style: update modules to follow our style guide

modules/RDSOSMetrics_loggroup/kms.tf

@@ -1,3 +1,47 @@
+data "aws_caller_identity" "current" {}
+
+data "aws_region" "current" {}
+
+data "aws_iam_policy_document" "RDSOS_KMS" {
+  #checkov:skip=CKV_AWS_109:This is required for a working KMS key policy
+  #checkov:skip=CKV_AWS_111:This is required for a working KMS key policy
+  #checkov:skip=CKV_AWS_356:Does not apply here because KMS key policies only apply to the key itself.
+  count     = var.create_kms_key ? 1 : 0
+  policy_id = "key-policy-cloudwatch"
+  statement {
+    sid = "Enable IAM User Permissions"
+    actions = [
+      "kms:*",
+    ]
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
+      ]
+    }
+    resources = ["*"]
+  }
+  statement {
+    sid = "AllowCloudWatchLogs"
+    actions = [
+      "kms:Encrypt*",
+      "kms:Decrypt*",
+      "kms:ReEncrypt*",
+      "kms:GenerateDataKey*",
+      "kms:Describe*"
+    ]
+    effect = "Allow"
+    principals {
+      type = "Service"
+      identifiers = [
+        "logs.${data.aws_region.current.name}.amazonaws.com",
+      ]
+    }
+    resources = ["*"]
+  }
+}
+
 resource "aws_kms_key" "RDSOS_KMS" {
   count                   = var.create_kms_key ? 1 : 0
   description             = "KMS key to encrypt Cloudwatch loggroup for RDSOSMetrics (enhanced monitoring)."

modules/alternate_contacts/main.tf

@@ -1,3 +1,17 @@
+data "aws_organizations_organization" "this" {
+  count = var.assign_contacts_to_all_accounts ? 1 : 0
+}
+
+locals {
+  operations_contact = merge(var.default_alternate_contact, var.operations_contact)
+  billing_contact    = merge(var.default_alternate_contact, var.billing_contact)
+  security_contact   = merge(var.default_alternate_contact, var.security_contact)
+
+  list_of_active_account_ids = var.assign_contacts_to_all_accounts ? [for account in data.aws_organizations_organization.this[0].non_master_accounts : account.id if account.status == "ACTIVE"] : null
+
+  account_list = var.assign_contacts_to_all_accounts ? setsubtract(local.list_of_active_account_ids, var.filter_accounts) : []
+}
+
 resource "aws_account_alternate_contact" "operations" {
   alternate_contact_type = "OPERATIONS"
 

modules/eks/main.tf

@@ -7,6 +7,34 @@ resource "null_resource" "ensure_role_exists" {
   }
 }
 
+data "aws_caller_identity" "current" {}
+
+locals {
+  role_mappings = [
+    for role, groups in var.iam_role_rbac_mappings : {
+      rolearn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${role}"
+      username = role
+      groups   = groups
+    }
+  ]
+
+  user_mappings = [
+    for user, groups in var.iam_user_rbac_mappings : {
+      rolearn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/${user}"
+      username = user
+      groups   = groups
+    }
+  ]
+
+  node_group_iam_roles = [for ng in module.eks_managed_node_group : ng.iam_role_name]
+  asg_tags = [
+    for ng, values in var.node_groups : {
+      asg_name  = module.eks_managed_node_group[ng].node_group_resources[0].autoscaling_groups[0].name
+      tag_value = ng
+    }
+  ]
+}
+
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
   version = "19.10.0"