From f3a2a23d4cf70f7364f35a6392527334fb29aaf9 Mon Sep 17 00:00:00 2001
From: ORuessel <92107707+ORuessel@users.noreply.github.com>
Date: Fri, 12 Aug 2022 15:16:49 +0200
Subject: [PATCH 1/3] Update main.tf

upgrade to support aliases and permission for aws_kms_external
---
 main.tf | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 7951697..a213c46 100644
--- a/main.tf
+++ b/main.tf
@@ -253,7 +253,7 @@ resource "aws_kms_alias" "this" {
 
   name          = var.aliases_use_name_prefix ? null : "alias/${each.value}"
   name_prefix   = var.aliases_use_name_prefix ? "alias/${each.value}-" : null
-  target_key_id = aws_kms_key.this[0].id
+  target_key_id = var.create_external ? aws_kms_external_key.this[0].id : aws_kms_key.this[0].key_id
 }
 
 ################################################################################
@@ -264,7 +264,7 @@ resource "aws_kms_grant" "this" {
   for_each = { for k, v in var.grants : k => v if var.create }
 
   name              = try(each.value.name, each.key)
-  key_id            = aws_kms_key.this[0].key_id
+  key_id            = var.create_external ? aws_kms_external_key.this[0].id : aws_kms_key.this[0].key_id
   grantee_principal = each.value.grantee_principal
   operations        = each.value.operations
 
@@ -281,3 +281,5 @@ resource "aws_kms_grant" "this" {
   grant_creation_tokens = try(each.value.grant_creation_tokens, null)
   retire_on_delete      = try(each.value.retire_on_delete, null)
 }
+
+

From 659b79ada7184681fa354c62b539beee3b293a16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20R=C3=BC=C3=9Fel?= <oliver.ruessel@ibs.valantic.com>
Date: Sun, 14 Aug 2022 11:35:28 +0200
Subject: [PATCH 2/3] delete extra lines

---
 main.tf | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index a213c46..29fddeb 100644
--- a/main.tf
+++ b/main.tf
@@ -280,6 +280,4 @@ resource "aws_kms_grant" "this" {
   retiring_principal    = try(each.value.retiring_principal, null)
   grant_creation_tokens = try(each.value.grant_creation_tokens, null)
   retire_on_delete      = try(each.value.retire_on_delete, null)
-}
-
-
+}
\ No newline at end of file

From 8049df9f694bb8b0e00839b42810f9a1cb3de5e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20R=C3=BC=C3=9Fel?= <oliver.ruessel@ibs.valantic.com>
Date: Mon, 15 Aug 2022 16:02:44 +0200
Subject: [PATCH 3/3] update fix last line

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 29fddeb..43293f2 100644
--- a/main.tf
+++ b/main.tf
@@ -280,4 +280,4 @@ resource "aws_kms_grant" "this" {
   retiring_principal    = try(each.value.retiring_principal, null)
   grant_creation_tokens = try(each.value.grant_creation_tokens, null)
   retire_on_delete      = try(each.value.retire_on_delete, null)
-}
\ No newline at end of file
+}