xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
xpk
2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security_identity_compliance/CustomerManagedKmsKeys/variables.tf
+128
View File
@@ -0,0 +1,128 @@
variable "create-allpurpose-key" {
description = "Create a CMK for general use"
type = bool
}
variable "create-storage-key" {
description = "Create a CMK for use with storage such as EBS, S3, EFS"
type = bool
}
variable "create-eksebs-key" {
description = "Create a CMK for use with ENS volumes on EKS nodes"
type = bool
}
variable "create-database-key" {
description = "Create a CMK for use with databases such as RDS, DynamoDB, Redis"
type = bool
}
variable "create-backup-key" {
description = "Create a CMK for use with AWS backup"
type = bool
}
variable "create-secret-key" {
description = "Create a CMK for use with secretsmanager"
type = bool
}
variable "create-log-key" {
description = "Create a CMK for use with logging such as CloudwatchLogs and Cloudtrail"
type = bool
}
variable "create-notify-key" {
description = "Create a CMK for use with notification and events"
type = bool
}
variable "name-prefix" {
description = "Assign a name prefix for key alias"
type = string
default = null
}
variable "bypass_policy_lockout_safety_check" {
description = "A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable"
type = bool
default = false
}
variable "customer_master_key_spec" {
description = "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`"
type = string
default = "SYMMETRIC_DEFAULT"
}
variable "deletion_window_in_days" {
description = "The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`"
type = number
default = 30
}
variable "description" {
description = "The description of the key as viewed in AWS console"
type = string
default = null
}
variable "enable_key_rotation" {
description = "Specifies whether key rotation is enabled. Defaults to `true`"
type = bool
default = true
}
variable "is_enabled" {
description = "Specifies whether the key is enabled. Defaults to `true`"
type = bool
default = true
}
variable "key_usage" {
description = "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. Defaults to `ENCRYPT_DECRYPT`"
type = string
default = "ENCRYPT_DECRYPT"
}
variable "multi_region" {
description = "Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`"
type = bool
default = false
}
variable "policy" {
description = "A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws_iam_policy_document`, in the form that designates a principal, can be used"
type = string
default = null
}
variable "enable_default_policy" {
description = "Specifies whether to enable the default key policy. Defaults to `true`"
type = bool
default = true
}
variable "key_administrator_arn" {
description = "IAM user/group/role with highest permissions. If none is specified, access will be granted to this account"
type = string
default = null
}
################################################################################
# Grant
################################################################################
variable "grants" {
description = "A map of grant definitions to create"
type = any
default = {}
}
variable "rotation_period_in_days" {
description = "rotation period in days"
type = number
default = 365
}