Merge pull request #300 from mdr-engineering/hotfix/ftd_MSOCI-1276_FixKMSForCloudwatch

Fixes KMS Key for CloudTrail Group

base/account_standards/cloudtrail.tf

@@ -6,7 +6,7 @@ module "cloudtrail-logging" {
   cloudtrail_bucket = "xdr-cloudtrail-logs-${local.logging_environment}"
   iam_path          = "/aws_services/"
   # kms broken in us-gov-east-1: Reenable after 11/15/2021
-  #kms_key_id        = var.cloudtrail_key_arn
+  kms_key_id        = var.cloudtrail_key_arn
   log_group_name    = var.log_group_name
   retention_in_days = 7 # Days available in the local account cloudtrail logs. See the S3 bucket for retention there.
   # Uncomment to enable object level logging. If specifying individual buckets, be sure to end with a `/'

thirdparty/terraform-aws-cloudtrail-logging/main.tf

@@ -92,7 +92,7 @@ data "aws_iam_policy_document" "cwl_policy" {
 
 resource "aws_cloudwatch_log_group" "cwl_loggroup" {
   name              = var.log_group_name
-  kms_key_id        = var.kms_key_id
+  #kms_key_id        = var.kms_key_id
   retention_in_days = var.retention_in_days == -1 ? null : var.retention_in_days
 }