mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
3a112afdb6
# Added - Added kms.tf to support encrypting keys, specifically cloudfront keys. - Added template/cloudfront.tf.disabled for use in enabling cloudfront.- Modified ecs-iam.tf to support log-alb.tf, cloudfront.tf policies that are injected into `local.extra_execution_iam_policies` and `local.iam`. - Added log-alb.tf to enable logging alb, required by cloudfront.tf. # Changed - Modified ecs.tf to support adding of additional secrets from `local.secrets`. - Modified firehose.tf to support provider required updates for deprecated resource configurations. - Modified init.tf to support `> v5.0` of `hashicorp/aws` provider. - Modified locals.tf to add `extra_execution_iam_policies`, `iam`, `software_installers_kms_policy`, `extra_secrets`, secrets, and `cloudfront_key_basename`, to support cloudfront. - Modified readme.md with instructions on how to enable cloudfront.tf - Modified redis.tf to support provider required updates for deprecated resource configurations - Modified s3.tf to support kms keys and add kms iam. - Modified terraform version in .github/workflows/tfvalidate.yml - 1.9.0 -> 1.10.4
12 lines
No EOL
345 B
HCL
12 lines
No EOL
345 B
HCL
resource "aws_kms_key" "customer_data_key" {
|
|
description = "key used to encrypt sensitive data stored in terraform"
|
|
}
|
|
|
|
resource "aws_kms_alias" "alias" {
|
|
name = "alias/${terraform.workspace}-terraform-encrypted"
|
|
target_key_id = aws_kms_key.customer_data_key.id
|
|
}
|
|
|
|
output "kms_key_id" {
|
|
value = aws_kms_key.customer_data_key.id
|
|
} |