feat: updates on eks example, cmk, and s3bucket

modules/security_identity_compliance/CustomerManagedKmsKeys/main.tf

@@ -129,7 +129,7 @@ resource "aws_kms_key" "notify" {
   bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
 }
 
-resource "aws_kms_key" "notify" {
+resource "aws_kms_key" "ssm" {
   count                              = var.create-ssm-key ? 1 : 0
   description                        = "Customer-managed KMS key for encrypting ssm parameters"
   enable_key_rotation                = var.enable_key_rotation
@@ -196,6 +196,12 @@ resource "aws_kms_alias" "notify" {
   target_key_id = aws_kms_key.notify[0].id
 }
 
+resource "aws_kms_alias" "ssm" {
+  count         = var.create-ssm-key ? 1 : 0
+  name          = "alias/${local.prefix}ssm"
+  target_key_id = aws_kms_key.notify[0].id
+}
+
 # Policies
 data "aws_iam_policy_document" "allpurpose" {
   source_policy_documents = [data.aws_iam_policy_document.base.json]