Initial module for aws_kms_key (#1)

* Initial module for aws_kms_key

* Include test with inline policy
* Supports all major aws_kms_key resource features in v5.x of the provider

* Add GitHub workflows for Dependabot, release drafting, pull request labeling, and Terraform checks

* Fix link formatting in release-drafter.yml - v is removed

Signed-off-by: Aarti Joshi <[email protected]>

---------

Signed-off-by: Aarti Joshi <[email protected]>
Co-authored-by: Aarti Joshi <[email protected]>

Author: ben-vaughan-nttd

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/release-drafter.yml

@@ -0,0 +1,49 @@
+---
+name-template: "$RESOLVED_VERSION"
+tag-template: "$RESOLVED_VERSION"
+template: |
+  # Changelog
+
+  $CHANGES
+
+  ---
+
+  See details of [all code changes](https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION) since previous release.
+
+categories:
+  - title: ":warning: Breaking Changes"
+    labels:
+      - "major"
+  - title: "🚀 Features"
+    labels:
+      - "minor"
+  - title: "🔧 Fixes"
+    collapse-after: 3
+    labels:
+      - "patch"
+
+autolabeler:
+  - label: "major"
+    branch:
+      - '/(patch|bug|fix|feature|chore)!\/.+/'
+  - label: "minor"
+    branch:
+      - '/feature\/.+/'
+  - label: "patch"
+    branch:
+      - '/(patch|bug|fix|chore)\/.+/'
+
+change-template: "- $TITLE @$AUTHOR (#$NUMBER)"
+
+version-resolver:
+  major:
+    labels:
+      - "major"
+  minor:
+    labels:
+      - "minor"
+  patch:
+    labels:
+      - "patch"
+      - "dependencies"
+  default: patch

.github/workflows/pull-request-label.yml

@@ -0,0 +1,15 @@
+name: Label Pull Request
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+jobs:
+  check:
+    name: "Label Pull Request"
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/[email protected]
+    secrets: inherit # pragma: allowlist secret

.github/workflows/pull-request-terraform-check.yml

@@ -0,0 +1,22 @@
+name: Check AWS Terraform Code
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, ready_for_review]
+    branches: [main]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  check:
+    name: "Check AWS Terraform Code"
+    permissions:
+      contents: read
+      id-token: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/[email protected]
+    with:
+      assume_role_arn: ${{ vars.TERRAFORM_CHECK_AWS_ASSUME_ROLE_ARN }}
+      region: ${{ vars.TERRAFORM_CHECK_AWS_REGION }}
+    secrets: inherit # pragma: allowlist secret

.github/workflows/release-publish.yml

@@ -0,0 +1,18 @@
+name: Publish Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  release-on-merge:
+    name: "Create and Publish Release on Merge"
+    permissions:
+      contents: write
+      pull-requests: write
+    uses: launchbynttdata/launch-workflows/.github/workflows/[email protected]
+    secrets: inherit # pragma: allowlist secret

.gitignore

@@ -0,0 +1,77 @@
+terraform.*
+.repo/
+components/
+.semverbot.toml
+.tflint.hcl
+.golangci.yaml
+
+.idea
+!examples/*.tfvars
+
+# We don't want to commit the test run lock files
+.terraform.lock.hcl
+
+# Don't include the .test-data directory created by Terratest's test-structure module
+**/.test-data/*
+
+# Local .terraform directories
+**/.terraform/*
+
+# Local .terragrunt directories
+**/.terragrunt/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# tfplan files
+*.tfplan
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars.json
+*.auto.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+provider.tf
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Files from common modules
+azure_env.sh
+.releaserc.json
+.tflint.hcl
+
+# Pre-commit hook
+.pre-commit-config.yaml
+
+# VS Code
+.vscode/
+
+# Layer build files
+**/build/
+**/builds/
+**/lambda_layer
+**/lambda_layer.zip
+**/*.egg-info
+
+vendor/

.lcafenv

@@ -0,0 +1,23 @@
+# Use this file to preset variables used by the Makefile.
+# This file will be included when make is run. The variables below will
+# take precedence over what is defined in Makefile when they are set. This
+# allows overriding certain settings without modifying the Makefile.
+
+# REPO_MANIFESTS_URL="https://github.com/launchbynttdata/launch-common-automation-framework.git"
+# REPO_BRANCH="refs/tags/1.0.0"
+# REPO_MANIFEST="manifests/terraform_modules/seed/manifest.xml"
+# REPO_URL="https://github.com/launchbynttdata/git-repo.git"
+# REPO_REV="main"
+# GITBASE="https://github.com/launchbynttdata/"
+# GITREV="main"
+# IS_PIPELINE="false"
+# IS_AUTHENTICATED="false"
+# JOB_NAME="job"
+# JOB_EMAIL="[email protected]"
+# PLATFORM_VER=
+# CONTAINER_VER=
+# PIPELINES_VER=
+# WEBHOOK_VER=
+# PYTHON_VER=
+# TERRAGRUNT_VER=
+# TERRAFORM_VER=

.secrets.baseline

@@ -0,0 +1,112 @@
+{
+  "version": "1.5.44",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2025-10-27T16:34:35Z"
+}

.tool-versions

@@ -0,0 +1,9 @@
+conftest 0.56.0
+golang 1.24.2
+golangci-lint 2.2.1
+pre-commit 4.2.0
+regula 3.2.1 # https://github.com/launchbynttdata/asdf-regula
+terraform 1.10.3
+terraform-docs 0.20.0
+terragrunt 0.77.22
+tflint 0.57.0

CODEOWNERS

@@ -0,0 +1 @@
+*   @launchbynttdata/terraform-administrators