initial commit

2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
@@ -0,0 +1,43 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_kms_key" "ab-kms-key" {
+  description             = "KMS key for aws backup"
+  deletion_window_in_days = 10
+  policy = jsonencode(
+    {
+      "Version" : "2012-10-17",
+      "Id" : "awsbackup-service",
+      "Statement" : [
+        {
+          "Sid" : "Enable IAM User Permissions",
+          "Effect" : "Allow",
+          "Principal" : {
+            "AWS" : "arn:aws:iam::${data.aws_caller_identity.this.id}:root"
+          },
+          "Action" : "kms:*",
+          "Resource" : "*"
+        },
+        {
+          "Sid" : "Allow attachment of persistent resources",
+          "Effect" : "Allow",
+          "Principal" : "*",
+          "Action" : [
+            "kms:CreateGrant",
+            "kms:ListGrants",
+            "kms:RevokeGrant"
+          ],
+          "Resource" : "*",
+          "Condition" : {
+            "Bool" : {
+              "kms:GrantIsForAWSResource" : "true"
+            }
+          }
+        }
+      ]
+  })
+}
+
+resource "aws_kms_alias" "ab-kms-key-alias" {
+  name          = "alias/awsbackup-kms-key"
+  target_key_id = aws_kms_key.ab-kms-key.id
+}