Updated

CSVD · Jul 23, 2024 · 356b04d · 356b04d
1 parent a110047
commit 356b04d
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 15 deletions.
diff --git a/iam_policy.tf b/iam_policy.tf
@@ -85,7 +85,7 @@ resource "aws_iam_policy" "rhel_x86_codepipeline_permissions" {
           "kms:GenerateDataKey",
           "kms:DescribeKey"
         ],
-        Resource = aws_kms_key.rhel_x86_codepipeline_key.arn
+        Resource = "arn:aws-us-gov:kms:us-gov-west-1:229685449397:key/${aws_kms_key.rhel_x86_codepipeline_key.id}"
       },
       {
         Effect = "Allow",
@@ -168,7 +168,7 @@ resource "aws_iam_policy" "rhel_x86_ec2_permissions" {
           "kms:GenerateDataKey",
           "kms:DescribeKey"
         ],
-        Resource = aws_kms_key.rhel_x86_codepipeline_key.arn
+        Resource = "arn:aws-us-gov:kms:us-gov-west-1:229685449397:key/${aws_kms_key.rhel_x86_codepipeline_key.id}"
       }
     ]
   })

diff --git a/kms.tf b/kms.tf
@@ -1,6 +1,5 @@
 resource "aws_kms_key" "rhel_x86_codepipeline_key" {
   description = "KMS key for RHEL x86 CodePipeline"
-
   policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -21,18 +20,16 @@ resource "aws_kms_key" "rhel_x86_codepipeline_key" {
         "kms:GenerateDataKey*",
         "kms:DescribeKey"
       ],
-      "Resource": "*"
+      "Resource": "arn:aws-us-gov:kms:us-gov-west-1:229685449397:key/${aws_kms_key.rhel_x86_codepipeline_key.id}"
     },
     {
       "Sid": "Allow admin actions",
       "Effect": "Allow",
       "Principal": {
-        "AWS": [
-          "arn:aws-us-gov:iam::229685449397:root"
-        ]
+        "AWS": "arn:aws-us-gov:iam::229685449397:root"
       },
       "Action": "kms:*",
-      "Resource": "*"
+      "Resource": "arn:aws-us-gov:kms:us-gov-west-1:229685449397:key/${aws_kms_key.rhel_x86_codepipeline_key.id}"
     }
   ]
 }
@@ -42,4 +39,4 @@ EOF
 resource "aws_kms_alias" "rhel_x86_codepipeline_alias" {
   name          = "alias/rhel-x86-codepipeline-key"
   target_key_id = aws_kms_key.rhel_x86_codepipeline_key.id
-}
+}
diff --git a/modules/image-pipeline/build.pkr.hcl b/modules/image-pipeline/build.pkr.hcl
@@ -1,14 +1,15 @@
 variable "kms_key_id" {
   type    = string
-  default = "02684d21-d541-4d83-8e0b-e8c95877d8cb" 
+  default = aws_kms_key.rhel_x86_codepipeline_key.id
 }
 
 source "amazon-ebs" "rhel" {
-  ami_name      = "rhel-arm-{{timestamp}}"
-  instance_type = "t3.micro"
-  region        = "us-gov-west-1"
-  source_ami = "ami-03f5c6b8195c66b04"  # Updated AMI ID for RHEL 9 ARM
-  ssh_username  = "ec2-user"
+  ami_name        = "rhel-arm-{{timestamp}}"
+  instance_type   = "t3.micro"
+  region          = "us-gov-west-1"
+  source_ami      = "ami-03f5c6b8195c66b04"  # Updated AMI ID for RHEL 9 ARM
+  ssh_username    = "ec2-user"
+  kms_key_id      = var.kms_key_id
 }
 
 build {