Merge pull request #2 from trussworks/fixing-kms-key

Making kms_key_arn a module parameter
trussworks · Nov 26, 2019 · 99568cf · 99568cf
2 parents 02e6f87 + ab10051
commit 99568cf
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ module "rds-snapshot-cleaner" {
 | cloudwatch\_logs\_retention\_days | Number of days to keep logs in AWS CloudWatch. | string | `"90"` | no |
 | environment | Environment tag, e.g prod. | string | n/a | yes |
 | interval\_minutes | How often to run the Lambda function in minutes. | string | `"5"` | no |
+| kms\_key\_arn | ARN of the KMS key used for encrypting environment variables. | string | `""` | no |
 | s3\_bucket | The name of the S3 bucket used to store the Lambda builds. | string | n/a | yes |
 | version\_to\_deploy | The version the Lambda function to deploy. | string | n/a | yes |
 

diff --git a/main.tf b/main.tf
@@ -176,7 +176,7 @@ resource "aws_lambda_function" "main" {
   timeout       = "60"
 
   # Default AWS managed key for lambda functions
-  kms_key_arn = "arn:aws:kms:us-west-2:923914045601:key/1408a5f1-c280-4e54-9276-f68169fbf165"
+  kms_key_arn = var.kms_key_arn
 
   environment {
     variables = {

diff --git a/variables.tf b/variables.tf
@@ -34,6 +34,12 @@ variable "interval_minutes" {
   type        = string
 }
 
+variable "kms_key_arn" {
+  description = "ARN of the KMS key used for encrypting environment variables."
+  type        = string
+  default     = ""
+}
+
 variable "s3_bucket" {
   description = "The name of the S3 bucket used to store the Lambda builds."
   type        = string