From cd8a2db18138322797cb7f142632f1bd7ca71d61 Mon Sep 17 00:00:00 2001 From: Yannis Cheilaris Date: Tue, 29 Jul 2025 16:20:57 +0300 Subject: [PATCH] feat: add kms key id for lambda config --- main.tf | 4 +++- variables.tf | 7 ++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index df044bc..91726d6 100644 --- a/main.tf +++ b/main.tf @@ -136,7 +136,8 @@ resource "aws_cognito_user_pool" "user_pool" { var.lambda_pre_token_generation, var.lambda_user_migration, var.lambda_verify_auth_challenge_response, - var.lambda_custom_email_sender + var.lambda_custom_email_sender, + var.lambda_kms_key_arn ), null) == null ? [] : [true] content { @@ -150,6 +151,7 @@ resource "aws_cognito_user_pool" "user_pool" { pre_token_generation = var.lambda_pre_token_generation user_migration = var.lambda_user_migration verify_auth_challenge_response = var.lambda_verify_auth_challenge_response + kms_key_id = var.lambda_kms_key_arn custom_email_sender { lambda_arn = var.lambda_custom_email_sender.lambda_arn lambda_version = var.lambda_custom_email_sender.lambda_version diff --git a/variables.tf b/variables.tf index 9108891..c5bf5f6 100644 --- a/variables.tf +++ b/variables.tf @@ -430,13 +430,18 @@ variable "lambda_verify_auth_challenge_response" { } variable "lambda_custom_email_sender" { - description = "(Optional) Configuration block for custom email sender Lambda triggers" + description = "Configuration block for custom email sender Lambda triggers" type = object({ lambda_arn = string lambda_version = string }) } +variable "lambda_kms_key_arn" { + description = "The ARN of the KMS key used to encrypt the Lambda function's environment variables." + type = string +} + variable "schema_attributes" { description = "(Optional) A list of schema attributes of a user pool. You can add a maximum of 25 custom attributes." type = any