Skip to content

ARC

Index

terraform-aws-arc-kms ¶

Module: sourcefuse/arc-kms/aws

Registry: https://registry.terraform.io/modules/sourcefuse/arc-kms/aws

Category: Security / Encryption

Source: https://github.com/sourcefuse/terraform-aws-arc-kms

Overview¶

Creates and manages AWS KMS customer-managed keys (CMKs) with aliases, key policies, and automatic key rotation.

What It Does¶

KMS CMK with configurable deletion window
Automatic key rotation
Key alias management
Custom key policy support
Enable/disable key without deletion

Quickstart¶

module "kms" {
  source                  = "sourcefuse/arc-kms/aws"
  version                 = "1.0.0"
  enabled                 = var.enabled
  deletion_window_in_days = var.deletion_window_in_days
  enable_key_rotation     = var.enable_key_rotation
  alias                   = var.alias
  tags                    = module.tags.tags
  policy                  = var.policy
}

Required Inputs¶

Name	Type	Description
`alias`	`string`	KMS key alias (must start with alias/)
## Key Outputs

Name	Description
`key_id`	KMS key ID
`key_arn`	KMS key ARN
`alias_arn`	KMS alias ARN
## Full Variable & Output Reference

The complete inputs/outputs reference is auto-generated below.

Requirements¶

Name	Version
terraform	>= 1.4, < 2.0.0
aws	>= 5.0, < 7.0

Providers¶

Name	Version
aws	>= 5.0, < 7.0

Modules¶

No modules.

Resources¶

Name	Type
aws_kms_alias.default	resource
aws_kms_key.default	resource

Inputs¶

Name	Description	Type	Default	Required
alias	The display name of the alias. The name must start with the word `alias` followed by a forward slash. If not specified, the alias name will be auto-generated.	`string`	n/a	yes
customer_master_key_spec	Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`.	`string`	`"SYMMETRIC_DEFAULT"`	no
deletion_window_in_days	Duration in days after which the key is deleted after destruction of the resource	`number`	`10`	no
description	The description of the key as viewed in AWS console	`string`	`"KMS master key"`	no
enable_key_rotation	Specifies whether key rotation is enabled	`bool`	`true`	no
key_usage	Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.	`string`	`"ENCRYPT_DECRYPT"`	no
multi_region	Indicates whether the KMS key is a multi-Region (true) or regional (false) key.	`bool`	`false`	no
policy	A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy.	`string`	n/a	yes
tags	tags to add to your resources	`map(string)`	`{}`	no

Outputs¶

Name	Description
alias_arn	Alias ARN
alias_name	Alias name
key_arn	Key ARN
key_id	Key ID

Contributing¶

See CONTRIBUTING.md for commit conventions and development setup.

Authors¶

This project is authored by: - SourceFuse ARC Team