Merge pull request #21 from zoitech/feature/kms_keys

#19 added kms key resource
zoitech · Nov 18, 2019 · 4c6bfec · 4c6bfec
2 parents 3385ecc + da391f1
commit 4c6bfec
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -78,7 +78,28 @@ module "account" {
   region          = "eu-central-1"
   create_key_pair = true
   key_name        = "my-key"
-  public_key      = "rsa-ssh blahblahreplacemewithlongpublickeystring my-key-name"
+  public_key      = file(my-key-name.pub)
+}
+```
+
+### AWS KMS Keys
+
+Creating KMS keys is disabled by default.
+
+```hcl
+module "account" {
+  source          = "git::https://github.com/zoitech/terraform-aws-account.git"
+  region          = "eu-central-1"
+  create_kms_keys = true
+  kms_keys        = [
+    {
+      alias_name              = "alias/ec2"
+      description             = "Encryption/decryption of ec2 data"
+      deletion_window_in_days = 30
+      is_enabled              = true
+      enable_key_rotation     = true
+    },
+  ]
 }
 ```
 

diff --git a/changelog.md b/changelog.md
@@ -22,6 +22,7 @@ IMPROVEMENTS:
 NEW FEATURES:
 
 * Added EC2 key pair resource ([#18](https://github.com/zoitech/terraform-aws-account/issues/18))
+* Added AWS KMS key resource ([#19](https://github.com/zoitech/terraform-aws-account/issues/19))
 
 ## 0.0.6
 

diff --git a/kms_keys.tf b/kms_keys.tf
@@ -0,0 +1,15 @@
+resource "aws_kms_key" "key" {
+  count                   = local.create_kms_keys
+  description             = lookup(element(var.kms_keys, count.index), "description")
+  deletion_window_in_days = lookup(element(var.kms_keys, count.index), "deletion_window_in_days")
+  is_enabled              = lookup(element(var.kms_keys, count.index), "is_enabled")
+  enable_key_rotation     = lookup(element(var.kms_keys, count.index), "enable_key_rotation")
+  #policy =
+  #tags = 
+}
+
+resource "aws_kms_alias" "key_alias" {
+  count         = local.create_kms_keys
+  name          = lookup(element(var.kms_keys, count.index), "alias_name")
+  target_key_id = aws_kms_key.key[count.index].key_id
+}
diff --git a/locals.tf b/locals.tf
@@ -16,5 +16,8 @@ locals {
   # ec key pair
   create_key_pair = (var.create_key_pair == true ? 1 : 0)
 
+  # kms keys
+  create_kms_keys = (var.create_kms_keys == true && var.kms_keys != null ? length(var.kms_keys) : 0)
+
 }
 
diff --git a/variables.tf b/variables.tf
@@ -161,3 +161,23 @@ variable "public_key" {
   description = "The public key value"
   default     = null
 }
+
+# kms keys
+variable "create_kms_keys" {
+  description = "Defines if kms key(s) should be created."
+  default     = false
+}
+
+variable "kms_keys" {
+  description = "List of kms key objects"
+  type = list(object({
+    alias_name              = string
+    description             = string
+    deletion_window_in_days = number
+    is_enabled              = bool
+    enable_key_rotation     = bool
+    #policy =
+    #tags = 
+  }))
+  default = null
+}