cloudposse / terraform-aws-kms-key Goto Github PK
View Code? Open in Web Editor NEWTerraform module to provision a KMS key with alias
Home Page: https://cloudposse.com/accelerate
License: Apache License 2.0
Terraform module to provision a KMS key with alias
Home Page: https://cloudposse.com/accelerate
License: Apache License 2.0
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
main.tf
versions.tf
aws >= 3.64.0
hashicorp/terraform >= 0.13
Have a question? Please checkout our Slack Community or visit our Slack Archive.
A clear and concise description of what the bug is.
Enable key replication across regions when 'multi_region' option is selected
KMS supports key replication. It is logical to support it from this module as it already support creation of multi-region key.
This module should use below Terraform recourse and create replication https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_replica_key
If i have to use 'multi-region' now i have to implement on top myself using https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_replica_key
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.
Found a bug? Maybe our Slack Community can help.
I started with this - https://github.com/cloudposse/terraform-aws-kms-key/tree/0.12.1/examples/complete
I expected the KMS Key to be generated
Steps to reproduce the behavior:
Admin:~/environment/ModuleTemplate/LearnModules/modules/kms-key (aws-s3-bucket2) $ terraform plan
var.region
Enter a value: us-east-1
╷
│ Error: "name" must begin with 'alias/' and be comprised of only [a-zA-Z0-9/_-]
│
│ with module.kms_key.aws_kms_alias.default[0],
│ on .terraform/modules/kms_key/main.tf line 15, in resource "aws_kms_alias" "default":
│ 15: name = coalesce(var.alias, format("alias/%v", module.this.id))
│
When I hard coded the value on line 15 to be alias/123 it Worked!
Also running the simplified example works as well....
If applicable, add screenshots or logs to help explain your problem.
Anything that will help us triage the bug will help. Here are some ideas:
Add any other context about the problem here.
This module currently creates KMS keys with a policy stating "any IAM user/role can do anything with this key".
If you want a more restrictive policy, you have to write it yourself.
I think it would be valuable for the module to offer some canned policies that can be used instead.
This is a proposal for giving module users more flexible tools for controlling the key policy.
If you like the design, we can discuss the details, and I am interested in implementing it.
var.policy
takes precedence over the below. If it is set, the other proposed variables are ignored.
var.canned_policy
has a few options, like:
aws-service-use
(the key can only be attached to AWS resources, like RDS encryption)var.extra_policy_statements
lets you provide IAM Policy statements that will be appended to the policy. (It works with the default policy, and with all canned policies). For example:
extra_policy_statements = [
{
Sid = "Allow encryption by userupload app"
Principal = {
AWS = "arn:aws:iam...:role/userupload"
}
Action = "kms:Encrypt"
Resource = "*"
},
{
Sid = "Allow decryption by userdownload app"
Principal = {
AWS = "arn:aws:iam...:role/userdownload"
}
Action = "kms:Decrypt"
Resource = "*"
},
]
AWS Provider 3.x has been released.
This module supports the new provider version.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.