From e2f2a4cb573e84226e35d038c110e77e0260212f Mon Sep 17 00:00:00 2001
From: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com>
Date: Wed, 27 Jul 2022 15:46:36 -0400
Subject: [PATCH] Fix monitoring IAM permissions (#6926)

---
 infrastructure/sandbox/Monitoring/lambda/main.go | 13 +++++++++----
 infrastructure/sandbox/Monitoring/main.tf        |  2 +-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/infrastructure/sandbox/Monitoring/lambda/main.go b/infrastructure/sandbox/Monitoring/lambda/main.go
index f124a39f62..5a67c6f225 100644
--- a/infrastructure/sandbox/Monitoring/lambda/main.go
+++ b/infrastructure/sandbox/Monitoring/lambda/main.go
@@ -23,12 +23,13 @@ type LifecycleRecord struct {
 	State string
 }
 
-func getInstancesCount() (int64, int64, error) {
+func getInstancesCount(c context.Context) (int64, int64, error) {
 	log.Print("getInstancesCount")
 	svc := dynamodb.New(session.New())
 	// Example iterating over at most 3 pages of a Scan operation.
 	var count, unclaimedCount int64
-	err := svc.ScanPages(
+	err := svc.ScanPagesWithContext(
+		c,
 		&dynamodb.ScanInput{
 			TableName: aws.String(options.LifecycleTable),
 		},
@@ -55,7 +56,11 @@ func getInstancesCount() (int64, int64, error) {
 type NullEvent struct{}
 
 func handler(ctx context.Context, name NullEvent) error {
-	totalCount, unclaimedCount, err := getInstancesCount()
+	totalCount, unclaimedCount, err := getInstancesCount(ctx)
+	if err != nil {
+		log.Print(err)
+		return err
+	}
 	svc := cloudwatch.New(session.New())
 	log.Printf("Publishing %d, %d", totalCount, unclaimedCount)
 	_, err = svc.PutMetricData(&cloudwatch.PutMetricDataInput{
@@ -104,7 +109,7 @@ func main() {
 			log.Fatal(err)
 		}
 	}
-	if options.LambdaExecutionEnv == "AWS_Lambda_go1.x" {
+	if options.LambdaExecutionEnv != "" {
 		lambda.Start(handler)
 	} else {
 		if err = handler(context.Background(), NullEvent{}); err != nil {
diff --git a/infrastructure/sandbox/Monitoring/main.tf b/infrastructure/sandbox/Monitoring/main.tf
index 8ff79f72c5..33baa6ae4e 100644
--- a/infrastructure/sandbox/Monitoring/main.tf
+++ b/infrastructure/sandbox/Monitoring/main.tf
@@ -89,7 +89,7 @@ data "aws_iam_policy_document" "lifecycle-lambda" {
       "kms:GenerateDataKey*",
       "kms:Describe*"
     ]
-    resources = [aws_kms_key.ecr.arn]
+    resources = [aws_kms_key.ecr.arn, var.kms_key.arn]
   }
 
   statement {