feat: updated cmk module and created localstack example

modules/security_identity_compliance/CustomerManagedKmsKeys/main.tf

@@ -44,7 +44,7 @@ resource "aws_kms_key" "storage" {
 # Key use for EBS volumes on EKS nodes
 resource "aws_kms_key" "eks_ebs" {
   count                              = var.create-eksebs-key ? 1 : 0
-  description                        = "CMK for use with ENS volumes on EKS nodes"
+  description                        = "CMK for use with EBS volumes on EKS nodes"
   enable_key_rotation                = var.enable_key_rotation
   rotation_period_in_days            = var.rotation_period_in_days
   is_enabled                         = var.is_enabled
@@ -307,9 +307,24 @@ data "aws_iam_policy_document" "rds" {
   }
 }
 
-data "aws_iam_role" "asg-service-linked-role" {
-  count = var.create-eksebs-key ? 1 : 0
-  name  = "AWSServiceRoleForAutoScaling"
+# create an ASG service linked role if not already exist
+data "aws_iam_roles" "autoscaling" {
+  count      = var.create_asg_role ? 0 : 1
+  name_regex = "^AWSServiceRoleForAutoScaling$"
+}
+
+resource "aws_iam_service_linked_role" "autoscaling" {
+  count            = var.create_asg_role ? 1 : 0
+  aws_service_name = "autoscaling.amazonaws.com"
+  description      = "Service-linked role for AutoScaling"
+}
+
+locals {
+  AsgServiceRoleArn = try(aws_iam_service_linked_role.autoscaling[0].arn, one(data.aws_iam_roles.autoscaling[0].arns))
+}
+
+output "debug" {
+  value = local.AsgServiceRoleArn
 }
 
 data "aws_iam_policy_document" "eksebs" {
@@ -320,7 +335,7 @@ data "aws_iam_policy_document" "eksebs" {
     effect = "Allow"
     principals {
       identifiers = [
-        data.aws_iam_role.asg-service-linked-role[0].arn
+        local.AsgServiceRoleArn
       ]
       type = "AWS"
     }
@@ -339,7 +354,7 @@ data "aws_iam_policy_document" "eksebs" {
     effect = "Allow"
     principals {
       identifiers = [
-        data.aws_iam_role.asg-service-linked-role[0].arn
+        local.AsgServiceRoleArn
       ]
       type = "AWS"
     }