Create KMS key along with necessary key policies.
| Name | Version |
|---|---|
| terraform | >= 1.10 |
| aws | >= 6.0 |
| Name | Version |
|---|---|
| aws | >= 6.0 |
No modules.
| Name | Type |
|---|---|
| aws_kms_alias.key | resource |
| aws_kms_key.key | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.combined_key_policy | data source |
| aws_iam_policy_document.iam_key_policy | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alias | Alias for the created key. Set to null or empty to not create one |
string |
"alias/terraform" |
no |
| deletion_window_in_days | Number of days before key is permanently deleted | number |
30 |
no |
| enable_key_rotation | Enable KMS Key Rotation | bool |
true |
no |
| key_description | Textual description on the key | string |
"" |
no |
| key_policy_statements | Additional statements for the key policies. | list(string) |
[] |
no |
| region | (Optional) Region for the sink. Defaults to AWS provider region. | string |
null |
no |
| tags | Tags for resoruces | map(string) |
{} |
no |
| Name | Description |
|---|---|
| key_alias | Created key alias |
| key_arn | ARN of the key created |
| key_id | Created key ID |