terraform-aws-tfstate-backend icon indicating copy to clipboard operation
terraform-aws-tfstate-backend copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

Possible to add ability to use KMS over AES?

Open pbsladek opened this issue 5 years ago • 1 comments

Would like to be able to encrypt via KMS. Wondering if it is possible to add this ability.

https://www.terraform.io/docs/backends/types/s3.html#kms_key_id

pbsladek avatar Jul 08 '19 20:07 pbsladek

This can be done by overwriting the var terraform_backend_config_template_file with your own template file that includes the kms_key_id.

terraform {
  required_version = ">= ${terraform_version}"

  backend "s3" {
    region         = "${region}"
    bucket         = "${bucket}"
    key            = "${terraform_state_file}"
    dynamodb_table = "${dynamodb_table}"
    profile        = "${profile}"
    role_arn       = "${role_arn}"
    encrypt        = "${encrypt}"
    kms_key_id     = "arn:aws:..."
  }
}

nitrocode avatar Aug 18 '21 04:08 nitrocode