forked from cloudposse/terraform-aws-kms-key
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
47 lines (40 loc) · 1.81 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
variable "deletion_window_in_days" {
type = number
default = 10
description = "Duration in days after which the key is deleted after destruction of the resource"
}
variable "enable_key_rotation" {
type = bool
default = true
description = "Specifies whether key rotation is enabled"
}
variable "description" {
type = string
default = "Parameter Store KMS master key"
description = "The description of the key as viewed in AWS console"
}
variable "alias" {
type = string
default = ""
description = "The display name of the alias. The name must start with the word `alias` followed by a forward slash. If not specified, the alias name will be auto-generated."
}
variable "policy" {
type = string
default = ""
description = "A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy."
}
variable "key_usage" {
type = string
default = "ENCRYPT_DECRYPT"
description = "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`."
}
variable "customer_master_key_spec" {
type = string
default = "SYMMETRIC_DEFAULT"
description = "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`."
}
variable "multi_region" {
type = bool
default = false
description = "Indicates whether the KMS key is a multi-Region (true) or regional (false) key."
}