From f931d9f39dd92e23d743be8e4383abc7d639cf01 Mon Sep 17 00:00:00 2001 From: Ao Zhang Date: Tue, 31 Oct 2023 14:15:12 -0700 Subject: [PATCH] [repeat #118]Pass in KMS key for Cloud Watch --- main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/main.tf b/main.tf index aa37d35..5a6d635 100644 --- a/main.tf +++ b/main.tf @@ -1061,6 +1061,9 @@ resource "aws_cloudwatch_log_group" "agentless_scan_log_group" { count = var.regional ? 1 : 0 name = "/ecs/${aws_ecs_cluster.agentless_scan_ecs_cluster[0].name}" retention_in_days = 14 + # the KMS will need to allow the log group to use it. + # See https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html + kms_key_id = var.secretsmanager_kms_key_id } resource "aws_cloudwatch_event_rule" "agentless_scan_event_rule" {