From a55be8803b5a353cda3be4e57fb7e1f6bdad0612 Mon Sep 17 00:00:00 2001
From: David Sibley <david.sibley@digital.justice.gov.uk>
Date: Mon, 26 Feb 2024 08:44:44 +0000
Subject: [PATCH 1/2] converted to allow use of variable for backup topic
 alerting KMS key

---
 modules/backup/main.tf      | 3 ++-
 modules/backup/variables.tf | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/backup/main.tf b/modules/backup/main.tf
index 277d5b0..b2a0456 100644
--- a/modules/backup/main.tf
+++ b/modules/backup/main.tf
@@ -115,8 +115,9 @@ resource "aws_backup_selection" "non_production" {
 }
 
 # SNS topic
+#trivy:ignore:avd-aws-0136
 resource "aws_sns_topic" "backup_failure_topic" {
-  kms_master_key_id = "alias/aws/sns"
+  kms_master_key_id = var.sns_backup_topic_key
   name              = "backup_failure_topic"
   tags = merge(var.tags, {
     Description = "This backup topic is so the MP team can subscribe to backup notifications from selected accounts and teams using member-unrestricted accounts can create their own subscriptions"
diff --git a/modules/backup/variables.tf b/modules/backup/variables.tf
index 7068fe0..87ca584 100644
--- a/modules/backup/variables.tf
+++ b/modules/backup/variables.tf
@@ -3,6 +3,12 @@ variable "iam_role_arn" {
   description = "IAM role ARN for the AWS Backup service role"
 }
 
+variable "sns_backup_topic_key" {
+  type = string
+  default = "alias/aws/sns"
+  description = "KMS key used to encrypt backup failure SNS topic"
+}
+
 variable "tags" {
   default     = {}
   description = "Tags to apply to resources, where applicable"

From 6f4956a8f201250dcb0bd1f71c5ea9a4e7651875 Mon Sep 17 00:00:00 2001
From: David Sibley <david.sibley@digital.justice.gov.uk>
Date: Mon, 26 Feb 2024 08:45:35 +0000
Subject: [PATCH 2/2] Applied linting fixes

---
 modules/backup/variables.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/backup/variables.tf b/modules/backup/variables.tf
index 87ca584..775c16c 100644
--- a/modules/backup/variables.tf
+++ b/modules/backup/variables.tf
@@ -4,8 +4,8 @@ variable "iam_role_arn" {
 }
 
 variable "sns_backup_topic_key" {
-  type = string
-  default = "alias/aws/sns"
+  type        = string
+  default     = "alias/aws/sns"
   description = "KMS key used to encrypt backup failure SNS topic"
 }