Remove dependency on the terraform-aws-kms module
jebbens opened this issue ยท 3 comments
Is your request related to a new offering from AWS?
Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.
- No ๐: please wait to file a request until the functionality is avaialble in the AWS provider
- Yes โ
: please list the AWS provider version which introduced this functionality
No, but this isn't related to functionality.
Is your request related to a problem? Please describe.
The dependency on the terraform-aws-kms module makes it impossible to use this module when deploying in isolated environments without forking the repository and making changes.
Describe the solution you'd like.
Remove the terraform-aws-kms module from main.tf and rely exclusively on input variables for configuring any encryption options. The examples can show how to use the kms module to generate the keys for use with the eks modules.
Describe alternatives you've considered.
Forking the repo, deleting all KMS related code form main.tf, and using it as the source.
Additional context
unfortunately, we do not have plans to do that. if anything, we have plans to add in additional modules to offload shared functionality (such as the ASG module) and reduce maintenance duplication
Hmm, that seems to trade-off ease of maintaining this repo vs actually using the repo. That said, in my alternatives, I should have also included forking the repo, modifying the source of the kms module, and then continuing to merge in changes to that fork over time. Not ideal, but do-able.