Skip to content

Latest commit

 

History

History
100 lines (72 loc) · 4.8 KB

README.md

File metadata and controls

100 lines (72 loc) · 4.8 KB

GitHub release (latest by date)

terraform-aws-kms

Terraform module to configure a KMS Customer Master Key (CMK) and its alias.

Usage

module "kms" {
  source = "native-cube/kms/aws"
  version = "~> 1.0.0"

  description             = "KMS test description"
  alias_name              = "mykey"
  deletion_window_in_days = 7
  enable_key_rotation     = true

  tags = {
    Environment = "test"
  }
}

Examples

Requirements

Name Version
terraform >= 1.0.0
aws >= 3.68

Providers

Name Version
aws >= 3.68

Modules

No modules.

Resources

Name Type
aws_kms_alias.main resource
aws_kms_key.main resource

Inputs

Name Description Type Default Required
alias_name The display name of the alias. string null no
alias_name_prefix Creates an unique alias beginning with the specified prefix. Conflicts with alias_name. string null no
bypass_policy_lockout_safety_check Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. bool false no
customer_master_key_spec Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. string "SYMMETRIC_DEFAULT" no
deletion_window_in_days Duration in days after which the key is deleted after destruction of the resource. number 10 no
description The description of the key as viewed in AWS console. string "Parameter Store KMS master key" no
enable_key_rotation Specifies whether key rotation is enabled. bool true no
is_enabled Specifies whether the key is enabled. bool true no
key_usage Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. string "ENCRYPT_DECRYPT" no
multi_region Indicates whether the KMS key is a multi-Region (true) or regional (false) key. bool false no
policy A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform. string "" no
tags Mapping of additional tags. map(string) {} no

Outputs

Name Description
alias_arn KMS Key Alias ARN.
alias_name KMS Key Alias name.
key_arn KMS Key ARN.
key_id KMS Key ID.

License

See LICENSE file for full details.

Pre-commit hooks

Install dependencies

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog