sqs-queue Update default KMS key to be null (#1043)

cloudposse · May 22, 2024 · c019843 · c019843
1 parent cd7eee3
commit c019843
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/modules/sqs-queue/README.md b/modules/sqs-queue/README.md
@@ -35,7 +35,8 @@ components:
         dlq_max_receive_count: 1
         dlq_kms_data_key_reuse_period_seconds: 86400 # 1 day
         kms_data_key_reuse_period_seconds: 86400 # 1 day
-        sqs_managed_sse_enabled: true # SSE vs KMS
+        # kms_master_key_id: "alias/aws/sqs" # Use KMS # default null
+        sqs_managed_sse_enabled: true # SSE vs KMS (Priority goes to KMS)
         iam_policy_limit_to_current_account: true # default true
         iam_policy:
           - version: 2012-10-17
@@ -126,7 +127,7 @@ components:
 | <a name="input_iam_policy_limit_to_current_account"></a> [iam\_policy\_limit\_to\_current\_account](#input\_iam\_policy\_limit\_to\_current\_account) | Boolean designating whether the IAM policy should be limited to the current account. | `bool` | `true` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_kms_data_key_reuse_period_seconds"></a> [kms\_data\_key\_reuse\_period\_seconds](#input\_kms\_data\_key\_reuse\_period\_seconds) | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). The default is 300 (5 minutes). | `number` | `300` | no |
-| <a name="input_kms_master_key_id"></a> [kms\_master\_key\_id](#input\_kms\_master\_key\_id) | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms. | `string` | `"alias/aws/sqs"` | no |
+| <a name="input_kms_master_key_id"></a> [kms\_master\_key\_id](#input\_kms\_master\_key\_id) | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms. | `string` | `null` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,<br>set as tag values, and output by this module individually.<br>Does not affect values of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.<br>Default value: `lower`. | `string` | `null` | no |

diff --git a/modules/sqs-queue/variables.tf b/modules/sqs-queue/variables.tf
@@ -144,7 +144,7 @@ variable "content_based_deduplication" {
 variable "kms_master_key_id" {
   type        = string
   description = "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms."
-  default     = "alias/aws/sqs"
+  default     = null
 }
 
 variable "kms_data_key_reuse_period_seconds" {