From 73f66bae5fa67737dd5045da9e8511cd617f7aa8a48bed99053217ab1e3f1f8e Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Thu, 19 Feb 2026 13:56:14 +0800
Subject: [PATCH] patch: updated outputs.tf

---
 .../CustomerManagedKmsKeys/main.tf            |  4 +--
 .../CustomerManagedKmsKeys/outputs.tf         | 28 +++++++++----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/modules/security_identity_compliance/CustomerManagedKmsKeys/main.tf b/modules/security_identity_compliance/CustomerManagedKmsKeys/main.tf
index c1d26c6..a3fe6a5 100644
--- a/modules/security_identity_compliance/CustomerManagedKmsKeys/main.tf
+++ b/modules/security_identity_compliance/CustomerManagedKmsKeys/main.tf
@@ -213,8 +213,8 @@ data "aws_iam_policy_document" "storage" {
     condition {
       test = "StringEquals"
       values = [
-        "ec2.${data.aws_region.this.name}.amazonaws.com",
-        "s3.${data.aws_region.this.name}.amazonaws.com"
+        "ec2.${data.aws_region.this.id}.amazonaws.com",
+        "s3.${data.aws_region.this.id}.amazonaws.com"
       ]
       variable = "kms:ViaService"
     }
diff --git a/modules/security_identity_compliance/CustomerManagedKmsKeys/outputs.tf b/modules/security_identity_compliance/CustomerManagedKmsKeys/outputs.tf
index 2013860..721517f 100644
--- a/modules/security_identity_compliance/CustomerManagedKmsKeys/outputs.tf
+++ b/modules/security_identity_compliance/CustomerManagedKmsKeys/outputs.tf
@@ -2,32 +2,32 @@ output "cmks" {
   description = "Customer managed KMS key arns"
   value = {
     backup = {
-      alias = aws_kms_alias.backup.*.name
-      arn   = aws_kms_key.backup.*.arn
+      alias = one(aws_kms_alias.backup.*.name)
+      arn   = one(aws_kms_key.backup.*.arn)
     },
     database = {
-      alias = aws_kms_alias.database.*.name
-      arn   = aws_kms_key.database.*.arn
+      alias = one(aws_kms_alias.database.*.name)
+      arn   = one(aws_kms_key.database.*.arn)
     },
     allpurpose = {
-      alias = aws_kms_alias.allpurpose.*.name
-      arn   = aws_kms_key.allpurpose.*.arn
+      alias = one(aws_kms_alias.allpurpose.*.name)
+      arn   = one(aws_kms_key.allpurpose.*.arn)
     },
     secret = {
-      alias = aws_kms_alias.secret.*.name
-      arn   = aws_kms_key.secret.*.arn
+      alias = one(aws_kms_alias.secret.*.name)
+      arn   = one(aws_kms_key.secret.*.arn)
     },
     log = {
-      alias = aws_kms_alias.log.*.name
-      arn   = aws_kms_key.log.*.arn
+      alias = one(aws_kms_alias.log.*.name)
+      arn   = one(aws_kms_key.log.*.arn)
     },
     notify = {
-      alias = aws_kms_alias.notify.*.name
-      arn   = aws_kms_key.notify.*.arn
+      alias = one(aws_kms_alias.notify.*.name)
+      arn   = one(aws_kms_key.notify.*.arn)
     },
     storage = {
-      alias = aws_kms_alias.storage.*.name
-      arn   = aws_kms_key.storage.*.arn
+      alias = one(aws_kms_alias.storage.*.name)
+      arn   = one(aws_kms_key.storage.*.arn)
     }
   }
 }
\ No newline at end of file