From 58148f895d3f61911f0ace258204a05a5e804f15 Mon Sep 17 00:00:00 2001 From: xpk Date: Wed, 21 Feb 2024 13:52:03 +0800 Subject: [PATCH] UPD: added custom kms key support. the default alias/aws/sns key does not work. --- .../acm-cert-expiry-notice/README.md | 11 ++++++----- .../acm-cert-expiry-notice/main.tf | 4 ++-- .../acm-cert-expiry-notice/variables.tf | 5 +++++ 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/modules/ManagementGovernance/acm-cert-expiry-notice/README.md b/modules/ManagementGovernance/acm-cert-expiry-notice/README.md index fb3ea38..83198a7 100644 --- a/modules/ManagementGovernance/acm-cert-expiry-notice/README.md +++ b/modules/ManagementGovernance/acm-cert-expiry-notice/README.md @@ -67,11 +67,12 @@ An error occurred (ValidationException) when calling the PutAccountConfiguration ## Inputs -| Name | Description | Type | Default | Required | -|------|-----------------------------------------------------|------|---------|:--------:| -| days-before-expiry | ACM DaysBeforeExpiry account configuration | `number` | `45` | no | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| days-before-expiry | ACM DaysBeforeExpiry account configuration | `number` | `45` | no | | email-addresses | Set of email addresses to receive SNS notifications | `set(string)` | n/a | yes | -| res-prefix | Resource name prefix | `string` | `"aws"` | no | +| res-prefix | Resource name prefix | `string` | `"aws"` | no | +| sns-kms-key-arn | ARN of KMS key used for SNS encryption | `string` | `null` | no | ## Outputs @@ -79,4 +80,4 @@ No outputs. --- ## Authorship -This module was developed by xpk. \ No newline at end of file +This module was developed by UPDATE_THIS. \ No newline at end of file diff --git a/modules/ManagementGovernance/acm-cert-expiry-notice/main.tf b/modules/ManagementGovernance/acm-cert-expiry-notice/main.tf index 541cff9..63cfa31 100644 --- a/modules/ManagementGovernance/acm-cert-expiry-notice/main.tf +++ b/modules/ManagementGovernance/acm-cert-expiry-notice/main.tf @@ -45,8 +45,8 @@ module "awscli" { # SNS topic and subscription resource "aws_sns_topic" "ssl-cert-expiry-notice" { - name = "${var.res-prefix}-ssl-cert-expiry-notice-${random_id.this.dec}" - # kms_master_key_id = "alias/aws/sns" + name = "${var.res-prefix}-ssl-cert-expiry-notice-${random_id.this.dec}" + kms_master_key_id = var.sns-kms-key-arn } resource "aws_sns_topic_policy" "default" { diff --git a/modules/ManagementGovernance/acm-cert-expiry-notice/variables.tf b/modules/ManagementGovernance/acm-cert-expiry-notice/variables.tf index f94886b..00997a4 100644 --- a/modules/ManagementGovernance/acm-cert-expiry-notice/variables.tf +++ b/modules/ManagementGovernance/acm-cert-expiry-notice/variables.tf @@ -15,3 +15,8 @@ variable "res-prefix" { default = "aws" } +variable "sns-kms-key-arn" { + type = string + description = "ARN of KMS key used for SNS encryption" + default = null +} \ No newline at end of file