Move the cmk creation to outside of the module (#12)

* Move the cmk creation to the outside of the module * terraform-docs: automated update action Co-authored-by: lzrocha <[email protected]>
DNXLabs · Mar 3, 2022 · db30da7 · db30da7
1 parent 94726b0
commit db30da7
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 65 deletions.
diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ The following resources will be created:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| ecr\_cmk\_encryption | Enabled KMS CMK encryption for ECR repository | `bool` | `false` | no |
+| kms\_key\_arn | KMS Key ARN to use a CMK instead of default key | `string` | n/a | yes |
 | name | Name for ECR repository | `any` | n/a | yes |
 | trust\_accounts | Accounts to trust and allow ECR fetch | `list(string)` | n/a | yes |
 

diff --git a/_outputs.tf b/_outputs.tf
diff --git a/_variables.tf b/_variables.tf
@@ -7,8 +7,7 @@ variable "trust_accounts" {
   description = "Accounts to trust and allow ECR fetch"
 }
 
-variable "ecr_cmk_encryption" {
-  type        = bool
-  description = "Enabled KMS CMK encryption for ECR repository"
-  default     = false
+variable "kms_key_arn" {
+  type        = string
+  description = "KMS Key ARN to use a CMK instead of default key"
 }
diff --git a/ecr-repositories.tf b/ecr-repositories.tf
@@ -7,8 +7,6 @@ resource "aws_ecr_repository" "default" {
 
   encryption_configuration {
     encryption_type = "KMS"
-    kms_key         = try(var.ecr_cmk_encryption, false) ? aws_kms_key.ecr[0].arn : null
+    kms_key         = length(var.kms_key_arn) > 0 ? var.kms_key_arn : null
   }
-
-  depends_on = [aws_kms_alias.ecr]
 }
diff --git a/kms.tf b/kms.tf