Assume we have 2 environments, dev and prod. For dev we use AWS generated key material, and for prod we will use an HSM to generate the key material and import it into KMS.
To run this example:
terraform init
terraform plan -var-file=dev.tfvars # -var-file=prod.tfvars
terraform apply -var-file=dev.tfvars # -var-file=prod.tfvarsWarning: each CMK costs USD 1 per month until you delete it. See KMS pricing.
| Name | Version |
|---|---|
| terraform | >= 0.12.21 |
| aws | >= 2.70 |
No providers.
| Name | Source | Version |
|---|---|---|
| kms | ../ |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| use_aws_key_material | Whether to use AWS generated key material or BYOK (eg. using CloudHSM or a physical HSM) | bool |
n/a | yes |
| Name | Description |
|---|---|
| key_id | n/a |