Terraform - retrieving arn from another module



  • I'm trying to get the arn of the kms key for use in the S3 bucket kms_master_key_id, the code below is how I thought it might work. I can output the arn value to the root but am unsure how to access this in the S3 resource.

    Thanks

    main.tf

      module "s3_bucket" {
      source = "./modules/S3"
    }
    

    module "kms" {
    source = "./modules/kms"
    }

    outputs.tf

    output "kms_arn" {
      value = module.kms.kms_arn
    }
    

    modules/kms/kms.tf

    resource "aws_kms_key" "key" {
      policy = data.aws_iam_policy_document.cmk.json
    }
    

    resource "aws_kms_alias" "key_alias" {
    name = "alias/kms-key"
    target_key_id = aws_kms_key.key.id
    }

    modules/kms/_outputs.tf

    output "kms_arn" {
      value = aws_kms_key.key.arn
    }
    

    modules/S3/main.tf

    resource "aws_s3_bucket" "bucket" {
    

    bucket = "09432804238423098"
    acl = "private"
    versioning {
    enabled = false
    }
    force_destroy = true
    server_side_encryption_configuration {
    rule {
    apply_server_side_encryption_by_default {
    kms_master_key_id = ../aws_kms_key.key.arn
    sse_algorithm = "aws:kms"
    }
    }
    }
    }



  • main.tf

      module "s3_bucket" {
      source = "./modules/S3"
      kms_master_key_id = module.kms.kms_arn
    }
    

    module "kms" {
    source = "./modules/kms"
    }

    modules/kms/kms.tf

    resource "aws_kms_key" "key" {
      policy = data.aws_iam_policy_document.cmk.json
    }
    

    resource "aws_kms_alias" "key_alias" {
    name = "alias/kms-key"
    target_key_id = aws_kms_key.key.id
    }

    modules/kms/_outputs.tf

    output "kms_arn" {
      value = aws_kms_key.key.arn
    }
    

    modules/S3/main.tf

    resource "aws_s3_bucket" "bucket" {
    

    bucket = "09432804238423098"
    acl = "private"
    versioning {
    enabled = false
    }
    force_destroy = true
    server_side_encryption_configuration {
    rule {
    apply_server_side_encryption_by_default {
    kms_master_key_id = var.kms_master_key_id
    sse_algorithm = "aws:kms"
    }
    }
    }
    }

    modules/S3/variables.tf

    variable "kms_master_key_id" {
      default = ""
    }
    

Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2