From 605209472aa0f0216d302da1458ec369da385148 Mon Sep 17 00:00:00 2001
From: Zachary Estrella <zjestrella1@gmail.com>
Date: Sat, 15 Oct 2022 01:00:55 -0400
Subject: [PATCH] feat: Adding optional kms key id to encrypt cw log group for
 fluent bit (#1494)

* Adding optional kms key id to encrypt cw log group

* Fixing var:

* Converting to null
---
 modules/aws/aws-for-fluent-bit.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/aws/aws-for-fluent-bit.tf b/modules/aws/aws-for-fluent-bit.tf
index f5f432b62..49d69ee03 100644
--- a/modules/aws/aws-for-fluent-bit.tf
+++ b/modules/aws/aws-for-fluent-bit.tf
@@ -14,6 +14,7 @@ locals {
       iam_policy_override              = null
       default_network_policy           = true
       containers_log_retention_in_days = 180
+      kms_key_id                       = null
       name_prefix                      = "${var.cluster-name}-aws-for-fluent-bit"
     },
     var.aws-for-fluent-bit
@@ -80,6 +81,7 @@ resource "aws_cloudwatch_log_group" "aws-for-fluent-bit" {
   count             = local.aws-for-fluent-bit["enabled"] ? 1 : 0
   name              = "/aws/eks/${var.cluster-name}/containers"
   retention_in_days = local.aws-for-fluent-bit["containers_log_retention_in_days"]
+  kms_key_id        = local.aws-for-fluent-bit["kms_key_id"]
 }
 
 resource "kubernetes_namespace" "aws-for-fluent-bit" {