fleet/infrastructure/loadtesting/terraform/kms.tf at 6b37527c8ae29a78934e3754e9b2cdab9c20a2cf - Elgato_dark/fleet - Forgejo: Beyond coding. We Forge.

Elgato_dark/fleet

mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00

Jorge Falcon 3a112afdb6

Loadtesting - Enable Cloudfront (#31073 )

# Added
- Added kms.tf to support encrypting keys, specifically cloudfront keys.
- Added template/cloudfront.tf.disabled for use in enabling cloudfront.-
Modified ecs-iam.tf to support log-alb.tf, cloudfront.tf policies that
are injected into `local.extra_execution_iam_policies` and `local.iam`.
- Added log-alb.tf to enable logging alb, required by cloudfront.tf.

# Changed
- Modified ecs.tf to support adding of additional secrets from
`local.secrets`.
- Modified firehose.tf to support provider required updates for
deprecated resource configurations.
- Modified init.tf to support `> v5.0` of `hashicorp/aws` provider.
- Modified locals.tf to add `extra_execution_iam_policies`, `iam`,
`software_installers_kms_policy`, `extra_secrets`, secrets, and
`cloudfront_key_basename`, to support cloudfront.
- Modified readme.md with instructions on how to enable cloudfront.tf
- Modified redis.tf to support provider required updates for deprecated
resource configurations
- Modified s3.tf to support kms keys and add kms iam.
- Modified terraform version in .github/workflows/tfvalidate.yml - 1.9.0
-> 1.10.4

2025-07-21 16:41:06 -04:00

12 lines

No EOL

345 B

HCL

Raw Blame History

 resource "aws_kms_key" "customer_data_key" {
   description = "key used to encrypt sensitive data stored in terraform"
 }
 resource "aws_kms_alias" "alias" {
   name          = "alias/${terraform.workspace}-terraform-encrypted"
   target_key_id = aws_kms_key.customer_data_key.id
 }
 output "kms_key_id" {
   value = aws_kms_key.customer_data_key.id
 }