From d5a9d7c055990f99f12221c0468b2b539bc6f8df Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum Date: Wed, 6 Jul 2022 20:03:45 -0400 Subject: [PATCH 1/2] update examples with terraform-aws-kms module --- examples/complete-oracle/README.md | 5 +++-- examples/complete-oracle/main.tf | 28 +++++++++++++++++++++------- examples/complete-postgres/README.md | 5 +++-- examples/complete-postgres/main.tf | 28 +++++++++++++++++++++------- 4 files changed, 48 insertions(+), 18 deletions(-) diff --git a/examples/complete-oracle/README.md b/examples/complete-oracle/README.md index ee64e1c3..40fde058 100644 --- a/examples/complete-oracle/README.md +++ b/examples/complete-oracle/README.md @@ -26,7 +26,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws.region2](#provider\_aws.region2) | >= 4.6 | +| [aws](#provider\_aws) | >= 4.6 | ## Modules @@ -35,6 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des | [db](#module\_db) | ../../ | n/a | | [db\_automated\_backups\_replication](#module\_db\_automated\_backups\_replication) | ../../modules/db_instance_automated_backups_replication | n/a | | [db\_disabled](#module\_db\_disabled) | ../../ | n/a | +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | @@ -42,7 +43,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| -| [aws_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | ## Inputs diff --git a/examples/complete-oracle/main.tf b/examples/complete-oracle/main.tf index fbf92b1f..2fd8f37d 100644 --- a/examples/complete-oracle/main.tf +++ b/examples/complete-oracle/main.tf @@ -2,10 +2,13 @@ provider "aws" { region = local.region } +data "aws_caller_identity" "current" {} + locals { - name = "complete-oracle" - region = "eu-west-1" - region2 = "eu-central-1" + name = "complete-oracle" + region = "eu-west-1" + region2 = "eu-central-1" + current_identity = data.aws_caller_identity.current.arn tags = { Owner = "user" Environment = "dev" @@ -121,17 +124,28 @@ provider "aws" { region = local.region2 } -resource "aws_kms_key" "default" { - description = "Encryption key for cross region automated backups" +module "kms" { + source = "terraform-aws-modules/kms/aws" + version = "~> 1.0" + + # Aliases + aliases = [local.name] + aliases_use_name_prefix = true + + key_owners = [local.current_identity] + + tags = local.tags - provider = aws.region2 + providers = { + aws = aws.region2 + } } module "db_automated_backups_replication" { source = "../../modules/db_instance_automated_backups_replication" source_db_instance_arn = module.db.db_instance_arn - kms_key_arn = aws_kms_key.default.arn + kms_key_arn = module.kms.key_arn providers = { aws = aws.region2 diff --git a/examples/complete-postgres/README.md b/examples/complete-postgres/README.md index 120f2b46..16a8ced8 100644 --- a/examples/complete-postgres/README.md +++ b/examples/complete-postgres/README.md @@ -26,7 +26,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws.region2](#provider\_aws.region2) | >= 4.6 | +| [aws](#provider\_aws) | >= 4.6 | ## Modules @@ -36,6 +36,7 @@ Note that this example may create resources which cost money. Run `terraform des | [db\_automated\_backups\_replication](#module\_db\_automated\_backups\_replication) | ../../modules/db_instance_automated_backups_replication | n/a | | [db\_default](#module\_db\_default) | ../../ | n/a | | [db\_disabled](#module\_db\_disabled) | ../../ | n/a | +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | @@ -43,7 +44,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| -| [aws_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | ## Inputs diff --git a/examples/complete-postgres/main.tf b/examples/complete-postgres/main.tf index 09c85b2a..85fe47e4 100644 --- a/examples/complete-postgres/main.tf +++ b/examples/complete-postgres/main.tf @@ -2,10 +2,13 @@ provider "aws" { region = local.region } +data "aws_caller_identity" "current" {} + locals { - name = "complete-postgresql" - region = "eu-west-1" - region2 = "eu-central-1" + name = "complete-postgresql" + region = "eu-west-1" + region2 = "eu-central-1" + current_identity = data.aws_caller_identity.current.arn tags = { Owner = "user" Environment = "dev" @@ -175,17 +178,28 @@ provider "aws" { region = local.region2 } -resource "aws_kms_key" "default" { - description = "Encryption key for cross region automated backups" +module "kms" { + source = "terraform-aws-modules/kms/aws" + version = "~> 1.0" + + # Aliases + aliases = [local.name] + aliases_use_name_prefix = true + + key_owners = [local.current_identity] + + tags = local.tags - provider = aws.region2 + providers = { + aws = aws.region2 + } } module "db_automated_backups_replication" { source = "../../modules/db_instance_automated_backups_replication" source_db_instance_arn = module.db.db_instance_arn - kms_key_arn = aws_kms_key.default.arn + kms_key_arn = module.kms.key_arn providers = { aws = aws.region2 From 0beae30d1229cf484ccc573c6d7665deec7c08e7 Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum Date: Wed, 6 Jul 2022 20:19:39 -0400 Subject: [PATCH 2/2] add description --- examples/complete-oracle/main.tf | 5 +++-- examples/complete-postgres/main.tf | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/examples/complete-oracle/main.tf b/examples/complete-oracle/main.tf index 2fd8f37d..6171d67e 100644 --- a/examples/complete-oracle/main.tf +++ b/examples/complete-oracle/main.tf @@ -125,8 +125,9 @@ provider "aws" { } module "kms" { - source = "terraform-aws-modules/kms/aws" - version = "~> 1.0" + source = "terraform-aws-modules/kms/aws" + version = "~> 1.0" + description = "KMS key for cross region automated backups replication" # Aliases aliases = [local.name] diff --git a/examples/complete-postgres/main.tf b/examples/complete-postgres/main.tf index 85fe47e4..5378c52c 100644 --- a/examples/complete-postgres/main.tf +++ b/examples/complete-postgres/main.tf @@ -179,8 +179,9 @@ provider "aws" { } module "kms" { - source = "terraform-aws-modules/kms/aws" - version = "~> 1.0" + source = "terraform-aws-modules/kms/aws" + version = "~> 1.0" + description = "KMS key for cross region automated backups replication" # Aliases aliases = [local.name]