From 5603235200bcc4bdd5985b2f918bc5bd2b729cb2 Mon Sep 17 00:00:00 2001
From: Sourav Kundu <skundu.dev@gmail.com>
Date: Tue, 10 Sep 2024 21:37:28 -0500
Subject: [PATCH] readability and doc reference

---
 kms.tf                   |  2 +-
 lambda.tf                |  1 +
 lambda_security_group.tf | 20 ++++++++++----------
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/kms.tf b/kms.tf
index 78e5d8e..09887d7 100644
--- a/kms.tf
+++ b/kms.tf
@@ -71,7 +71,7 @@ data "aws_iam_policy_document" "encryption_rds_policy" {
     ]
     resources = [aws_kms_key.encryption_rds.arn]
   }
-    statement {
+  statement {
     sid    = "Allow SSM to use the key"
     effect = "Allow"
     principals {
diff --git a/lambda.tf b/lambda.tf
index cb70422..462d18d 100644
--- a/lambda.tf
+++ b/lambda.tf
@@ -30,6 +30,7 @@ resource "aws_lambda_function" "secret_rotator" {
     }
 
   }
+  #https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
   vpc_config {
     subnet_ids         = [for subnet in aws_subnet.db : subnet.id]
     security_group_ids = [aws_security_group.lambda.id]
diff --git a/lambda_security_group.tf b/lambda_security_group.tf
index 73ed325..c0836a5 100644
--- a/lambda_security_group.tf
+++ b/lambda_security_group.tf
@@ -11,22 +11,22 @@ resource "aws_security_group" "lambda" {
 }
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
 resource "aws_security_group_rule" "egress_rds_lambda" {
-  description       = "allow traffic from rds to reach Lambda"
-  type              = "egress"
-  from_port         = 5432
-  to_port           = 5432
-  protocol          = "tcp"
+  description              = "allow traffic from rds to reach Lambda"
+  type                     = "egress"
+  from_port                = 5432
+  to_port                  = 5432
+  protocol                 = "tcp"
   source_security_group_id = aws_security_group.rds.id
   # cidr_blocks       = [var.vpc_cidr]
   security_group_id = aws_security_group.lambda.id
 }
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
 resource "aws_security_group_rule" "egress_vpc_endpoint_lambda" {
-  description       = "allow traffic from vpc-endpoint to reach lambda"
-  type              = "egress"
-  from_port         = 443
-  to_port           = 443
-  protocol          = "tcp"
+  description              = "allow traffic from vpc-endpoint to reach lambda"
+  type                     = "egress"
+  from_port                = 443
+  to_port                  = 443
+  protocol                 = "tcp"
   source_security_group_id = aws_security_group.endpoint_sg.id
   # cidr_blocks       = [var.vpc_cidr]
   security_group_id = aws_security_group.lambda.id