Adding policy support and in sync with master (cloudposse#11)

* Adding policy support and in sync with master * Adding policy support and in sync with master * Adding policy support and in sync with master * Adding policy support and in sync with master
vvatlin · Oct 9, 2019 · a669406 · a669406
1 parent 38f2f1f
commit a669406
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -90,8 +90,10 @@ Available targets:
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
 | description | The description of the key as viewed in AWS console | string | `Parameter Store KMS master key` | no |
 | enable_key_rotation | Specifies whether key rotation is enabled | bool | `true` | no |
+| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no |
 | name | Application or solution name (e.g. `app`) | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
+| policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map(string) | `<map>` | no |
 
@@ -245,11 +247,11 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 |---|---|---|
 
   [aknysh_homepage]: https://github.com/aknysh
-  [aknysh_avatar]: https://github.com/aknysh.png?size=150
+  [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png
   [osterman_homepage]: https://github.com/osterman
-  [osterman_avatar]: https://github.com/osterman.png?size=150
+  [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png
   [goruha_homepage]: https://github.com/goruha
-  [goruha_avatar]: https://github.com/goruha.png?size=150
+  [goruha_avatar]: https://img.cloudposse.com/150x150/https://github.com/goruha.png
 
 
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -8,8 +8,10 @@
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
 | description | The description of the key as viewed in AWS console | string | `Parameter Store KMS master key` | no |
 | enable_key_rotation | Specifies whether key rotation is enabled | bool | `true` | no |
+| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no |
 | name | Application or solution name (e.g. `app`) | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
+| policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | `` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map(string) | `<map>` | no |
 

diff --git a/main.tf b/main.tf
@@ -9,13 +9,16 @@ module "label" {
 }
 
 resource "aws_kms_key" "default" {
+  count                   = var.enabled == true ? 1 : 0
   deletion_window_in_days = var.deletion_window_in_days
   enable_key_rotation     = var.enable_key_rotation
+  policy                  = var.policy
   tags                    = module.label.tags
   description             = var.description
 }
 
 resource "aws_kms_alias" "default" {
+  count         = var.enabled == true ? 1 : 0
   name          = coalesce(var.alias, format("alias/%v", module.label.id))
-  target_key_id = aws_kms_key.default.id
+  target_key_id = join("", aws_kms_key.default.*.id)
 }
diff --git a/output.tf b/output.tf
@@ -1,19 +1,19 @@
 output "key_arn" {
-  value       = aws_kms_key.default.arn
+  value       = join("", aws_kms_key.default.*.arn)
   description = "Key ARN"
 }
 
 output "key_id" {
-  value       = aws_kms_key.default.key_id
+  value       = join("", aws_kms_key.default.*.key_id)
   description = "Key ID"
 }
 
 output "alias_arn" {
-  value       = aws_kms_alias.default.arn
+  value       = join("", aws_kms_alias.default.*.arn)
   description = "Alias ARN"
 }
 
 output "alias_name" {
-  value       = aws_kms_alias.default.name
+  value       = join("", aws_kms_alias.default.*.name)
   description = "Alias name"
 }
diff --git a/variables.tf b/variables.tf
@@ -55,3 +55,14 @@ variable "alias" {
   default     = ""
   description = "The display name of the alias. The name must start with the word `alias` followed by a forward slash"
 }
+variable "enabled" {
+  type        = bool
+  default     = true
+  description = "Set to false to prevent the module from creating any resources"
+}
+
+variable "policy" {
+  type        = string
+  default     = ""
+  description = "A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy."
+}