| Name | Version |
|---|---|
| aws | >= 2.42, < 4.0.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| enable_kms_vpce | Enable provisioning a VPC Endpoint for KMS | bool |
false |
no |
| kms_key_alias | Alias to apply to the KMS key. Must begin with alias/ |
string |
"alias/vault_auto_unseal" |
no |
| tags | Tags to apply to resources that support it | map |
{ |
no |
| vpc_id | ID of the VPC to provision the endpoints in | string |
"" |
no |
| vpce_sg_name | Name of the security group to provision for the KMS VPC Endpoint | string |
"KMS VPC Endpoint" |
no |
| vpce_subnets | List of subnets to provision the VPC Endpoint in. The Autoscaling group for Vault must be configured to use the same subnets that the VPC Endpoint are provisioned in. Note that because the KMS VPCE might not be supported in all the Availability Zones, you should use the output from the module to provide the list of subnets for your Vault ASG. | list(string) |
[] |
no |
| vpce_subnets_count | Number of subnets provided in vpce_subnets |
number |
0 |
no |
| Name | Description |
|---|---|
| kms_key_arn | ARN of the KMS CMK provisioned |
| vpce_kms_dns_name | DNS name for the KMS VPC Endpoint |
| vpce_kms_security_group | ID of the security group created for the VPC endpoint |
| vpce_kms_subnets | List of subnets where the KMS VPC Endpoint was provisioned |