github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-25 02:41:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add EKS Secret envelope encryption support (#772)

Browse Source 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/
This commit is contained in:
Wolodja Wentland
2020-03-11 11:26:06 +00:00
committed by GitHub
parent 2715b01e4e
commit 23c005e5ef
8 changed files with 218 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cluster.tf
View File

@@ -27,6 +27,17 @@ resource "aws_eks_cluster" "this" {
delete = var.cluster_delete_timeout
}
dynamic encryption_config {
for_each = toset(var.cluster_encryption_config)
content {
provider {
key_arn = encryption_config.value["provider_key_arn"]
}
resources = encryption_config.value["resources"]
}
}
depends_on = [
aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy,
aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy,