/terraform-aws-dnssec-kms-key

Creates a KMS key for DNSSEC

Primary LanguageHCLMIT LicenseMIT

Usage

Creates a KMS key for DNSSEC. Must be in us-east-1.

Read the more about Working with customer managed CMKs for DNSSEC

Using directly (assuming in us-east-1):

module "dnssec_kms_key" {
  source = "dod-iac/dnssec-kms-key/aws"

  tags = {
    Application = var.application
    Environment = var.environment
    Automation  = "Terraform"
  }
}

If you need to set a separate provider for the us-east-1 region:

provider "aws" {
  alias   = "us-east-1"
  region  = "us-east-1"
}

module "dnssec_kms_key" {
  source = "dod-iac/dnssec-kms-key/aws"

  providers = {
    aws = aws.us-east-1
  }

  tags = {
    Application = var.application
    Environment = var.environment
    Automation  = "Terraform"
  }
}

Terraform Version

Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to main branch.

Terraform 0.11 and 0.12 are not supported.

License

This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.

Requirements

Name Version
terraform >= 0.13
aws ~> 3.0

Providers

Name Version
aws ~> 3.0

Modules

No modules.

Resources

Name Type
aws_kms_alias.dnssec resource
aws_kms_key.dnssec resource
aws_caller_identity.current data source
aws_iam_policy_document.dnssec data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
description The description of the key as viewed in AWS console. string "A KMS key used to encrypt DNS requests." no
key_deletion_window_in_days Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. string 30 no
name The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/). string "alias/dnssec" no
tags Tags applied to the KMS key. map(string) {} no

Outputs

Name Description
aws_kms_alias_arn The Amazon Resource Name (ARN) of the key alias.
aws_kms_alias_name The display name of the alias.
aws_kms_key_arn The Amazon Resource Name (ARN) of the key.