Terraform AWS KMS

Terraform module that provisions AWS resources to create an AWS KMS key

Requirements

Name	Version
terraform	>= 0.15.0
aws	>= 2.23

Providers

Name	Version
aws	>= 2.23

Inputs

Name	Description	Type	Default	Required
alias	Alias to attach to key	string	null	no
create_key	Determines if key should be created	bool	true	no
customer_master_key_spec	n/a	string	"SYMMETRIC_DEFAULT"	no
deletion_window_in_days	Duration of days before the key is deleted and after the resource is deleted	number	30	no
enable_key_rotation	Determines if key rotation is enabled	bool	null	no
is_enabled	Determines if the key is available	bool	true	no
key_usage	Intended use of key	string	"ENCRYPT_DECRYPT"	no
statements	IAM policy statements for cmk	list(object({ sid = optional(string) effect = string actions = list(string) resources = list(string) principals = optional(list(object({ type = string identifiers = list(string) }))) conditions = optional(list(object({ test = string variable = string values = list(string) }))) }))	[]	no
tags	Tags to attach to the CMK	map(string)	{}	no
trusted_admin_arns	AWS IAM users that will have admin permissions associated with key	list(string)	n/a	yes
trusted_service_usage_conditions	IAM conditions for AWS service principals to use the key	list(object({ test = string variable = string values = list(string) }))	[]	no
trusted_service_usage_principals	AWS service principals that will have access to use the key (e.g. logs.region.amazonaws.com)	list(string)	[]	no
trusted_user_usage_arns	AWS IAM users that will have access to use the key	list(string)	[]	no
trusted_user_usage_conditions	IAM conditions for AWS users to use the key	list(object({ test = string variable = string values = list(string) }))	[]	no

Outputs

Name	Description
arn	AWS CMK ARN
id	Globally unique ID for CMK