Added KMS CMK key

terraform-modules · Sep 21, 2020 · 350db34 · 350db34
1 parent 9623b77
commit 350db34
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -93,11 +93,32 @@ resource "null_resource" "s3_create_wait" {
   }
 }
 
-resource "aws_s3_bucket_object" "this_objects" {
+riesource "aws_s3_bucket_object" "this_objects" {
   bucket = aws_s3_bucket.this.id
   count  = length(var.bucket_folders)
   key    = format("%s/", element(var.bucket_folders, count.index))
   source = "/dev/null"
 
   depends_on = [null_resource.s3_create_wait]
 }
+
+#-------------------------------------------------------------------------
+# EFS KMS KEY
+#-------------------------------------------------------------------------
+resource "aws_kms_key" "key" {
+  count               = local.kms_key_arn_exists ? 0 : 1
+  description         = "KMS CMK for title26_s3 ${local.name}"
+  enable_key_rotation = true
+
+  tags = merge(
+    local.base_tags,
+    { "Name" = local.kms_key_name },
+    var.tags
+  )
+}
+
+resource "aws_kms_alias" "key" {
+  count         = local.kms_key_arn_exists ? 0 : 1
+  name          = "alias/${local.kms_key_name}"
+  target_key_id = (aws_kms_key.key.*)[0].key_id
+}