| 1234567891011121314151617181920 |
- locals {
- # For the default EBS key, we allow the entire account access
- root_arn = "arn:${var.aws_partition}:iam::${var.aws_account_id}:root"
- }
- module "jira_key" {
- source = "../../../submodules/kms/ebs-key"
- name = "${var.identifier}_key"
- alias = "alias/${var.identifier}"
- description = "encrypt and decrypt the ${var.identifier} RDS" # updated to match legacy
- tags = merge(var.standard_tags, var.tags)
- key_admin_arns = []
- key_user_arns = concat([local.root_arn], var.extra_key_users)
- key_attacher_arns = concat([local.root_arn], var.extra_key_attachers)
- standard_tags = var.standard_tags
- aws_account_id = var.aws_account_id
- aws_partition = var.aws_partition
- is_legacy = var.is_legacy
- }
|
