![Release](https://camo.githubusercontent.com/954d5f00b22363e32486eb6baaaa88af9b6578aa29eb825ef9cebf1f626b749f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f7465727261626c6f636b732f6177732d6b6d733f7374796c653d666f722d7468652d6261646765)
This terraform module will setup the following services:
module "kms" {
source = "github.com/terrablocks/aws-kms.git"
alias = "terrablocks"
}
Name |
Version |
terraform |
>= 0.13 |
aws |
>= 3.64.0 |
Name |
Description |
Type |
Default |
Required |
is_enabled |
Whether key is enabled |
bool |
true |
no |
description |
Description for KMS key |
string |
"Created by terrablocks" |
no |
key_usage |
The intended use of the key. Valid values: ENCRYPT_DECRYPT or SIGN_VERIFY |
string |
"ENCRYPT_DECRYPT" |
no |
cmk_spec |
Whether the key is a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT , RSA_2048 , RSA_3072 , RSA_4096 , ECC_NIST_P256 , ECC_NIST_P384 , ECC_NIST_P521 , or ECC_SECG_P256K1 |
string |
"SYMMETRIC_DEFAULT" |
no |
policy |
IAM policy in JSON format to associate to the key |
string |
"" |
no |
deletion_window |
Number of days after which key should be deleted. Minimum is 7 and maximum is 30 days, both inclusive |
number |
7 |
no |
enable_key_rotation |
Whether to automatically rotate key periodically |
bool |
true |
no |
multi_region |
Whether to create a multi-region key |
bool |
false |
no |
alias |
Alias for KMS key |
string |
n/a |
yes |
tags |
Map of key-value pair to associate with resources |
map(string) |
{} |
no |
Name |
Description |
key_arn |
ARN of KMS key |
key_id |
ID of KMS key |
key_alias_arn |
ARN of KMS key alias |