From b0fb44a5cb37338659f18973133a45874bf7b3c9 Mon Sep 17 00:00:00 2001
From: lorenzo merici <lorenzo.merici@sysdig.com>
Date: Thu, 10 Apr 2025 15:47:10 +0200
Subject: [PATCH] fix kms decrypt permission condition

---
 modules/integrations/cloud-logs/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/integrations/cloud-logs/main.tf b/modules/integrations/cloud-logs/main.tf
index 902af42..f70b31d 100644
--- a/modules/integrations/cloud-logs/main.tf
+++ b/modules/integrations/cloud-logs/main.tf
@@ -139,7 +139,7 @@ data "aws_iam_policy_document" "cloudlogs_s3_access" {
   }
 
   dynamic "statement" {
-    for_each = var.kms_key_arn != null && !local.is_cross_account ? [1] : []
+    for_each = var.kms_key_arn != null ? [1] : []
     content {
       sid = "CloudlogsKMSDecrypt"