NEW: more samples

2020-10-07 09:15:05 +08:00
parent deb31cd525
commit 5361a040c1
9 changed files with 124 additions and 0 deletions
@@ -0,0 +1,31 @@
+resource "aws_kms_external_key" "kms-key1" {
+  description = "Customer managed key"
+  key_material_base64 = "s5yiaoDbfHrBkbuGdyIxQaILucovIgPMbw8/pgYZJu0="
+  enabled = true
+  policy =<<EOF
+{
+    "Version": "2012-10-17",
+    "Id": "key-default-1",
+    "Statement": [
+        {
+            "Sid": "Allow access for key administrators"
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": [
+			"arn:aws:iam::376395444418:user/temp-provisioning-fullaccess",
+			"arn:aws:iam::376395444418:root"
+		]
+            },
+            "Action": "kms:*",
+            "Resource": "*"
+        }
+    ]
+}
+EOF
+ 
+}
+
+resource "aws_kms_alias" "keyalias1" {
+  name          = "alias/kf-test-3"
+  target_key_id = aws_kms_external_key.kms-key1.id
+}