Merge pull request #38 from DNXLabs/feature/ebs-efs-kms-key

Add efs and ebs kms key variables

Author: lgothelipe

README.md

@@ -94,7 +94,9 @@ module "ecs_apps" {
 | certificate\_internal\_arn | certificate arn for internal ALB. | `string` | `""` | no |
 | create\_efs | Enables creation of EFS volume for cluster | `bool` | `true` | no |
 | create\_iam\_service\_linked\_role | Create iam\_service\_linked\_role for ECS or not. | `bool` | `false` | no |
+| ebs\_key\_arn | ARN of a KMS Key to use on EBS volumes | `string` | `""` | no |
 | ec2\_key\_enabled | Generate a SSH private key and include in launch template of ECS nodes | `bool` | `false` | no |
+| efs\_key\_arn | ARN of a KMS Key to use on EFS volumes | `string` | `""` | no |
 | efs\_lifecycle\_transition\_to\_ia | Option to enable EFS Lifecycle Transaction to IA | `string` | `""` | no |
 | efs\_lifecycle\_transition\_to\_primary\_storage\_class | Option to enable EFS Lifecycle Transaction to Primary Storage Class | `bool` | `false` | no |
 | enable\_schedule | Enables schedule to shut down and start up instances outside business hours. | `bool` | `false` | no |
@@ -103,7 +105,6 @@ module "ecs_apps" {
 | instance\_types | Instance type for ECS workers | `list(any)` | `[]` | no |
 | instance\_volume\_size | Volume size for docker volume (in GB). | `number` | `30` | no |
 | instance\_volume\_size\_root | Volume size for root volume (in GB). | `number` | `16` | no |
-| kms\_key\_arn | ARN of a KMS Key to use on EFS and EBS volumes | `string` | `""` | no |
 | lb\_access\_logs\_bucket | Bucket to store logs from lb access. | `string` | `""` | no |
 | lb\_access\_logs\_prefix | Bucket prefix to store lb access logs. | `string` | `""` | no |
 | name | Name of this ECS cluster. | `any` | n/a | yes |

_data.tf

@@ -32,6 +32,10 @@ data "aws_kms_key" "ebs" {
   key_id = "alias/aws/ebs"
 }
 
+data "aws_kms_key" "efs" {
+  key_id = "alias/aws/elasticfilesystem"
+}
+
 data "aws_ec2_managed_prefix_list" "s3" {
   name = "com.amazonaws.${data.aws_region.current.name}.s3"
 }

_variables.tf

@@ -267,9 +267,15 @@ variable "alarm_prefix" {
   default     = "alarm"
 }
 
-variable "kms_key_arn" {
+variable "ebs_key_arn" {
   type        = string
-  description = "ARN of a KMS Key to use on EFS and EBS volumes"
+  description = "ARN of a KMS Key to use on EBS volumes"
+  default     = ""
+}
+
+variable "efs_key_arn" {
+  type        = string
+  description = "ARN of a KMS Key to use on EFS volumes"
   default     = ""
 }
 

ec2-launch-template.tf

@@ -25,7 +25,7 @@ resource "aws_launch_template" "ecs" {
     ebs {
       volume_size = var.instance_volume_size
       encrypted   = true
-      kms_key_id  = var.kms_key_arn != "" ? var.kms_key_arn : null
+      kms_key_id  = var.ebs_key_arn != "" ? var.ebs_key_arn : null
     }
   }
 

efs.tf

@@ -2,7 +2,7 @@ resource "aws_efs_file_system" "ecs" {
   count          = var.create_efs ? 1 : 0
   creation_token = "ecs-${var.name}"
   encrypted      = true
-  kms_key_id     = var.kms_key_arn != "" ? var.kms_key_arn : null
+  kms_key_id     = var.efs_key_arn != "" ? var.efs_key_arn : null
 
   throughput_mode                 = var.throughput_mode
   provisioned_throughput_in_mibps = var.provisioned_throughput_in_mibps