terraform-aws-tardigrade-keystore

Terraform module to create a keystore within S3/SSM

Testing

Manual testing:

# Replace "xxx" with an actual AWS profile, then execute the integration tests.
export AWS_PROFILE=xxx 
make terraform/pytest PYTEST_ARGS="-v --nomock"

For automated testing, PYTEST_ARGS is optional and no profile is needed:

make mockstack/up
make terraform/pytest PYTEST_ARGS="-v"
make mockstack/clean

Requirements

Name	Version
terraform	>= 1.2
aws	>= 4.0

Providers

Name	Version
aws	>= 4.0

Resources

Name	Type

Inputs

Name	Description	Type	Default	Required
backend	Specify backend type for the keystore of keys and values: ddb, s3, or ssm	string	n/a	yes
keys_and_values	Map of keys and values to manage in the keystore	map(string)	n/a	yes
backend_ddb	Configuration options for the ddb backend. Table must already exist, with Partition Key set to Key. Values will be added to the attribute Value. Required when backend = "ddb"	object({ # Name of the DynamoDB table for the keystore table_name = string })	null	no
backend_s3	Configuration options for the s3 backend. Bucket must already exist. Required when backend = "s3"	object({ # Name of the S3 bucket for the keystore bucket_name = string # MIME content type for the S3 objects content_type = string })	null	no
backend_ssm	Configuration options for the ssm backend. Required when backend = "ssm"	object({ # KMS Key ID used to encrypt the parameter, when type = "SecureString" key_id = string # Type of parameter to create type = string })	null	no
namespace	Namespace used to prefix all keys in the keystore	string	null	no
tags	A map of tags to add to all keystore objects	map(string)	{}	no

Outputs

Name	Description
ddb_items	Map of ddb table item objects created by the keystore module
s3_objects	Map of S3 bucket objects created by the keystore module
ssm_parameters	Map of ssm parameter objects created by the keystore module