Merge pull request #4 from fmartingr/encryption

Using `storage_encrypted` to set the db_instance.storage_encrypted

Merge pull request #4 from fmartingr/encryption
Using `storage_encrypted` to set the db_instance.storage_encrypted
ac6e9adc · Anton Babenko · GitHub · 0e1f9c7a · 1209e0ea · ac6e9adc
Commit ac6e9adc authored Sep 28, 2017 by Anton Babenko Committed by GitHub Sep 28, 2017
Showing with 26 additions and 0 deletions

main.tf examples/complete/main.tf +2 -0

main.tf main.tf +2 -0

main.tf modules/db_instance/main.tf +2 -0

variables.tf modules/db_instance/variables.tf +10 -0

variables.tf variables.tf +10 -0

No files found.
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -30,6 +30,8 @@ module "db" {
  engine_version    = "5.7.11"
  instance_class    = "db.t2.large"
  allocated_storage = 5
+  storage_encrypted = false
+  # kms_key_id        = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"

  name     = "demodb"
  username = "user"

--- a/main.tf
+++ b/main.tf
@@ -39,6 +39,8 @@ module "db_instance" {
  instance_class    = "${var.instance_class}"
  allocated_storage = "${var.allocated_storage}"
  storage_type      = "${var.storage_type}"
+  storage_encrypted = "${var.storage_encrypted}"
+  kms_key_id        = "${var.kms_key_id}"

  name     = "${var.name}"
  username = "${var.username}"

--- a/modules/db_instance/main.tf
+++ b/modules/db_instance/main.tf
@@ -9,6 +9,8 @@ resource "aws_db_instance" "this" {
  instance_class    = "${var.instance_class}"
  allocated_storage = "${var.allocated_storage}"
  storage_type      = "${var.storage_type}"
+  storage_encrypted = "${var.storage_encrypted}"
+  kms_key_id        = "${var.kms_key_id}"

  name     = "${var.name}"
  username = "${var.username}"

--- a/modules/db_instance/variables.tf
+++ b/modules/db_instance/variables.tf
@@ -11,6 +11,16 @@ variable "storage_type" {
  default     = "gp2"
 }

+variable "storage_encrypted" {
+  description = "Specifies whether the DB instance is encrypted"
+  default     = false
+}
+
+variable "kms_key_id" {
+  description = "The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used"
+  default = ""
+}
+
 variable "engine" {
  description = "The database engine to use"
 }

--- a/variables.tf
+++ b/variables.tf
@@ -11,6 +11,16 @@ variable "storage_type" {
  default     = "gp2"
 }

+variable "storage_encrypted" {
+  description = "Specifies whether the DB instance is encrypted"
+  default     = false
+}
+
+variable "kms_key_id" {
+  description = "The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used"
+  default = ""
+}
+
 variable "engine" {
  description = "The database engine to use"
 }