Terraform module that provisions AWS resources to create an AWS KMS key
Name | Version |
---|---|
terraform | >= 0.15.0 |
aws | >= 2.23 |
Name | Version |
---|---|
aws | >= 2.23 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
alias | Alias to attach to key | string |
null |
no |
create_key | Determines if key should be created | bool |
true |
no |
customer_master_key_spec | n/a | string |
"SYMMETRIC_DEFAULT" |
no |
deletion_window_in_days | Duration of days before the key is deleted and after the resource is deleted | number |
30 |
no |
enable_key_rotation | Determines if key rotation is enabled | bool |
null |
no |
is_enabled | Determines if the key is available | bool |
true |
no |
key_usage | Intended use of key | string |
"ENCRYPT_DECRYPT" |
no |
statements | IAM policy statements for cmk | list(object({ |
[] |
no |
tags | Tags to attach to the CMK | map(string) |
{} |
no |
trusted_admin_arns | AWS IAM users that will have admin permissions associated with key | list(string) |
n/a | yes |
trusted_service_usage_conditions | IAM conditions for AWS service principals to use the key | list(object({ |
[] |
no |
trusted_service_usage_principals | AWS service principals that will have access to use the key (e.g. logs.region.amazonaws.com ) |
list(string) |
[] |
no |
trusted_user_usage_arns | AWS IAM users that will have access to use the key | list(string) |
[] |
no |
trusted_user_usage_conditions | IAM conditions for AWS users to use the key | list(object({ |
[] |
no |
Name | Description |
---|---|
arn | AWS CMK ARN |
id | Globally unique ID for CMK |