SourceFuse AWS Reference Architecture (ARC) Terraform module for managing KMS.
To see a full example, check out the main.tf file in the example folder.
module "kms" {
source = "sourcefuse/arc-kms/aws"
version = "1.0.0"
enabled = var.enabled
deletion_window_in_days = var.deletion_window_in_days
enable_key_rotation = var.enable_key_rotation
alias = var.alias
tags = module.tags.tags
policy = var.policy
}
Name | Version |
---|---|
terraform | >= 1.4, < 2.0.0 |
aws | >= 4.0, < 6.0 |
Name | Version |
---|---|
aws | 4.67.0 |
No modules.
Name | Type |
---|---|
aws_kms_alias.default | resource |
aws_kms_key.default | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
alias | The display name of the alias. The name must start with the word alias followed by a forward slash. If not specified, the alias name will be auto-generated. |
string |
n/a | yes |
customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT , RSA_2048 , RSA_3072 , RSA_4096 , ECC_NIST_P256 , ECC_NIST_P384 , ECC_NIST_P521 , or ECC_SECG_P256K1 . |
string |
"SYMMETRIC_DEFAULT" |
no |
deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource | number |
10 |
no |
description | The description of the key as viewed in AWS console | string |
"KMS master key" |
no |
enable_key_rotation | Specifies whether key rotation is enabled | bool |
true |
no |
enabled | Set to false to prevent the module from creating any resources | bool |
true |
no |
key_usage | Specifies the intended use of the key. Valid values: ENCRYPT_DECRYPT or SIGN_VERIFY . |
string |
"ENCRYPT_DECRYPT" |
no |
multi_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | bool |
false |
no |
policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string |
n/a | yes |
tags | tags to add to your resources | map(string) |
{} |
no |
Name | Description |
---|---|
alias_arn | Alias ARN |
alias_name | Alias name |
key_arn | Key ARN |
key_id | Key ID |
This project uses a .version
file at the root of the repo which the pipeline reads from and does a git tag.
When you intend to commit to main
, you will need to increment this version. Once the project is merged,
the pipeline will kick off and tag the latest git commit.
- Configure pre-commit hooks
pre-commit install
- Tests are available in
test
directory - Configure the dependencies
cd test/ go mod init github.com/sourcefuse/terraform-aws-refarch-<module_name> go get github.com/gruntwork-io/terratest/modules/terraform
- Now execute the test
go test -timeout 30m
This project is authored by:
- SourceFuse ARC Team