add_kms_key_id: Allow user to supply their own kms_key_id (cloudposse#75

) * add_kms_key_id: Allow user to supply their own kms_key_id Change-Id: I23d1288851301328afaa61686b42d8376d303415 * Updated README.md Co-authored-by: Andy Hibbert <anhibber@cisco.com> Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com>
Measurabl · Apr 2, 2024 · 07f96b4 · 07f96b4
1 parent 1fc03b9
commit 07f96b4
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -187,6 +187,7 @@ Available targets:
 | existing\_security\_groups | List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster | `list(string)` | `[]` | no |
 | family | Redis family | `string` | `"redis4.0"` | no |
 | instance\_type | Elastic cache instance type | `string` | `"cache.t2.micro"` | no |
+| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | `string` | `null` | no |
 | maintenance\_window | Maintenance window | `string` | `"wed:03:00-wed:04:00"` | no |
 | name | Name of the application | `string` | n/a | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no |

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -39,6 +39,7 @@
 | existing\_security\_groups | List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster | `list(string)` | `[]` | no |
 | family | Redis family | `string` | `"redis4.0"` | no |
 | instance\_type | Elastic cache instance type | `string` | `"cache.t2.micro"` | no |
+| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | `string` | `null` | no |
 | maintenance\_window | Maintenance window | `string` | `"wed:03:00-wed:04:00"` | no |
 | name | Name of the application | `string` | n/a | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no |

diff --git a/main.tf b/main.tf
@@ -109,6 +109,7 @@ resource "aws_elasticache_replication_group" "default" {
   engine_version                = var.engine_version
   at_rest_encryption_enabled    = var.at_rest_encryption_enabled
   transit_encryption_enabled    = var.transit_encryption_enabled
+  kms_key_id                    = var.at_rest_encryption_enabled ? var.kms_key_id : null
   snapshot_window               = var.snapshot_window
   snapshot_retention_limit      = var.snapshot_retention_limit
   apply_immediately             = var.apply_immediately

diff --git a/variables.tf b/variables.tf
@@ -204,10 +204,10 @@ variable "auth_token" {
   default     = null
 }
 
-variable "host_name" {
+variable "kms_key_id" {
   type        = string
-  description = "The DNS subdomain to add to Route53 for the cluster."
-  default     = ""
+  description = "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true`"
+  default     = null
 }
 
 variable "replication_group_id" {