From 299104bd37d6c4859fe88ea7e85aa229e21f3f7b Mon Sep 17 00:00:00 2001 From: Andy Hibbert Date: Wed, 12 Aug 2020 17:07:52 +0100 Subject: [PATCH 1/2] add_kms_key_id: Allow user to supply their own kms_key_id Change-Id: I23d1288851301328afaa61686b42d8376d303415 --- README.md | 1 + docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 4 files changed, 9 insertions(+) diff --git a/README.md b/README.md index b195d16..1012cde 100644 --- a/README.md +++ b/README.md @@ -187,6 +187,7 @@ Available targets: | existing\_security\_groups | List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster | `list(string)` | `[]` | no | | family | Redis family | `string` | `"redis4.0"` | no | | instance\_type | Elastic cache instance type | `string` | `"cache.t2.micro"` | no | +| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | `string` | `null` | no | | maintenance\_window | Maintenance window | `string` | `"wed:03:00-wed:04:00"` | no | | name | Name of the application | `string` | n/a | yes | | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 3538b84..a99ae22 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -39,6 +39,7 @@ | existing\_security\_groups | List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster | `list(string)` | `[]` | no | | family | Redis family | `string` | `"redis4.0"` | no | | instance\_type | Elastic cache instance type | `string` | `"cache.t2.micro"` | no | +| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | `string` | `null` | no | | maintenance\_window | Maintenance window | `string` | `"wed:03:00-wed:04:00"` | no | | name | Name of the application | `string` | n/a | yes | | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | diff --git a/main.tf b/main.tf index 44f469d..a6a533a 100644 --- a/main.tf +++ b/main.tf @@ -97,6 +97,7 @@ resource "aws_elasticache_replication_group" "default" { engine_version = var.engine_version at_rest_encryption_enabled = var.at_rest_encryption_enabled transit_encryption_enabled = var.transit_encryption_enabled + kms_key_id = var.at_rest_encryption_enabled ? var.kms_key_id : null snapshot_window = var.snapshot_window snapshot_retention_limit = var.snapshot_retention_limit apply_immediately = var.apply_immediately diff --git a/variables.tf b/variables.tf index 7c3a815..34da5a9 100644 --- a/variables.tf +++ b/variables.tf @@ -204,6 +204,12 @@ variable "auth_token" { default = null } +variable "kms_key_id" { + type = string + description = "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true`" + default = null +} + variable "replication_group_id" { type = string description = "Replication group ID with the following constraints: \nA name must contain from 1 to 20 alphanumeric characters or hyphens. \n The first character must be a letter. \n A name cannot end with a hyphen or contain two consecutive hyphens." From 1cca1954a9e3c0ce506ef84829a87bb06b9f266b Mon Sep 17 00:00:00 2001 From: actions-bot <58130806+actions-bot@users.noreply.github.com> Date: Tue, 18 Aug 2020 17:13:47 +0000 Subject: [PATCH 2/2] Updated README.md --- README.md | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 1012cde..c6fd84f 100644 --- a/README.md +++ b/README.md @@ -300,22 +300,24 @@ Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright) See [LICENSE](LICENSE) for full details. - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. +```text +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +```