example.terraform/kms/main.tf

resource "aws_kms_external_key" "kms-key1" {
  description = "Customer managed key"
  key_material_base64 = "s5yiaoDbfHrBkbuGdyIxQaILucovIgPMbw8/pgYZJu0="
  enabled = true
  policy =<<EOF
{
    "Version": "2012-10-17",
    "Id": "key-default-1",
    "Statement": [
        {
            "Sid": "Allow access for key administrators"
            "Effect": "Allow",
            "Principal": {
                "AWS": [
			"arn:aws:iam::376395444418:user/temp-provisioning-fullaccess",
			"arn:aws:iam::376395444418:root"
		]
            },
            "Action": "kms:*",
            "Resource": "*"
        }
    ]
}
EOF
 
}

resource "aws_kms_alias" "keyalias1" {
  name          = "alias/kf-test-3"
  target_key_id = aws_kms_external_key.kms-key1.id
}