From 9939f6c51084fa8a697d8adb89f1c5f1390b5b96 Mon Sep 17 00:00:00 2001
From: Miguel Pais <miguelpais@gmail.com>
Date: Mon, 4 Nov 2024 18:51:58 +0100
Subject: [PATCH] fixing agentless key rotation (#81)

---
 modules/services/agentless-scanning/main.tf | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/modules/services/agentless-scanning/main.tf b/modules/services/agentless-scanning/main.tf
index 9da846a..65dff5f 100644
--- a/modules/services/agentless-scanning/main.tf
+++ b/modules/services/agentless-scanning/main.tf
@@ -295,18 +295,13 @@ resource "aws_kms_key" "scanning" {
   count = var.is_organizational ? 0 : 1
 
   description             = "Sysdig Agentless Scanning encryption key"
+  enable_key_rotation     = true
   deletion_window_in_days = var.kms_key_deletion_window
   key_usage               = "ENCRYPT_DECRYPT"
   policy                  = data.aws_iam_policy_document.key_policy[0].json
   tags                    = var.tags
 }
 
-# Enable key rotation for the KMS key
-resource "aws_kms_key_rotation" "scanning_rotation" {
-  count  = var.is_organizational ? 0 : 1
-  key_id = aws_kms_key.scanning[0].id # Reference to the KMS key
-}
-
 # KMS alias resource only if singleton account
 resource "aws_kms_alias" "scanning" {
   count = var.is_organizational ? 0 : 1