Skip to content

native-cube/terraform-aws-kms

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

.github

.github

 
 

examples/core

examples/core

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

main.tf

main.tf

 
 

outputs.tf

outputs.tf

 
 

variables.tf

variables.tf

 
 

versions.tf

versions.tf

 
 

Repository files navigation

GitHub release (latest by date)

terraform-aws-kms

Terraform module to configure a KMS Customer Master Key (CMK) and its alias.

Usage

module "kms" {
  source = "native-cube/kms/aws"
  version = "~> 1.0.0"

  description             = "KMS test description"
  alias_name              = "mykey"
  deletion_window_in_days = 7
  enable_key_rotation     = true

  tags = {
    Environment = "test"
  }
}

Examples

Requirements

Name Version
terraform >= 1.0.0
aws >= 3.68

Providers

Name Version
aws >= 3.68

Modules

No modules.

Resources

Name Type
aws_kms_alias.main resource
aws_kms_key.main resource

Inputs

Name Description Type Default Required
alias_name The display name of the alias. string null no
alias_name_prefix Creates an unique alias beginning with the specified prefix. Conflicts with alias_name. string null no
bypass_policy_lockout_safety_check Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. bool false no
customer_master_key_spec Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. string "SYMMETRIC_DEFAULT" no
deletion_window_in_days Duration in days after which the key is deleted after destruction of the resource. number 10 no
description The description of the key as viewed in AWS console. string "Parameter Store KMS master key" no
enable_key_rotation Specifies whether key rotation is enabled. bool true no
is_enabled Specifies whether the key is enabled. bool true no
key_usage Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. string "ENCRYPT_DECRYPT" no
multi_region Indicates whether the KMS key is a multi-Region (true) or regional (false) key. bool false no
policy A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform. string "" no
tags Mapping of additional tags. map(string) {} no

Outputs

Name Description
alias_arn KMS Key Alias ARN.
alias_name KMS Key Alias name.
key_arn KMS Key ARN.
key_id KMS Key ID.

License

See LICENSE file for full details.

Pre-commit hooks

Install dependencies

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog

About

Terraform module to configure a KMS Customer Master Key (CMK) and its alias

registry.terraform.io/modules/native-cube/kms/aws/latest

Topics

aws kms aws-kms terraform terraform-provider terraform-module kms-module

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases 2

1.0.1: Set policy argument default value to null Latest
Oct 20, 2022
+ 1 release

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages