- Platform Services
Creates KMS key and optional Alias
Describe how to use your module here. confluence
| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| aws | >= 3.0 |
| Name | Version |
|---|---|
| aws | >= 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_kms_alias.main | resource |
| aws_kms_key.main | resource |
| aws_caller_identity.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alias | KMS key alias | string |
"" |
no |
| bypass_policy_lockout_safety_check | (Optional) Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. | bool |
false |
no |
| create_alias | Create KMS key alias | bool |
true |
no |
| customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1 | string |
"SYMMETRIC_DEFAULT" |
no |
| description | Name to apply to resources. | string |
n/a | yes |
| enable_key_rotation | Specifies whether key rotation is enabled | bool |
true |
no |
| is_enabled | (Optional) Specifies whether the key is enabled | bool |
true |
no |
| key_usage | Specifies the intended use of the key. Valid values: ENCRYPT_DECRYPT or SIGN_VERIFY | string |
"ENCRYPT_DECRYPT" |
no |
| kms_deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days | number |
30 |
no |
| kms_policy | A valid policy JSON document | any |
null |
no |
| region | n/a | string |
"eu-west-1" |
no |
| tags | (Required) Map of tags to apply to repository | map(any) |
{} |
no |
| Name | Description |
|---|---|
| alias_arn | Alias ARN |
| alias_name | Alias name |
| key_arn | Key ARN |
| key_id | Key ID |