| alias |
The display name of the alias. The name must start with the word alias followed by a forward slash. |
string |
"" |
no |
| attributes |
Additional attributes (e.g. 1). |
list(string) |
[] |
no |
| bypass_policy_lockout_safety_check |
A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable |
bool |
false |
no |
| create_external_enabled |
Determines whether an external CMK (externally provided material) will be created or a standard CMK (AWS provided material) |
bool |
false |
no |
| create_replica_enabled |
Determines whether a replica standard CMK will be created (AWS provided material) |
bool |
false |
no |
| create_replica_external_enabled |
Determines whether a replica external CMK will be created (externally provided material) |
bool |
false |
no |
| customer_master_key_spec |
Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. |
string |
"SYMMETRIC_DEFAULT" |
no |
| deletion_window_in_days |
Duration in days after which the key is deleted after destruction of the resource. |
number |
10 |
no |
| description |
The description of the key as viewed in AWS console. |
string |
"Parameter Store KMS master key" |
no |
| enable_key_rotation |
Specifies whether key rotation is enabled. |
string |
true |
no |
| enabled |
Specifies whether the kms is enabled or disabled. |
bool |
true |
no |
| environment |
Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| key_material_base64 |
Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. External key only |
string |
null |
no |
| key_usage |
Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. |
string |
"ENCRYPT_DECRYPT" |
no |
| kms_key_enabled |
Specifies whether the kms is enabled or disabled. |
bool |
true |
no |
| label_order |
label order, e.g. name,application. |
list(any) |
[
"name",
"environment"
] |
no |
| managedby |
ManagedBy, eg 'CloudDrove'. |
string |
"hello@clouddrove.com" |
no |
| multi_region |
Indicates whether the KMS key is a multi-Region (true) or regional (false) key. |
bool |
true |
no |
| name |
Name (e.g. app or cluster). |
string |
"" |
no |
| policy |
A valid policy JSON document. Although this is a key policy, not an IAM policy, an aws_iam_policy_document, in the form that designates a principal, can be used |
string |
null |
no |
| primary_external_key_arn |
The primary external key arn of a multi-region replica external key |
string |
null |
no |
| primary_key_arn |
The primary key arn of a multi-region replica key |
string |
"" |
no |
| repository |
Terraform current module repo |
string |
"https://github.com/clouddrove/terraform-aws-kms" |
no |
| valid_to |
Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire |
string |
"" |
no |