Used to create a DNSSEC compliant KMS key. Thought is that this alleviates creating a KMS key per domain to minimize reoccuring cost. Can be used in conjunction with lupus-metallum/terraform-aws-r53-zone.
module "dnssec_key" {
source = "Lupus-Metallum/dnssec-kms/aws"
version = "1.0.4"
name = "my-dnssec-key"
}
module "my_dnssec_zone" {
source = "Lupus-Metallum/r53-zone/aws"
version = "1.0.12"
domain_name = "example.com"
dnssec = true
kms_key_arn = module.dnssec_key.key_arn
signing_key_name = "my-signing-key"
ttl = 300
}
| Name | Version |
|---|---|
| aws | n/a |
| Name | Type |
|---|---|
| aws_kms_alias.this | resource |
| aws_kms_key.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Name to use for Key and Key Alias | string |
n/a | yes |
| deletion_window_days | The number of days to use for holding the kms key after delete. | number |
14 |
no |
| description | Description to use for KMS key | string |
"Used to sign dnssec records" |
no |
| Name | Description |
|---|---|
| key_arn | n/a |
| key_id | n/a |
