Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/sourcefuse/terraform-aws-arc-kms


https://github.com/sourcefuse/terraform-aws-arc-kms

Last synced: 4 months ago
JSON representation

Awesome Lists containing this project

README 

          
![Module Structure](./static/banner.png)



# [terraform-aws-arc-kms](https://github.com/sourcefuse/terraform-aws-arc-kms)



Latest Release Last Updated ![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge&logo=terraform&logoColor=white) ![GitHub Actions](https://img.shields.io/badge/github%20actions-%232671E5.svg?style=for-the-badge&logo=githubactions&logoColor=white)



[![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=sourcefuse_terraform-aws-arc-kms)](https://sonarcloud.io/summary/new_code?id=sourcefuse_terraform-aws-arc-kms)



[![snyk](https://github.com/sourcefuse/terraform-aws-arc-kms/actions/workflows/snyk.yaml/badge.svg)](https://github.com/sourcefuse/terraform-aws-arc-kms/actions/workflows/snyk.yaml)



## Overview



SourceFuse AWS Reference Architecture (ARC) Terraform module for managing KMS.



## Usage



To see a full example, check out the [main.tf](https://github.com/sourcefuse/terraform-aws-arc-kms/blob/main/example/main.tf) file in the example folder.  



```hcl



module "kms" {

  source                  = "sourcefuse/arc-kms/aws"

  version                 = "1.0.0"

  enabled                 = var.enabled

  deletion_window_in_days = var.deletion_window_in_days

  enable_key_rotation     = var.enable_key_rotation

  alias                   = var.alias

  tags                    = module.tags.tags

  policy                  = var.policy

}



```



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.4, < 2.0.0 |

|  [aws](#requirement\_aws) | >= 5.0, < 7.0 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 5.0, < 7.0 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [aws_kms_alias.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |

| [aws_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [alias](#input\_alias) | The display name of the alias. The name must start with the word `alias` followed by a forward slash. If not specified, the alias name will be auto-generated. | `string` | n/a | yes |

|  [customer\_master\_key\_spec](#input\_customer\_master\_key\_spec) | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. | `string` | `"SYMMETRIC_DEFAULT"` | no |

|  [deletion\_window\_in\_days](#input\_deletion\_window\_in\_days) | Duration in days after which the key is deleted after destruction of the resource | `number` | `10` | no |

|  [description](#input\_description) | The description of the key as viewed in AWS console | `string` | `"KMS master key"` | no |

|  [enable\_key\_rotation](#input\_enable\_key\_rotation) | Specifies whether key rotation is enabled | `bool` | `true` | no |

|  [key\_usage](#input\_key\_usage) | Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. | `string` | `"ENCRYPT_DECRYPT"` | no |

|  [multi\_region](#input\_multi\_region) | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | `bool` | `false` | no |

|  [policy](#input\_policy) | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | `string` | n/a | yes |

|  [tags](#input\_tags) | tags to add to your resources | `map(string)` | `{}` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [alias\_arn](#output\_alias\_arn) | Alias ARN |

|  [alias\_name](#output\_alias\_name) | Alias name |

|  [key\_arn](#output\_key\_arn) | Key ARN |

|  [key\_id](#output\_key\_id) | Key ID |



## Versioning  

This project uses a `.version` file at the root of the repo which the pipeline reads from and does a git tag.  



When you intend to commit to `main`, you will need to increment this version. Once the project is merged,

the pipeline will kick off and tag the latest git commit.  



## Development



### Prerequisites



- [terraform](https://learn.hashicorp.com/terraform/getting-started/install#installing-terraform)

- [terraform-docs](https://github.com/segmentio/terraform-docs)

- [pre-commit](https://pre-commit.com/#install)

- [golang](https://golang.org/doc/install#install)

- [golint](https://github.com/golang/lint#installation)



### Configurations



- Configure pre-commit hooks

  ```sh

  pre-commit install

  ```



### Tests

- Tests are available in `test` directory

- Configure the dependencies

  ```sh

  cd test/

  go mod init github.com/sourcefuse/terraform-aws-refarch-

  go get github.com/gruntwork-io/terratest/modules/terraform

  ```

- Now execute the test  

  ```sh

  go test -timeout  30m

  ```



## Authors



This project is authored by:

- SourceFuse ARC Team