Giters

cloudposse / terraform-aws-vpc-flow-logs-s3-bucket

Terraform module to provision s3-backed flow logs for VPC and subnets

Home Page:https://cloudposse.com/accelerate

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

is not authorized to perform: kms:TagResource on resource

avwsolutions opened this issue · comments

commented

Get the error below when using this module. I already seen this mentioned in the previous logged issue #4 . Maybe I'm doing something wrong here?

Error: error updating KMS Key (6b51b425-ee73-4668-ac38-f43ee73c8fc0) tags: error tagging resource (6b51b425-ee73-4668-ac38-f43ee12c8fc0): AccessDeniedException: User: arn:aws:sts::060123456789:assumed-role/OrganizationAccountAccessRole/0000322988389763200 is not authorized to perform: kms:TagResource on resource: arn:aws:kms:eu-west-1:060123456789:key/6b51b425-ee73-4668-ac38-f43be73c8fc0
        status code: 400, request id: 222534e7-1feb-4b63-861c-be98c22e97e0

  on .terraform/modules/flow_logs.kms_key/main.tf line 12, in resource "aws_kms_key" "default":
  12: resource "aws_kms_key" "default" {

The module

module "flow_logs" {
  source        = "git::https://github.com/cloudposse/terraform-aws-vpc-flow-logs-s3-bucket.git?ref=tags/0.4.0"
  name          = var.name
  namespace     = var.namespace
  stage         = var.stage
  attributes    = compact(concat(var.attributes, ["vpc", "flow", "logs"]))
  delimiter     = var.delimiter
  region        = data.aws_region.default.name
  force_destroy = var.vpc_flows_logs_s3_bucket_force_destroy
  vpc_id        = module.vpc.vpc_id
}
commented

@avwsolutions check out PR #7 from @erikdj, which should fix this. Feel free to take over that task as it's quite a small update and I'd be happy to help you get it merged!