aws config rules complains about eks unencrypted log group

aws config rules complains about unencrypted log group.

rule : OrgConfigRule-------p1-cloudwatch_log_group_encrypted

https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-log-group-encrypted.html

issue seems easily fixable if our module pass the variable cloudwatch_log_group_kms_key_id to https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/variables.tf

the variable is already defined in or module https://git.cloud.safran/safrangrp/publiccloud/landingzone/shared-modules/terraform-aws-eks/-/blob/main/variables.tf#L279

but main.tf does not pass it to https://github.com/terraform-aws-modules/terraform-aws-eks

the cloudwatch logs are already encrypted at rest with serverside AES-256 bit though... not sure if we should blindly follow aws config rules here...

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html

if we DO create a KMS key for the eks log group, I have the feeling we will need to add more principals to the resource based policy of the kms key (devopsrole adminoperationrole etc)

not sure if we should implement this.