57 lines
1.2 KiB
Terraform
57 lines
1.2 KiB
Terraform
|
# Copyright (c) HashiCorp, Inc.
|
||
|
|
# SPDX-License-Identifier: BUSL-1.1
|
||
|
|
|
||
|
|
variable "cluster_id" {
|
||
|
|
type = string
|
||
|
|
}
|
||
|
|
|
||
|
|
variable "cluster_meta" {
|
||
|
|
type = string
|
||
|
|
default = null
|
||
|
|
}
|
||
|
|
|
||
|
|
variable "common_tags" {
|
||
|
|
type = map(string)
|
||
|
|
default = null
|
||
|
|
}
|
||
|
|
|
||
|
|
variable "other_resources" {
|
||
|
|
type = list(string)
|
||
|
|
default = []
|
||
|
|
}
|
||
|
|
|
||
|
|
locals {
|
||
|
|
cluster_name = var.cluster_meta == null ? var.cluster_id : "${var.cluster_id}-${var.cluster_meta}"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "aws_kms_key" "key" {
|
||
|
|
description = "auto-unseal-key-${local.cluster_name}"
|
||
|
|
deletion_window_in_days = 7 // 7 is the shortest allowed window
|
||
|
|
tags = var.common_tags
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "aws_kms_alias" "alias" {
|
||
|
|
name = "alias/auto-unseal-key-${local.cluster_name}"
|
||
|
|
target_key_id = aws_kms_key.key.key_id
|
||
|
|
}
|
||
|
|
|
||
|
|
output "alias" {
|
||
|
|
description = "The key alias name"
|
||
|
|
value = aws_kms_alias.alias.name
|
||
|
|
}
|
||
|
|
|
||
|
|
output "id" {
|
||
|
|
description = "The key ID"
|
||
|
|
value = aws_kms_key.key.key_id
|
||
|
|
}
|
||
|
|
|
||
|
|
output "resource_name" {
|
||
|
|
description = "The ARN"
|
||
|
|
value = aws_kms_key.key.arn
|
||
|
|
}
|
||
|
|
|
||
|
|
output "resource_names" {
|
||
|
|
description = "The list of names"
|
||
|
|
value = compact(concat([aws_kms_key.key.arn], var.other_resources))
|
||
|
|
}
|