Merge pull request #299 from mdr-engineering/hotfix/ftd_MSOCI-1276_FixKMSForCloudwatch

Removes KMS keys

base/account_standards/cloudtrail.tf

@@ -5,7 +5,8 @@ module "cloudtrail-logging" {
   cloudtrail_name   = "xdr-centralized-cloudtrail"
   cloudtrail_bucket = "xdr-cloudtrail-logs-${local.logging_environment}"
   iam_path          = "/aws_services/"
-  kms_key_id        = var.cloudtrail_key_arn
+  # kms broken in us-gov-east-1: Reenable after 11/15/2021
+  #kms_key_id        = var.cloudtrail_key_arn
   log_group_name    = var.log_group_name
   retention_in_days = 7 # Days available in the local account cloudtrail logs. See the S3 bucket for retention there.
   # Uncomment to enable object level logging. If specifying individual buckets, be sure to end with a `/'

base/account_standards/flowlogs.tf

@@ -2,7 +2,8 @@
 resource "aws_cloudwatch_log_group" "vpc_flow_logs" {
   name = "vpc_flow_logs"
   retention_in_days = 7
-  kms_key_id = var.cloudtrail_key_arn
+  # kms broken in us-gov-east-1. Reenable after 11/15/2021
+  #kms_key_id = var.cloudtrail_key_arn
   tags = merge(var.standard_tags, var.tags)
 }