trivy:ignore:AVD-AWS-0090
 resource "aws_s3_bucket_versioning" "s3_bucket_versioning" {
   bucket  = aws_s3_bucket.s3_bucket.id
-  enabled = var.versioning_enabled
+  versioning_configuration {
+    status = var.versioning_enabled ? "Enabled" : "Suspended"
+  }
 }
 
 # Ignore: AVD-AWS-0087 (https://avd.aquasec.com/misconfig/avd-aws-0087)
@@ -50,7 +52,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "s3_bucket_server_
 
   rule {
     apply_server_side_encryption_by_default {
-      kms_master_key_id = var.server_side_encryption.key_id
+      kms_master_key_id = var.server_side_encryption.kms_key_id
       sse_algorithm     = var.server_side_encryption.algorithm
     }
   }

diff --git a/modules/aws/S3-Account/variables.tf b/modules/aws/S3-Account/variables.tf
@@ -47,7 +47,7 @@ variable "restrict_public_buckets" {
 variable "server_side_encryption" {
   type = object({
     algorithm  = string
-    kms_key_id = optional(string)
+    kms_key_id = optional(string, null)
   })
   description = "Server side encryption to be applied to the bucket"
   default = {