aws-lambda-kms-encryption/main.tf at master · goci-io/aws-lambda-kms-encryption · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
terraform {
  required_version = ">= 0.12.1"

  required_providers {
    archive = "~> 1.2"
    null    = "~> 2.1"
  }
}

data "aws_caller_identity" "current" {}
data "aws_region" "current" {}

locals {
  aws_region        = var.aws_region == "" ? data.aws_region.current.name : var.aws_region
  aws_account_id    = var.aws_account_id == "" ? data.aws_caller_identity.current.account_id : var.aws_account_id
  named_assume_role = var.aws_assume_role_name == "" || var.aws_account_id == "" ? "" : format("arn:aws:iam::%s:role/%s", var.aws_account_id, var.aws_assume_role_name)
  assume_role_arn   = var.aws_assume_role_arn == "" ? local.named_assume_role : var.aws_assume_role_arn
}

provider "aws" {
  version = "~> 2.25"
  region  = var.aws_region

  dynamic "assume_role" {
    iterator = role
    for_each = local.assume_role_arn == "" ? [] : [local.assume_role_arn]

    content {
      role_arn = role.value
    }
  }
}

module "label" {
  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.15.0"
  namespace  = var.namespace
  stage      = var.stage
  name       = var.name
  delimiter  = var.delimiter
  attributes = var.attributes
  tags       = merge(var.tags, { Region = var.region, Purpose = "Cryptography" })
}

module "region_label" {
  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.15.0"
  context    = module.label.context
  attributes = [var.region]
}