fix : iam policy kms key

infrastructure/modules/kinesis_firehose/kms.tf

@@ -17,11 +17,11 @@ resource "aws_kms_key_policy" "firehose_key_policy" {
   policy = data.aws_iam_policy_document.firehose_kms_key_policy.json
 }
 
-
 data "aws_iam_policy_document" "firehose_kms_key_policy" {
   #checkov:skip=CKV_AWS_111: Root user needs full KMS key management
   #checkov:skip=CKV_AWS_356: Root user needs full KMS key management
   #checkov:skip=CKV_AWS_109: Root user needs full KMS key management
+
   statement {
     sid    = "EnableIamUserPermissions"
     effect = "Allow"
@@ -32,22 +32,9 @@ data "aws_iam_policy_document" "firehose_kms_key_policy" {
     actions   = ["kms:*"]
     resources = ["*"]
   }
-  statement {
-    sid    = "EnableRootUserPermissions"
-    effect = "Allow"
-
-    principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
-    }
-
-    actions   = ["kms:*"]
-    resources = ["*"]
-  }
 
-  # Your existing statements below...
   statement {
-    sid    = "AllowFirehoseAccess"
+    sid    = "Allow Firehose Service Access"
     effect = "Allow"
     principals {
       type        = "Service"
@@ -62,17 +49,6 @@ data "aws_iam_policy_document" "firehose_kms_key_policy" {
     resources = [aws_kms_key.firehose_cmk.arn]
   }
 
-  statement {
-    sid    = "AllowFirehoseRoleUsage"
-    effect = "Allow"
-    principals {
-      type        = "AWS"
-      identifiers = [var.audit_firehose_role_arn]
-    }
-    actions   = ["kms:*"]
-    resources = [aws_kms_key.firehose_cmk.arn]
-  }
-
   statement {
     sid    = "AllowCloudWatchLogsUseOfTheKey"
     effect = "Allow"
@@ -90,5 +66,3 @@ data "aws_iam_policy_document" "firehose_kms_key_policy" {
     resources = [aws_kms_key.firehose_cmk.arn]
   }
 }
-
-