diff --git a/Makefile b/Makefile index 655f6303..942a30a3 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ SHELL := /bin/bash +export TERRAFORM_VERSION = 0.12.3 # List of targets the `readme` target should call before generating the readme export README_DEPS ?= docs/targets.md docs/terraform.md diff --git a/README.md b/README.md index 2bb4606c..dd6febe7 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ Available targets: | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | | enabled | Set to `false` to prevent the module from creating any resources | bool | `true` | no | | force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | `false` | no | -| kms_master_key_id | The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no | +| kms_master_key_arn | The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no | | name | Name (e.g. `app` or `cluster`) | string | - | yes | | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | | policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | `` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 9ca3289a..e69de29b 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,37 +0,0 @@ -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| acl | The canned ACL to apply. We recommend `private` to avoid exposing sensitive information | string | `private` | no | -| allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | bool | `false` | no | -| allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list(string) | `` | no | -| attributes | Additional attributes (e.g. `1`) | list(string) | `` | no | -| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| enabled | Set to `false` to prevent the module from creating any resources | bool | `true` | no | -| force_destroy | A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | `false` | no | -| kms_master_key_id | The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms` | string | `` | no | -| name | Name (e.g. `app` or `cluster`) | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | `` | no | -| region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee | string | `` | no | -| sse_algorithm | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | string | `AES256` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map(string) | `` | no | -| user_enabled | Set to `true` to create an IAM user with permission to access the bucket | bool | `false` | no | -| versioning_enabled | A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket | bool | `false` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| access_key_id | The access key ID | -| bucket_arn | Bucket ARN | -| bucket_domain_name | FQDN of bucket | -| bucket_id | Bucket Name (aka ID) | -| enabled | Is module enabled | -| secret_access_key | The secret access key. This will be written to the state file in plain-text | -| user_arn | The ARN assigned by AWS for the user | -| user_enabled | Is user creation enabled | -| user_name | Normalized IAM user name | -| user_unique_id | The user unique ID assigned by AWS | - diff --git a/main.tf b/main.tf index dc65d1d2..a6b8b421 100644 --- a/main.tf +++ b/main.tf @@ -27,7 +27,7 @@ resource "aws_s3_bucket" "default" { rule { apply_server_side_encryption_by_default { sse_algorithm = var.sse_algorithm - kms_master_key_id = var.kms_master_key_id + kms_master_key_id = var.kms_master_key_arn } } } diff --git a/variables.tf b/variables.tf index 4b8bddb8..1413c453 100644 --- a/variables.tf +++ b/variables.tf @@ -69,10 +69,10 @@ variable "sse_algorithm" { description = "The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms`" } -variable "kms_master_key_id" { +variable "kms_master_key_arn" { type = string default = "" - description = "The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms`" + description = "The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms`" } variable "enabled" {