feat!: Formatting and update of example

dnno · dnno · commit 5b9a76928b00 · 2025-07-07T13:27:37.000+02:00
diff --git a/examples/with-archive/main.tf b/examples/with-archive/main.tf
@@ -7,6 +7,10 @@ provider "aws" {
   skip_credentials_validation = true
 }
 
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+
 module "eventbridge" {
   source = "../../"
 
@@ -50,6 +54,7 @@ module "eventbridge_archive_only" {
 
   create_bus      = false
   create_archives = true
+  kms_key_identifier = module.kms.key_id
 
   archives = {
     "launch-archive-existing-bus" = {
@@ -79,3 +84,48 @@ resource "random_pet" "this" {
 resource "aws_cloudwatch_event_bus" "existing_bus" {
   name = "${random_pet.this.id}-existing-bus"
 }
+
+module "kms" {
+  source      = "terraform-aws-modules/kms/aws"
+  version     = "~> 2.0"
+  description = "KMS key for cross region automated backups replication"
+
+  # Aliases
+  aliases                 = ["test"]
+  aliases_use_name_prefix = true
+  key_statements = [
+    {
+      sid = "Allow eventbridge"
+      principals = [
+        {
+          type        = "Service"
+          identifiers = ["events.amazonaws.com"]
+        }
+      ]
+      actions = [
+        "kms:DescribeKey",
+        "kms:GenerateDataKey",
+        "kms:Decrypt"
+      ]
+      resources = ["*"]
+      conditions = [
+        {
+          test     = "StringEquals"
+          variable = "kms:EncryptionContext:aws:events:event-bus:arn"
+          values = [
+            "arn:aws:events:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:event-bus/example",
+          ]
+        },
+        {
+          test     = "StringEquals"
+          variable = "aws:SourceArn"
+          values = [
+            "arn:aws:events:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:event-bus/example",
+          ]
+        }
+      ]
+    }
+  ]
+
+  key_owners = [data.aws_caller_identity.current.arn]
+}
diff --git a/main.tf b/main.tf
@@ -284,8 +284,8 @@ resource "aws_cloudwatch_event_archive" "this" {
 
   region = var.region
 
-  name             = lookup(each.value, "name", each.key)
-  event_source_arn = try(each.value["event_source_arn"], aws_cloudwatch_event_bus.this[0].arn)
+  name               = lookup(each.value, "name", each.key)
+  event_source_arn   = try(each.value["event_source_arn"], aws_cloudwatch_event_bus.this[0].arn)
   kms_key_identifier = var.kms_key_identifier
 
   description    = lookup(each.value, "description", null)
