feat: added Replica-Key and Replica-External-Key(CMK)

_example/example.tf

@@ -20,7 +20,6 @@ module "kms_key" {
 
   deletion_window_in_days = 7
   alias                   = "alias/cloudtrail_Name"
-  enabled                 = true
   kms_key_enabled         = true
   multi_region            = true
   create_external_enabled = true

main.tf

@@ -9,6 +9,7 @@ module "labels" {
   environment = var.environment
   managedby   = var.managedby
   label_order = var.label_order
+  attributes  = var.attributes
 }
 
 ####----------------------------------------------------------------------------------
@@ -17,15 +18,16 @@ module "labels" {
 resource "aws_kms_key" "default" {
   count = var.enabled && var.kms_key_enabled ? 1 : 0
 
-  description              = var.description
-  key_usage                = var.key_usage
-  deletion_window_in_days  = var.deletion_window_in_days
-  is_enabled               = var.is_enabled
-  enable_key_rotation      = var.enable_key_rotation
-  customer_master_key_spec = var.customer_master_key_spec
-  policy                   = var.policy
-  multi_region             = var.multi_region
-  tags                     = module.labels.tags
+  description                        = var.description
+  key_usage                          = var.key_usage
+  deletion_window_in_days            = var.deletion_window_in_days
+  is_enabled                         = var.is_enabled
+  enable_key_rotation                = var.enable_key_rotation
+  customer_master_key_spec           = var.customer_master_key_spec
+  policy                             = var.policy
+  multi_region                       = var.multi_region
+  bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
+  tags                               = module.labels.tags
 }
 
 ####----------------------------------------------------------------------------------
@@ -46,12 +48,48 @@ resource "aws_kms_external_key" "external" {
   tags = module.labels.tags
 }
 
+####----------------------------------------------------------------------------------
+## Replica Key
+####----------------------------------------------------------------------------------
+
+resource "aws_kms_replica_key" "replica" {
+  count = var.enabled && var.create_replica_enabled ? 1 : 0
+
+  bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
+  deletion_window_in_days            = var.deletion_window_in_days
+  description                        = var.description
+  primary_key_arn                    = var.primary_key_arn
+  enabled                            = var.is_enabled
+  policy                             = var.policy
+
+  tags = module.labels.tags
+}
+
+####----------------------------------------------------------------------------------
+## Replica External Key
+####----------------------------------------------------------------------------------
+
+resource "aws_kms_replica_external_key" "replica_external" {
+  count = var.enabled && var.create_replica_external_enabled ? 1 : 0
+
+  bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
+  deletion_window_in_days            = var.deletion_window_in_days
+  description                        = var.description
+  enabled                            = var.is_enabled
+  key_material_base64                = var.key_material_base64
+  policy                             = var.policy
+  primary_key_arn                    = var.primary_external_key_arn
+  valid_to                           = var.valid_to
+
+  tags = module.labels.tags
+}
+
 ##----------------------------------------------------------------------------------
 ## Provides an alias for a KMS customer master key.
 ##----------------------------------------------------------------------------------
 resource "aws_kms_alias" "default" {
   count = var.enabled ? 1 : 0
 
   name          = coalesce(var.alias, format("alias/%v", module.labels.id))
-  target_key_id = join("", aws_kms_key.default.*.id)
+  target_key_id = try(aws_kms_key.default[0].key_id, aws_kms_external_key.external[0].id, aws_kms_replica_key.replica[0].key_id, aws_kms_replica_external_key.replica_external[0].key_id)
 }

outputs.tf

@@ -1,10 +1,10 @@
 output "key_arn" {
-  value       = join("", aws_kms_key.default.*.arn)
+  value       = try(aws_kms_key.default[0].arn, aws_kms_external_key.external[0].arn, aws_kms_replica_key.replica[0].arn, aws_kms_replica_external_key.replica_external[0].arn)
   description = "Key ARN."
 }
 
 output "key_id" {
-  value       = join("", aws_kms_key.default.*.key_id)
+  value       = try(aws_kms_key.default[0].key_id, aws_kms_external_key.external[0].id, aws_kms_replica_key.replica[0].key_id, aws_kms_replica_external_key.replica_external[0].key_id)
   description = "Key ID."
 }
 

variables.tf

@@ -30,12 +30,6 @@ variable "attributes" {
   description = "Additional attributes (e.g. `1`)."
 }
 
-variable "tags" {
-  type        = map(string)
-  default     = {}
-  description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
-}
-
 variable "managedby" {
   type        = string
   default     = "hello@clouddrove.com"
@@ -148,14 +142,14 @@ variable "policy" {
   description = "A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws_iam_policy_document`, in the form that designates a principal, can be used"
 }
 
-variable "computed_aliases" {
-  description = "A map of aliases to create. Values provided via the `name` key of the map can be computed from upstream resources"
-  type        = any
-  default     = {}
+variable "create_replica_enabled" {
+  type        = bool
+  default     = false
+  description = "Determines whether a replica standard CMK will be created (AWS provided material)"
 }
 
-variable "aliases_use_name_prefix" {
-  description = "Determines whether the alias name is used as a prefix"
+variable "create_replica_external_enabled" {
   type        = bool
   default     = false
+  description = "Determines whether a replica external CMK will be created (externally provided material)"
 }