add_kms_key_id: Allow user to supply their own kms_key_id (#75)

* add_kms_key_id: Allow user to supply their own kms_key_id Change-Id: I23d1288851301328afaa61686b42d8376d303415 * Updated README.md Co-authored-by: Andy Hibbert <anhibber@cisco.com> Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com>

add_kms_key_id: Allow user to supply their own kms_key_id (#75)
* add_kms_key_id: Allow user to supply their own kms_key_id Change-Id: I23d1288851301328afaa61686b42d8376d303415 * Updated README.md Co-authored-by: Andy Hibbert <anhibber@cisco.com> Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com>
f727ef5d · Andrew Hibbert · GitHub · 214683cb · f727ef5d · f727ef5d
Commit f727ef5d authored Aug 18, 2020 by Andrew Hibbert Committed by GitHub Aug 18, 2020
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

README.md README.md +1 -0

terraform.md docs/terraform.md +1 -0

main.tf main.tf +1 -0

variables.tf variables.tf +6 -0

No files found.
--- a/README.md
+++ b/README.md
@@ -187,6 +187,7 @@ Available targets:
 | existing\_security\_groups | List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster | `list(string)` | `[]` | no |
 | family | Redis family | `string` | `"redis4.0"` | no |
 | instance\_type | Elastic cache instance type | `string` | `"cache.t2.micro"` | no |
+| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | `string` | `null` | no |
 | maintenance\_window | Maintenance window | `string` | `"wed:03:00-wed:04:00"` | no |
 | name | Name of the application | `string` | n/a | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no |

--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -39,6 +39,7 @@
 | existing\_security\_groups | List of existing Security Group IDs to place the cluster into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the cluster | `list(string)` | `[]` | no |
 | family | Redis family | `string` | `"redis4.0"` | no |
 | instance\_type | Elastic cache instance type | `string` | `"cache.t2.micro"` | no |
+| kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | `string` | `null` | no |
 | maintenance\_window | Maintenance window | `string` | `"wed:03:00-wed:04:00"` | no |
 | name | Name of the application | `string` | n/a | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no |

--- a/main.tf
+++ b/main.tf
@@ -97,6 +97,7 @@ resource "aws_elasticache_replication_group" "default" {
  engine_version                = var.engine_version
  at_rest_encryption_enabled    = var.at_rest_encryption_enabled
  transit_encryption_enabled    = var.transit_encryption_enabled
+  kms_key_id                    = var.at_rest_encryption_enabled ? var.kms_key_id : null
  snapshot_window               = var.snapshot_window
  snapshot_retention_limit      = var.snapshot_retention_limit
  apply_immediately             = var.apply_immediately

--- a/variables.tf
+++ b/variables.tf
@@ -204,6 +204,12 @@ variable "auth_token" {
  default     = null
 }

+variable "kms_key_id" {
+  type        = string
+  description = "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true`"
+  default     = null
+}
+
 variable "replication_group_id" {
  type        = string
  description = "Replication group ID with the following constraints: \nA name must contain from 1 to 20 alphanumeric characters or hyphens. \n The first character must be a letter. \n A name cannot end with a hyphen or contain two consecutive hyphens."