-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathvariables.tf
54 lines (46 loc) · 1.63 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
variable "description" {
type = string
description = "The description of the key as viewed in AWS console."
}
variable "key_spec" {
type = string
default = "SYMMETRIC_DEFAULT"
description = "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1"
}
variable "is_enabled" {
type = bool
default = true
description = "Specifies whether the key is enabled."
}
variable "rotation_enabled" {
type = bool
default = true
description = "Specifies whether key rotation is enabled."
}
variable "tags" {
type = map(string)
default = {}
description = "A map of tags to assign to the key."
}
variable "alias" {
type = string
description = "The display name of the key."
}
variable "primary_key_policy" {
type = string
description = "(Required) The key policy to attach to the primary KMS key."
}
variable "deletion_window_in_days" {
type = number
description = "(optional) The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between 7 and 30, inclusive. If you do not specify a value, it defaults to 30."
default = 30
}
variable "replica" {
type = object({
first_region = string
first_key_policy = string
second_region = string
second_key_policy = string
})
description = "(optional) describe your variable"
}