Update description of the new variable to drop the mention of CMK

Rename variable to reflect the fact that the ARN is needed, not the ID

Author: philslab-ninja

modules/iam-role-for-service-accounts-eks/README.md

@@ -233,7 +233,7 @@ No modules.
 | <a name="input_load_balancer_controller_targetgroup_arns"></a> [load\_balancer\_controller\_targetgroup\_arns](#input\_load\_balancer\_controller\_targetgroup\_arns) | List of Target groups ARNs using Load Balancer Controller | `list(string)` | <pre>[<br>  "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"<br>]</pre> | no |
 | <a name="input_max_session_duration"></a> [max\_session\_duration](#input\_max\_session\_duration) | Maximum CLI/API session duration in seconds between 3600 and 43200 | `number` | `null` | no |
 | <a name="input_mountpoint_s3_csi_bucket_arns"></a> [mountpoint\_s3\_csi\_bucket\_arns](#input\_mountpoint\_s3\_csi\_bucket\_arns) | S3 bucket ARNs to allow Mountpoint S3 CSI to list buckets | `list(string)` | `[]` | no |
-| <a name="input_mountpoint_s3_csi_kms_ids"></a> [mountpoint\_s3\_csi\_kms\_ids](#input\_mountpoint\_s3\_csi\_kms\_ids) | KMS CMK IDs to allow Mountpoint S3 CSI driver to download and upload Objects of a S3 bucket using `aws:kms` SSE | `list(string)` | `[]` | no |
+| <a name="input_mountpoint_s3_csi_kms_arns"></a> [mountpoint\_s3\_csi\_kms\_arns](#input\_mountpoint\_s3\_csi\_kms\_arns) | KMS Key ARNs to allow Mountpoint S3 CSI driver to download and upload Objects of a S3 bucket using `aws:kms` SSE | `list(string)` | `[]` | no |
 | <a name="input_mountpoint_s3_csi_path_arns"></a> [mountpoint\_s3\_csi\_path\_arns](#input\_mountpoint\_s3\_csi\_path\_arns) | S3 path ARNs to allow Mountpoint S3 CSI driver to manage items at the provided path(s). This is required if `attach_mountpoint_s3_csi_policy = true` | `list(string)` | `[]` | no |
 | <a name="input_node_termination_handler_sqs_queue_arns"></a> [node\_termination\_handler\_sqs\_queue\_arns](#input\_node\_termination\_handler\_sqs\_queue\_arns) | List of SQS ARNs that contain node termination events | `list(string)` | <pre>[<br>  "*"<br>]</pre> | no |
 | <a name="input_oidc_providers"></a> [oidc\_providers](#input\_oidc\_providers) | Map of OIDC providers where each provider map should contain the `provider_arn` and `namespace_service_accounts` | `any` | `{}` | no |

modules/iam-role-for-service-accounts-eks/policies.tf

@@ -449,14 +449,14 @@ data "aws_iam_policy_document" "mountpoint_s3_csi" {
   }
 
   dynamic "statement" {
-    for_each = length(var.mountpoint_s3_csi_kms_ids) > 0 ? [1] : []
+    for_each = length(var.mountpoint_s3_csi_kms_arns) > 0 ? [1] : []
     content {
       actions = [
         "kms:GenerateDataKey",
         "kms:Decrypt"
       ]
 
-      resources = var.mountpoint_s3_csi_kms_ids
+      resources = var.mountpoint_s3_csi_kms_arns
     }
   }
 }

modules/iam-role-for-service-accounts-eks/variables.tf

@@ -158,8 +158,8 @@ variable "mountpoint_s3_csi_bucket_arns" {
   default     = []
 }
 
-variable "mountpoint_s3_csi_kms_ids" {
-  description = "KMS CMK IDs to allow Mountpoint S3 CSI driver to download and upload Objects of a S3 bucket using `aws:kms` SSE"
+variable "mountpoint_s3_csi_kms_arns" {
+  description = "KMS Key ARNs to allow Mountpoint S3 CSI driver to download and upload Objects of a S3 bucket using `aws:kms` SSE"
   type        = list(string)
   default     = []
 }

wrappers/iam-role-for-service-accounts-eks/main.tf

@@ -48,7 +48,7 @@ module "wrapper" {
   load_balancer_controller_targetgroup_arns                       = try(each.value.load_balancer_controller_targetgroup_arns, var.defaults.load_balancer_controller_targetgroup_arns, ["arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"])
   max_session_duration                                            = try(each.value.max_session_duration, var.defaults.max_session_duration, null)
   mountpoint_s3_csi_bucket_arns                                   = try(each.value.mountpoint_s3_csi_bucket_arns, var.defaults.mountpoint_s3_csi_bucket_arns, [])
-  mountpoint_s3_csi_kms_ids                                       = try(each.value.mountpoint_s3_csi_kms_ids, var.defaults.mountpoint_s3_csi_kms_ids, [])
+  mountpoint_s3_csi_kms_arns                                      = try(each.value.mountpoint_s3_csi_kms_arns, var.defaults.mountpoint_s3_csi_kms_arns, [])
   mountpoint_s3_csi_path_arns                                     = try(each.value.mountpoint_s3_csi_path_arns, var.defaults.mountpoint_s3_csi_path_arns, [])
   node_termination_handler_sqs_queue_arns                         = try(each.value.node_termination_handler_sqs_queue_arns, var.defaults.node_termination_handler_sqs_queue_arns, ["*"])
   oidc_providers                                                  = try(each.value.oidc_providers, var.defaults.oidc_providers, {})