fix: enable the KMS key creation

ricardolsmendes · Jun 3, 2024 · 8f7431f · 8f7431f
1 parent 979ed19
commit 8f7431f
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 14 deletions.
diff --git a/infrastructure/environments/dev/main.tf b/infrastructure/environments/dev/main.tf
@@ -23,6 +23,10 @@ module "athena" {
 
   environment                      = var.environment
   athena_query_results_bucket_name = var.athena_query_results_bucket_name
-  data_bucket_id                   = module.core.data_bucket_id
-  silver_database_name             = module.glue.silver_database_name
+  # =====================================================================================
+  # DELETE THIS AND UNCOMMENT THE FOLLOWING LINE TO ENABLE SSE-KMS ENCRYPTION IN S3.
+  # =====================================================================================
+  s3_encryption_key_arn = module.core.s3_encryption_key_arn
+  data_bucket_id        = module.core.data_bucket_id
+  silver_database_name  = module.glue.silver_database_name
 }
diff --git a/infrastructure/modules/core/kms.tf b/infrastructure/modules/core/kms.tf
@@ -11,12 +11,12 @@
 # ACCOUNTS. DELETE THE LINES DELIMITED BY `# =...=` AND UNCOMMENT THE FOLLOWING RESOURCES
 # TO CREATE/ENABLE IT.
 # =======================================================================================
-# resource "aws_kms_key" "s3" {
-#  description         = "This key protects S3 objects tackled by the AWS Glue CI/CD Blueprint"
-#  enable_key_rotation = true
-# }
-#
-# resource "aws_kms_alias" "s3" {
-#  name          = "alias/glue-ci-cd-blueprint/s3-${var.environment}"
-#  target_key_id = aws_kms_key.s3.key_id
-# }
+resource "aws_kms_key" "s3" {
+  description         = "This key protects S3 objects tackled by the AWS Glue CI/CD Blueprint"
+  enable_key_rotation = true
+}
+
+resource "aws_kms_alias" "s3" {
+  name          = "alias/glue-ci-cd-blueprint/s3-${var.environment}"
+  target_key_id = aws_kms_key.s3.key_id
+}
diff --git a/infrastructure/modules/core/outputs.tf b/infrastructure/modules/core/outputs.tf
@@ -5,6 +5,6 @@ output "data_bucket_id" {
 # =======================================================================================
 # THE KMS KEY IS NOT CREATED BY DEFAULT. PLEASE REFER TO `kms.tf` FOR DETAILS.
 # =======================================================================================
-# output "s3_encryption_key_arn" {
-#   value = aws_kms_key.s3.arn
-# }
+output "s3_encryption_key_arn" {
+  value = aws_kms_key.s3.arn
+}