Initial module for aws_kms_key

* Include test with inline policy
* Supports all major aws_kms_key resource features in v5.x of the provider

Author: ben-vaughan-nttd

.gitignore

@@ -0,0 +1,77 @@
+terraform.*
+.repo/
+components/
+.semverbot.toml
+.tflint.hcl
+.golangci.yaml
+
+.idea
+!examples/*.tfvars
+
+# We don't want to commit the test run lock files
+.terraform.lock.hcl
+
+# Don't include the .test-data directory created by Terratest's test-structure module
+**/.test-data/*
+
+# Local .terraform directories
+**/.terraform/*
+
+# Local .terragrunt directories
+**/.terragrunt/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# tfplan files
+*.tfplan
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars.json
+*.auto.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+provider.tf
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Files from common modules
+azure_env.sh
+.releaserc.json
+.tflint.hcl
+
+# Pre-commit hook
+.pre-commit-config.yaml
+
+# VS Code
+.vscode/
+
+# Layer build files
+**/build/
+**/builds/
+**/lambda_layer
+**/lambda_layer.zip
+**/*.egg-info
+
+vendor/

.lcafenv

@@ -0,0 +1,23 @@
+# Use this file to preset variables used by the Makefile.
+# This file will be included when make is run. The variables below will
+# take precedence over what is defined in Makefile when they are set. This
+# allows overriding certain settings without modifying the Makefile.
+
+# REPO_MANIFESTS_URL="https://github.com/launchbynttdata/launch-common-automation-framework.git"
+# REPO_BRANCH="refs/tags/1.0.0"
+# REPO_MANIFEST="manifests/terraform_modules/seed/manifest.xml"
+# REPO_URL="https://github.com/launchbynttdata/git-repo.git"
+# REPO_REV="main"
+# GITBASE="https://github.com/launchbynttdata/"
+# GITREV="main"
+# IS_PIPELINE="false"
+# IS_AUTHENTICATED="false"
+# JOB_NAME="job"
+# JOB_EMAIL="[email protected]"
+# PLATFORM_VER=
+# CONTAINER_VER=
+# PIPELINES_VER=
+# WEBHOOK_VER=
+# PYTHON_VER=
+# TERRAGRUNT_VER=
+# TERRAFORM_VER=

.secrets.baseline

@@ -0,0 +1,112 @@
+{
+  "version": "1.5.44",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2025-10-27T16:34:35Z"
+}

.tool-versions

@@ -0,0 +1,9 @@
+conftest 0.56.0
+golang 1.24.2
+golangci-lint 2.2.1
+pre-commit 4.2.0
+regula 3.2.1 # https://github.com/launchbynttdata/asdf-regula
+terraform 1.10.3
+terraform-docs 0.20.0
+terragrunt 0.77.22
+tflint 0.57.0

CODEOWNERS

@@ -0,0 +1 @@
+*   @launchbynttdata/terraform-administrators