diff --git a/terraform/account/region/dynamodb.tf b/terraform/account/region/dynamodb.tf index fc0f561ec4..b54fce62b6 100644 --- a/terraform/account/region/dynamodb.tf +++ b/terraform/account/region/dynamodb.tf @@ -16,11 +16,6 @@ resource "aws_dynamodb_table" "workspace_cleanup_table" { enabled = true } - server_side_encryption { - enabled = true - kms_key_arn = module.dynamodb_kms.eu_west_1_target_key_arn - } - lifecycle { prevent_destroy = false } @@ -76,11 +71,6 @@ resource "aws_dynamodb_table" "blocked_ips_table" { enabled = true } - # server_side_encryption { - # enabled = true - # kms_key_arn = module.dynamodb_kms.eu_west_1_target_key_arn - # } - lifecycle { prevent_destroy = false } diff --git a/terraform/account/region/elasticache.tf b/terraform/account/region/elasticache.tf index 995983fcfe..1088d111ac 100644 --- a/terraform/account/region/elasticache.tf +++ b/terraform/account/region/elasticache.tf @@ -27,10 +27,9 @@ resource "aws_elasticache_replication_group" "cache_api" { } resource "aws_security_group" "cache_api_sg" { - name = "${var.account.name}-account-cache-api" - vpc_id = aws_vpc.main.id - tags = merge(var.default_tags, { Name = "${var.account.name}-account-cache--api" }) - description = "cache api - ${var.account.name}" + name = "${var.account.name}-account-cache-api" + vpc_id = aws_vpc.main.id + tags = merge(var.default_tags, { Name = "${var.account.name}-account-cache--api" }) lifecycle { create_before_destroy = true @@ -64,10 +63,9 @@ resource "aws_elasticache_replication_group" "front_api" { } resource "aws_security_group" "cache_front_sg" { - name = "${var.account.name}-account-cache-frontend" - vpc_id = aws_vpc.main.id - description = "cache front - ${var.account.name}" - tags = merge(var.default_tags, { Name = "${var.account.name}-account-cache-frontend" }) + name = "${var.account.name}-account-cache-frontend" + vpc_id = aws_vpc.main.id + tags = merge(var.default_tags, { Name = "${var.account.name}-account-cache-frontend" }) lifecycle { create_before_destroy = true diff --git a/terraform/account/region/kms_service_dynamo.tf b/terraform/account/region/kms_service_dynamo.tf deleted file mode 100644 index 6f8f4035ac..0000000000 --- a/terraform/account/region/kms_service_dynamo.tf +++ /dev/null @@ -1,56 +0,0 @@ -##### Shared KMS key for DynamoDB ##### - -# Account dynamodb encryption -module "dynamodb_kms" { - source = "./modules/kms_key" - encrypted_resource = "DynamoDB" - kms_key_alias_name = "digideps_dynamodb_encryption_key" - enable_key_rotation = true - enable_multi_region = false - deletion_window_in_days = 10 - kms_key_policy = var.account.name == "development" ? data.aws_iam_policy_document.kms_dynamodb_merged_for_development.json : data.aws_iam_policy_document.kms_dynamodb_merged.json - providers = { - aws.eu_west_1 = aws.eu_west_1 - aws.eu_west_2 = aws.eu_west_2 - } -} - -# Policies -data "aws_iam_policy_document" "kms_dynamodb_merged_for_development" { - provider = aws.global - source_policy_documents = [ - data.aws_iam_policy_document.kms_dynamodb.json, - data.aws_iam_policy_document.kms_base_permissions.json, - data.aws_iam_policy_document.kms_development_account_operator_admin.json - ] -} - -data "aws_iam_policy_document" "kms_dynamodb_merged" { - provider = aws.global - source_policy_documents = [ - data.aws_iam_policy_document.kms_dynamodb.json, - data.aws_iam_policy_document.kms_base_permissions.json - ] -} - -data "aws_iam_policy_document" "kms_dynamodb" { - statement { - sid = "Allow Key to be used for Encryption by DynamoDB" - effect = "Allow" - resources = ["*"] - actions = [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ] - - principals { - type = "Service" - identifiers = [ - "dynamodb.amazonaws.com" - ] - } - } -}