Creates a KMS key used to encrypt data-at-rest stored in CloudWatch Logs
module "rds_kms_key" {
source = "dod-iac/rds-kms-key/aws"
name = "alias/name"
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Run all terratest tests using the terratest script. If using aws-vault, you could use aws-vault exec $AWS_PROFILE -- terratest. The AWS_DEFAULT_REGION environment variable is required by the tests. Use TT_SKIP_DESTROY=1 to not destroy the infrastructure created during the tests. Use TT_VERBOSE=1 to log all tests as they are run. The go test command can be executed directly, too.
Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to main branch.
Terraform 0.11 and 0.12 are not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 3.0, < 5.0 |
| Name | Version |
|---|---|
| aws | >= 3.0, < 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_kms_alias.rds | resource |
| aws_kms_key.rds | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.rds | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| description | The description of the key as viewed in AWS console. | string |
"A KMS key used to encrypt data at-rest in RDS databases." |
no |
| key_deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. | string |
30 |
no |
| name | The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/). | string |
"alias/rds" |
no |
| tags | Tags applied to the KMS key. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| aws_kms_alias_arn | The Amazon Resource Name (ARN) of the key alias. |
| aws_kms_alias_name | The display name of the alias. |
| aws_kms_key_arn | The Amazon Resource Name (ARN) of the key. |