Feat cse

[yellow-shine]

This pull request introduces support for AWS Client-Side Encryption (CSE) in the BYOC I project, allowing users to enable CSE for Milvus data with either an automatically created KMS key or an existing KMS key. It adds a new Terraform module for KMS key and IAM role management, updates configuration files to expose new variables and outputs, and documents the new encryption options in the project README.

Encryption (KMS) Integration:

• Added support for AWS Client-Side Encryption (CSE) with options to automatically create a new KMS key or use an existing key, including new variables (enable_aws_cse, aws_cse_exiting_key_arn) and outputs (cse_key_arn). [1] [2] [3] [4] [5]
• Introduced a new Terraform module (modules/aws_byoc_i/kms) to provision a multi-region symmetric KMS key, alias, IAM role, and role policy for cross-account access, with validation for input variables. [1] [2]

Configuration and Resource Updates:

• Updated main.tf to conditionally create the KMS module and integrate its outputs into the project resource, ensuring proper dependency management. [1] [2]
• Extended resource tagging and encryption configuration examples in the README to include EBS, S3, and CSE options. [1] [2]

Documentation Improvements:

• Enhanced the README with detailed instructions for enabling CSE, using custom or existing KMS keys, and clarified output values such as cse_key_arn.

These changes collectively enable secure client-side encryption for Milvus data in AWS BYOC deployments, improve flexibility for key management, and provide clear documentation for users.

[LoveEachDay]

/lgtm