Skip to content

Latest commit

 

History

History

scenario1

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.terraform.lock.hcl
.terraform.lock.hcl
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
provider.tf
provider.tf
 
 
terraform.tfvars
terraform.tfvars
 
 
variables.tf
variables.tf
 
 

README.md

Scenario 1: Create single-region AWS KMS key(s) in an account for the target AWS Services

Create one or more single-region AWS KMS keys in the owner account along with key resource policies and aliases that can be used by the target AWS Services.

  • Account owner has full access to the key(s)
  • Key Admin role has administrative access to the key(s)
  • Key Usage role(s) have the usage access to the key(s)
  • Target AWS Service usage role(s) have the usage access to the key via the target AWS Service.

Prerequisites

  • One or more IAM roles for the Administration of the keys are identified.
  • Zero or more IAM roles for the Usage of the keys are identified.
  • A unique alias prefix is identified that will be used to uniformly name the key aliases.
  • Terraform backend provider and state locking providers are identified and bootstrapped.
    • An example bootstrap module/example is provided that provisions Amazon S3 for Terraform state storage and Amazon DynamoDB for Terraform state locking.
  • Modify terraform.tfvars to match your requirements.

Execution

  • cd to examples/kms/scenario1 folder.
  • Modify backend "S3" section in the provider.tf with correct values for region, bucket, dynamodb_table, and key.
    • Use provided values as guidance.
  • Modify terraform.tfvars to your requirements.
    • Use provided values as guidance.
  • Make sure you are using the correct AWS Profile that has permission to provision the target resources.
    • aws sts get-caller-identity
  • Execute terraform init to initialize Terraform.
  • Execute terraform plan and verify the changes.
  • Execute terraform apply and approve the changes to provision the resources.

Requirements

Name Version
terraform >= v1.1.9
aws >= 4.13.0

Providers

No providers.

Modules

Name Source Version
kms_keys ../../../modules/aws/kms n/a

Resources

No resources.

Inputs

Name Description Type Default Required
project Project name (prefix/suffix) to be used on all the resources identification string n/a yes
region The AWS Region e.g. us-east-1 for the environment string n/a yes
tags Common and mandatory tags for the resources map(string) n/a yes

Outputs

Name Description
kms_keys KMS Keys created