{"id":21660806,"url":"https://github.com/ahmadalibagheri/cdktf-python-aws-kms","last_synced_at":"2025-04-11T22:43:04.780Z","repository":{"id":41904483,"uuid":"467428420","full_name":"ahmadalibagheri/cdktf-python-aws-kms","owner":"ahmadalibagheri","description":"AWS KMS configuration with python and cdktf","archived":false,"fork":false,"pushed_at":"2022-04-23T10:24:09.000Z","size":4,"stargazers_count":18,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-25T18:45:18.818Z","etag":null,"topics":["aws","aws-kms","cdktf","cdktf-template","python","terraform"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ahmadalibagheri.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-08T08:37:45.000Z","updated_at":"2023-03-05T08:56:54.000Z","dependencies_parsed_at":"2022-09-19T00:40:47.286Z","dependency_job_id":null,"html_url":"https://github.com/ahmadalibagheri/cdktf-python-aws-kms","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadalibagheri%2Fcdktf-python-aws-kms","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadalibagheri%2Fcdktf-python-aws-kms/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadalibagheri%2Fcdktf-python-aws-kms/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadalibagheri%2Fcdktf-python-aws-kms/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ahmadalibagheri","download_url":"https://codeload.github.com/ahmadalibagheri/cdktf-python-aws-kms/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248492992,"owners_count":21113159,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-kms","cdktf","cdktf-template","python","terraform"],"created_at":"2024-11-25T09:38:50.425Z","updated_at":"2025-04-11T22:43:04.758Z","avatar_url":"https://github.com/ahmadalibagheri.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cdktf-python-aws-kms\n\nThe Cloud Development Kit for Terraform (CDKTF) allows you to define your infrastructure in a familiar programming language such as TypeScript, Python, Go, C#, or Java.\n\nIn this tutorial, you will provision an EC2 instance on AWS using your preferred programming language.\n\n## Prerequisites\n\n* [Terraform](https://www.terraform.io/downloads) \u003e= v1.0\n* [CDK for Terraform](https://learn.hashicorp.com/tutorials/terraform/cdktf-install) \u003e= v0.8\n* A [Terraform Cloud](https://app.terraform.io/) account, with [CLI authentication](https://learn.hashicorp.com/tutorials/terraform/cloud-login) configured\n* [an AWS account](https://portal.aws.amazon.com/billing/signup?nc2=h_ct\u0026src=default\u0026redirect_url=https%3A%2F%2Faws.amazon.com%2Fregistration-confirmation#/start)\n* AWS Credentials [configured for use with Terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication)\n\n\nCredentials can be provided by using the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and optionally AWS_SESSION_TOKEN environment variables. The region can be set using the AWS_REGION or AWS_DEFAULT_REGION environment variables.\n\n```shell\n$ export AWS_ACCESS_KEY_ID=\"anaccesskey\"\n$ export AWS_SECRET_ACCESS_KEY=\"asecretkey\"\n$ export AWS_REGION=\"us-west-2\"\n```\n\n## Install project dependencies\n\n```shell\nmkdir learn-cdktf\ncd learn-cdktf\ncdktf init --template=\"python\"\n```\n\n## Install AWS provider\n\n```shell\npipenv install cdktf-cdktf-provider-aws\n```\n\n## Define your CDK for Terraform Application\n\nReplace the contents of main.py with the following code for a new Python application\n\n```python\n#!/usr/bin/env python\nfrom constructs import Construct\nfrom cdktf import App, TerraformStack\nfrom cdktf_cdktf_provider_aws import AwsProvider, kms, datasources\n\nclass MyStack(TerraformStack):\n def __init__(self, scope: Construct, ns: str):\n super().__init__(scope, ns)\n\n # define resources here\n myregion = \"us-east-1\"\n AwsProvider(self, \"aws\", region=myregion)\n\n datasources.DataAwsCallerIdentity(self, \"aws_id\")\n\n policy = \"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::${awsAccountid.id}:root\"\n },\n \"Action\": [\n \"kms:*\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }, {\n \"Sid\": \"Allow autoscalling to use the key\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::${awsAccountid.id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling\"\n ]\n },\n \"Action\": [\n \"kms:Create*\",\n \"kms:Describe*\",\n \"kms:Enable*\",\n \"kms:List*\",\n \"kms:Put*\",\n \"kms:Update*\",\n \"kms:Revoke*\",\n \"kms:Disable*\",\n \"kms:Get*\",\n \"kms:Delete*\",\n \"kms:TagResource\",\n \"kms:UntagResource\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\"\n },{\n \"Sid\": \"Allow use of the key\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::${awsAccountid.id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling\"\n ]\n },\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:Decrypt\",\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:DescribeKey\"\n ],\n \"Resource\": \"*\"\n }, {\n \"Sid\": \"Allow attachment of persistent resources\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::${awsAccountid.id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling\"\n ]\n },\n \"Action\": [\n \"kms:CreateGrant\",\n \"kms:ListGrants\",\n \"kms:RevokeGrant\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\"\n }\n }\n }\n ]\n }\"\"\"\n mykmskey=kms.KmsKey(self, \"aws_kms\",enable_key_rotation=True, policy=policy,tags={\"Name\": \"CDKtf-python-Demo-KMS-key\"})\n\n kms.KmsAlias(self, \"kms_alias\", target_key_id=mykmskey.id)\n\napp = App()\nMyStack(app, \"cdktf-python-aws-kms\")\n\napp.synth()\n```\n## Provision infrastructure\n```shell\ncdktf deploy\n```\nAfter the instance is created, visit the AWS EC2 Dashboard.\n\n## Clean up your infrastructure\n```shell\ncdktf destroy\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmadalibagheri%2Fcdktf-python-aws-kms","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fahmadalibagheri%2Fcdktf-python-aws-kms","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmadalibagheri%2Fcdktf-python-aws-kms/lists"}