feat(aws-mongodbatlas-cluster): option to pass aws_kms config values …

…as seperate variables (#217)

modules/aws-mongodbatlas-cluster/main.tf

@@ -152,9 +152,9 @@ resource "mongodbatlas_encryption_at_rest" "aws_encryption" {
 
   aws_kms_config {
     enabled                = true
-    customer_master_key_id = lookup(var.aws_kms_config, "customer_master_key_id")
-    region                 = lookup(var.aws_kms_config, "region")
-    role_id                = lookup(var.aws_kms_config, "atlas_role_id")
+    customer_master_key_id = coalesce(lookup(var.aws_kms_config, "customer_master_key_id"), var.kms_customer_master_key_id)
+    region                 = coalesce(lookup(var.aws_kms_config, "region"), var.kms_region)
+    role_id                = coalesce(lookup(var.aws_kms_config, "atlas_role_id"), var.atlas_role_id)
   }
 }
 

modules/aws-mongodbatlas-cluster/variables.tf

@@ -123,6 +123,24 @@ variable "encryption_at_rest_provider" {
   default     = ""
 }
 
+variable "kms_customer_master_key_id" {
+  type        = string
+  description = "The AWS customer master key used to encrypt and decrypt the MongoDB master keys."
+  default     = null
+}
+
+variable "kms_region" {
+  type        = string
+  description = "The AWS region in which the AWS customer master key exists needed for atlas encryption at rest. Example values: EU_WEST_1, US_EAST_1"
+  default     = null
+}
+
+variable "atlas_role_id" {
+  type        = string
+  description = "Variable to define the atlas role needed for atlas encryption at rest."
+  default     = null
+}
+
 locals {
   cloud_provider = "AWS"
 }