Terraform module which creates a KMS key and an alias that belongs to it. The focus on this module lies within it's simplicity by providing default values that should make sense for most use cases.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alias | The display name of the alias. | string |
n/a | yes |
| customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. | string |
"SYMMETRIC_DEFAULT" |
no |
| deletion_window_in_days | The waiting period, specified in number of days. | number |
30 |
no |
| description | The description of the key as viewed in AWS console. | string |
"Customer Managed Key" |
no |
| enable_key_rotation | Specifies whether key rotation is enabled. | bool |
true |
no |
| key_usage | Specifies the intended use of the key. | string |
"ENCRYPT_DECRYPT" |
no |
| multi_region | Indicates whether the KMS key is a multi-Region. | bool |
false |
no |
| policy | A valid policy JSON document. | string |
null |
no |
| tags | Tags to add to the AWS Customer Managed Key. | map(any) |
{} |
no |
| Name | Description |
|---|---|
| alias_arn | Alias ARN |
| alias_name | Alias name |
| key_arn | Key ARN |
| key_id | Key Id |
| Name | Version |
|---|---|
| aws | >= 4.36 |
- resource.aws_kms_alias.main (main.tf#20)
- resource.aws_kms_key.main (main.tf#8)
module "full" {
source = "../../"
alias = "application-rds"
}