Add encrypted and kms_key_id arguments to the ebs_* and root_* block (#…

…124) * Add encrypted and kms_key_id arguments to the ebs_* and root_* block device configuration blocks This commit resolves #6 * Updated example to include volume encryption settings
terraform-aws-modules · Aug 27, 2019 · a327acd · a327acd
1 parent dc4cc78
commit a327acd
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -58,10 +58,13 @@ resource "aws_placement_group" "web" {
   strategy = "cluster"
 }
 
+resource "aws_kms_key" "this" {
+}
+
 module "ec2" {
   source = "../../"
 
-  instance_count = 2
+  instance_count = 1
 
   name          = "example-normal"
   ami           = data.aws_ami.amazon_linux.id
@@ -79,6 +82,16 @@ module "ec2" {
     },
   ]
 
+  ebs_block_device = [
+    {
+      device_name = "/dev/sdf"
+      volume_type = "gp2"
+      volume_size = 5
+      encrypted   = true
+      kms_key_id  = aws_kms_key.this.arn
+    }
+  ]
+
   tags = {
     "Env"      = "Private"
     "Location" = "Secret"

diff --git a/main.tf b/main.tf
@@ -32,7 +32,9 @@ resource "aws_instance" "this" {
     for_each = var.root_block_device
     content {
       delete_on_termination = lookup(root_block_device.value, "delete_on_termination", null)
+      encrypted             = lookup(root_block_device.value, "encrypted", null)
       iops                  = lookup(root_block_device.value, "iops", null)
+      kms_key_id            = lookup(root_block_device.value, "kms_key_id", null)
       volume_size           = lookup(root_block_device.value, "volume_size", null)
       volume_type           = lookup(root_block_device.value, "volume_type", null)
     }
@@ -45,6 +47,7 @@ resource "aws_instance" "this" {
       device_name           = ebs_block_device.value.device_name
       encrypted             = lookup(ebs_block_device.value, "encrypted", null)
       iops                  = lookup(ebs_block_device.value, "iops", null)
+      kms_key_id            = lookup(ebs_block_device.value, "kms_key_id", null)
       snapshot_id           = lookup(ebs_block_device.value, "snapshot_id", null)
       volume_size           = lookup(ebs_block_device.value, "volume_size", null)
       volume_type           = lookup(ebs_block_device.value, "volume_type", null)