Terraform resource: aws kms key
Jump to navigation
Jump to search
aws_kms_key
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key
deletion_window_in_days
: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key#deletion_window_in_days safety measure to delay key deletion, this waiting can be defined between 7 and 30 days
Official example
resource "aws_kms_key" "a" { description = "KMS key 1" deletion_window_in_days = 10 }
Multi region official example
data "aws_caller_identity" "current" {} resource "aws_kms_key" "example" { description = "An example multi-Region primary key" multi_region = true enable_key_rotation = true deletion_window_in_days = 10 policy = jsonencode({ Version = "2012-10-17" Id = "key-default-1" Statement = [ { Sid = "Enable IAM User Permissions" Effect = "Allow" Principal = { AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" }, Action = "kms:*" Resource = "*" }, { Sid = "Allow administration of the key" Effect = "Allow" Principal = { AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/Alice" }, Action = [ "kms:ReplicateKey", "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ], Resource = "*" }, { Sid = "Allow use of the key" Effect = "Allow" Principal = { AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/Bob" }, Action = [ "kms:DescribeKey", "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext" ], Resource = "*" } ] }) }
Errors
Related
See also
Advertising: