Enable software key management

Author: lsy1968

quickstarts/KMS/201-use-case-enable-software-key-management/README.md

@@ -0,0 +1,49 @@
+## Introduction
+
+<!-- DOCS_DESCRIPTION_CN -->
+本示例用于在阿里云上购买并启用KMS软件密钥管理实例。
+详情可查看[通过Terraform购买并启用软件密钥管理实例](http://help.aliyun.com/document_detail/2572877.htm)。
+<!-- DOCS_DESCRIPTION_CN -->
+
+<!-- DOCS_DESCRIPTION_EN -->
+This example is used to purchase and enable an instance of the software key management type on Alibaba Cloud.
+More details in [Purchase and enable an instance of the software key management type](http://help.aliyun.com/document_detail/2572877.htm).
+<!-- DOCS_DESCRIPTION_EN -->
+
+<!-- BEGIN_TF_DOCS -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_alicloud"></a> [alicloud](#provider\_alicloud) | n/a |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [alicloud_kms_instance.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/kms_instance) | resource |
+| [alicloud_vpc.vpc](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vpc) | resource |
+| [alicloud_vswitch.vsw](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vswitch) | resource |
+| [alicloud_vswitch.vsw1](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vswitch) | resource |
+| [local_file.ca_certificate_chain_pem](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [alicloud_zones.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/zones) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_instance_name"></a> [instance\_name](#input\_instance\_name) | n/a | `string` | `"tff-kms-vpc-172-16"` | no |
+| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | n/a | `string` | `"ecs.n1.tiny"` | no |
+| <a name="input_region"></a> [region](#input\_region) | n/a | `string` | `"cn-shanghai"` | no |
+<!-- END_TF_DOCS -->
+## Documentation
+<!-- docs-link --> 
+
+The template is based on Aliyun document: [Enable software key management](http://help.aliyun.com/document_detail/2572877.htm) 
+
+<!-- docs-link --> 

quickstarts/KMS/201-use-case-enable-software-key-management/main.tf

@@ -0,0 +1,79 @@
+variable "region" {
+  default = "cn-shanghai"
+}
+
+provider "alicloud" {
+  region = var.region
+}
+variable "instance_name" {
+  default = "tff-kms-vpc-172-16"
+}
+
+variable "instance_type" {
+  default = "ecs.n1.tiny"
+}
+# 使用数据源来获取可用的可用区信息。资源只能在指定的可用区内创建。
+data "alicloud_zones" "default" {
+  available_disk_category     = "cloud_efficiency"
+  available_resource_creation = "VSwitch"
+  available_instance_type     = var.instance_type
+}
+# 创建VPC
+resource "alicloud_vpc" "vpc" {
+  vpc_name   = var.instance_name
+  cidr_block = "172.16.0.0/12"
+}
+# 创建一个Vswitch CIDR 块为 172.16.0.0/12
+resource "alicloud_vswitch" "vsw" {
+  vpc_id       = alicloud_vpc.vpc.id
+  cidr_block   = "172.16.0.0/21"
+  zone_id      = data.alicloud_zones.default.zones.0.id
+  vswitch_name = "terraform-example-1"
+}
+# 创建另一个Vswitch CIDR 块为 172.16.128.0/17
+resource "alicloud_vswitch" "vsw1" {
+  vpc_id       = alicloud_vpc.vpc.id
+  cidr_block   = "172.16.128.0/17"
+  zone_id      = data.alicloud_zones.default.zones.0.id
+  vswitch_name = "terraform-example-2"
+}
+# 创建KMS软件密钥管理实例，并使用网络参数启动
+resource "alicloud_kms_instance" "default" {
+  # 软件密钥管理实例
+  product_version = "3"
+  vpc_id          = alicloud_vpc.vpc.id
+  # 规定 KMS 实例所在的可用区，使用前面获取的可用区 ID
+  zone_ids = [
+    data.alicloud_zones.default.zones.0.id,
+    data.alicloud_zones.default.zones.1.id
+  ]
+  # 交换机id
+  vswitch_ids = [
+    alicloud_vswitch.vsw.id, alicloud_vswitch.vsw1.id
+  ]
+  # 计算性能、密钥数量、凭据数量、访问管理数量
+  vpc_num    = "1"
+  key_num    = "1000"
+  secret_num = "100"
+  spec       = "1000"
+  # 为KMS实例关联其他VPC
+  # 如果VPC与KMS实例的VPC属于不同阿里云账号，您需要先共享交换机。
+  #bind_vpcs {
+  #vpc_id = "vpc-j6cy0l32yz9ttxfy6****"
+  #vswitch_id = "vsw-j6cv7rd1nz8x13ram****"
+  #region_id = "cn-shanghai"
+  #vpc_owner_id = "119285303511****"
+  #}
+  #bind_vpcs {
+  #vpc_id = "vpc-j6cy0l32yz9ttd7g3****"
+  #vswitch_id = "vsw-3h4yrd1nz8x13ram****"
+  #region_id = "cn-shanghai"
+  #vpc_owner_id = "119285303511****"
+  #}
+}
+
+# 保存KMS实例CA证书到本地文件
+resource "local_file" "ca_certificate_chain_pem" {
+  content  = alicloud_kms_instance.default.ca_certificate_chain_pem
+  filename = "ca.pem"
+}

quickstarts/KMS/201-use-case-enable-software-key-management/provider.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    alicloud = {
+      source = "aliyun/alicloud"
+    }
+  }
+}