Terraform module to configure a KMS Customer Master Key (CMK) and its alias.
Terraform 0.12 and provider version < 3.53.0. Pin module version to ~> v1.0.
For Terraform 0.12 with provider version >= 3.53.0. Pin module version to ~> v2.0. Submit pull-requests to main branch.
module "kms" {
source = "umotif-public/kms/aws"
version = "~> 2.0.0"
enabled = true
description = "KMS test description"
alias_name = "test-key"
deletion_window_in_days = 7
enable_key_rotation = true
tags = {
Environment = "dev"
}
}Module is to be used with Terraform > 0.12.
Module managed by uMotif.
| Name | Version |
|---|---|
| terraform | >= 1.0.11 |
| aws | >= 3.64.0 |
| Name | Version |
|---|---|
| aws | >= 3.64.0 |
No modules.
| Name | Type |
|---|---|
| aws_kms_alias.main | resource |
| aws_kms_key.main | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alias_name | The display name of the alias. | string |
n/a | yes |
| bypass_policy_lockout_safety_check | Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. | bool |
false |
no |
| customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. | string |
"SYMMETRIC_DEFAULT" |
no |
| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource. | number |
10 |
no |
| description | The description of the key as viewed in AWS console. | string |
"Parameter Store KMS master key" |
no |
| enable_key_rotation | Specifies whether key rotation is enabled. | bool |
true |
no |
| enabled | Specifies whether to create resources within this module. | bool |
true |
no |
| is_enabled | Specifies whether the key is enabled. | bool |
true |
no |
| key_usage | Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. | string |
"ENCRYPT_DECRYPT" |
no |
| multi_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. Defaults to false | bool |
false |
no |
| policy | A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform. | string |
"" |
no |
| tags | Mapping of additional tags. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| alias_arn | KMS Key Alias ARN. |
| alias_name | KMS Key Alias name. |
| key_arn | KMS Key ARN. |
| key_id | KMS Key ID. |
See LICENSE for full details.
pre-committerraform-docsrequired forterraform_docshooks.TFLintrequired forterraform_tflinthook.
brew install pre-commit terraform-docs tflint
brew tap git-chglog/git-chglog
brew install git-chglog