module"kms" {
source="app.terraform.io/foss-cafe/kms/aws"version="1.0.1"name="test-key"description="CMK for cloudwath logs"policy=data.aws_iam_policy_document.kms_access.jsondeletion_window_in_days=7tags=var.tags
}
Requirements
Name
Version
terraform
~> 0.12.24
aws
~> 2.60
Providers
Name
Version
aws
~> 2.60
Inputs
Name
Description
Type
Default
Required
customer_master_key_spec
Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT
string
"SYMMETRIC_DEFAULT"
no
deletion_window_in_days
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
number
30
no
description
The description of the key as viewed in AWS console.
string
""
no
enable_key_rotation
Specifies whether key rotation is enabled. Defaults to true
bool
true
no
enabled
Do you want to create KMS key
bool
true
no
is_enabled
Specifies whether the key is enabled. Defaults to true.
bool
true
no
key_usage
Specifies the intended use of the key. Valid values: ENCRYPT_DECRYPT or SIGN_VERIFY. Defaults to ENCRYPT_DECRYPT.
string
"ENCRYPT_DECRYPT"
no
name
Name of the alias
string
""
no
policy
A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy.
