Skip to main content
Version: Next

AWS KMS-KEY

Description

Terraform module to provision a KMS key with alias

Specification

Properties

NameDescriptionTypeRequiredDefault
aliasThe display name of the alias. The name must start with the word alias followed by a forward slash. If not specified, the alias name will be auto-generated.stringfalse
customer_master_key_specSpecifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1.stringfalse
deletion_window_in_daysDuration in days after which the key is deleted after destruction of the resourcenumberfalse
descriptionThe description of the key as viewed in AWS consolestringfalse
enable_key_rotationSpecifies whether key rotation is enabledboolfalse
key_usageSpecifies the intended use of the key. Valid values: ENCRYPT_DECRYPT or SIGN_VERIFY.stringfalse
multi_regionIndicates whether the KMS key is a multi-Region (true) or regional (false) key.boolfalse
policyA valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy.stringfalse
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse

writeConnectionSecretToRef

NameDescriptionTypeRequiredDefault
nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse