Browse the Repo

file-type-icon.circleci
file-type-icon_ci
file-type-icon_docs
file-type-iconcodegen
file-type-iconexamples
file-type-iconmodules
file-type-icon_deprecated
file-type-iconaccount-baseline-app
file-type-iconaccount-baseline-root
file-type-iconaccount-baseline-security
file-type-iconauto-update
file-type-iconaws-auth
file-type-iconaws-config-multi-region
file-type-iconaws-config
file-type-iconaws-organizations-config-rules
file-type-iconaws-organizations
file-type-iconcloudtrail
file-type-iconcross-account-iam-roles
file-type-iconcustom-iam-entity
file-type-iconfail2ban
file-type-iconguardduty-multi-region
file-type-iconguardduty
file-type-iconiam-groups
file-type-iconiam-policies
file-type-iconiam-user-password-policy
file-type-iconiam-users
file-type-iconip-lockdown
file-type-iconkms-master-key-multi-region
file-type-iconkms-master-key
file-type-iconREADME.md
file-type-iconmain.tf
file-type-iconoutputs.tf
file-type-iconvariables.tf
file-type-iconntp
file-type-iconos-hardening
file-type-iconsaml-iam-roles
file-type-iconssh-grunt-selinux-policy
file-type-iconssh-grunt
file-type-iconssh-iam
file-type-iconssm-healthchecks-iam-permissions
file-type-icontls-cert-private
file-type-icontest
file-type-icon.editorconfig
file-type-icon.gitignore
file-type-icon.pre-commit-config.yaml
file-type-iconCODEOWNERS
file-type-iconLICENSE.txt
file-type-iconREADME.adoc

Browse the Repo

file-type-icon.circleci
file-type-icon_ci
file-type-icon_docs
file-type-iconcodegen
file-type-iconexamples
file-type-iconmodules
file-type-icon_deprecated
file-type-iconaccount-baseline-app
file-type-iconaccount-baseline-root
file-type-iconaccount-baseline-security
file-type-iconauto-update
file-type-iconaws-auth
file-type-iconaws-config-multi-region
file-type-iconaws-config
file-type-iconaws-organizations-config-rules
file-type-iconaws-organizations
file-type-iconcloudtrail
file-type-iconcross-account-iam-roles
file-type-iconcustom-iam-entity
file-type-iconfail2ban
file-type-iconguardduty-multi-region
file-type-iconguardduty
file-type-iconiam-groups
file-type-iconiam-policies
file-type-iconiam-user-password-policy
file-type-iconiam-users
file-type-iconip-lockdown
file-type-iconkms-master-key-multi-region
file-type-iconkms-master-key
file-type-iconREADME.md
file-type-iconmain.tf
file-type-iconoutputs.tf
file-type-iconvariables.tf
file-type-iconntp
file-type-iconos-hardening
file-type-iconsaml-iam-roles
file-type-iconssh-grunt-selinux-policy
file-type-iconssh-grunt
file-type-iconssh-iam
file-type-iconssm-healthchecks-iam-permissions
file-type-icontls-cert-private
file-type-icontest
file-type-icon.editorconfig
file-type-icon.gitignore
file-type-icon.pre-commit-config.yaml
file-type-iconCODEOWNERS
file-type-iconLICENSE.txt
file-type-iconREADME.adoc
KMS

KMS

Encrypt and decrypt secrets using Amazon's Key Management Service (KMS).

Code Preview

Preview the Code

mobile file icon

variables.tf

down
  • # ---------------------------------------------------------------------------------------------------------------------
  • # REQUIRED MODULE PARAMETERS
  • # These variables must be passed in by the operator.
  • # ---------------------------------------------------------------------------------------------------------------------
  • # AWS Terminology Explained:
  • # - Customer Master Key (CMK): A key used to encrypt/decrypt arbitrary data, or to generate a Data Key that can be used
  • # to encrypt/decrypt a higher volume of arbitrary data. See this module's README for details.
  • variable "customer_master_keys" {
  • description = "Map of CMK names to spec for managing each key. Each entry in the map corresponds to a key that will be created by this template."
  • # Ideally, we will use a more strict type here but since we want to support required and optional values, and since
  • # Terraform's type system only supports maps that have the same type for all values, we have to use the less useful
  • # `any` type.
  • type = any
  • # Each entry in the map supports the following attributes:
  • #
  • # OPTIONAL (defaults to value of corresponding module input):
  • # - cmk_administrator_iam_arns [list(string)] : A list of IAM ARNs for users who should be given
  • # administrator access to this CMK (e.g.
  • # arn:aws:iam::<aws-account-id>:user/<iam-user-arn>).
  • # - cmk_user_iam_arns [list(string)] : A list of IAM ARNs for users who should be given
  • # permissions to use this CMK (e.g.
  • # arn:aws:iam::<aws-account-id>:user/<iam-user-arn>).

Questions? Ask away.

We're here to talk about our services, answer any questions, give advice, or just to chat.

Ready to hand off the Gruntwork?