readability and doc reference

kunduso · Sep 11, 2024 · 5603235 · 5603235
1 parent 2404556
commit 5603235
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 11 deletions.
diff --git a/kms.tf b/kms.tf
@@ -71,7 +71,7 @@ data "aws_iam_policy_document" "encryption_rds_policy" {
     ]
     resources = [aws_kms_key.encryption_rds.arn]
   }
-    statement {
+  statement {
     sid    = "Allow SSM to use the key"
     effect = "Allow"
     principals {

diff --git a/lambda.tf b/lambda.tf
@@ -30,6 +30,7 @@ resource "aws_lambda_function" "secret_rotator" {
     }
 
   }
+  #https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
   vpc_config {
     subnet_ids         = [for subnet in aws_subnet.db : subnet.id]
     security_group_ids = [aws_security_group.lambda.id]

diff --git a/lambda_security_group.tf b/lambda_security_group.tf
@@ -11,22 +11,22 @@ resource "aws_security_group" "lambda" {
 }
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
 resource "aws_security_group_rule" "egress_rds_lambda" {
-  description       = "allow traffic from rds to reach Lambda"
-  type              = "egress"
-  from_port         = 5432
-  to_port           = 5432
-  protocol          = "tcp"
+  description              = "allow traffic from rds to reach Lambda"
+  type                     = "egress"
+  from_port                = 5432
+  to_port                  = 5432
+  protocol                 = "tcp"
   source_security_group_id = aws_security_group.rds.id
   # cidr_blocks       = [var.vpc_cidr]
   security_group_id = aws_security_group.lambda.id
 }
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
 resource "aws_security_group_rule" "egress_vpc_endpoint_lambda" {
-  description       = "allow traffic from vpc-endpoint to reach lambda"
-  type              = "egress"
-  from_port         = 443
-  to_port           = 443
-  protocol          = "tcp"
+  description              = "allow traffic from vpc-endpoint to reach lambda"
+  type                     = "egress"
+  from_port                = 443
+  to_port                  = 443
+  protocol                 = "tcp"
   source_security_group_id = aws_security_group.endpoint_sg.id
   # cidr_blocks       = [var.vpc_cidr]
   security_group_id = aws_security_group.lambda.id