alicloud_kms_policy

Provides a KMS Policy resource. Permission policies which can be bound to the Application Access Points.

For information about KMS Policy and how to use it, see What is Policy.

Example Usage

Basic Usage

variable "name" {
  default = "terraform-example"
}

resource "alicloud_kms_network_rule" "networkRule1" {
  description       = "dummy"
  source_private_ip = ["10.10.10.10"]
  network_rule_name = format("%s1", var.name)
}

resource "alicloud_kms_network_rule" "networkRule2" {
  description       = "dummy"
  source_private_ip = ["10.10.10.10"]
  network_rule_name = format("%s2", var.name)
}

resource "alicloud_kms_network_rule" "networkRule3" {
  description       = "dummy"
  source_private_ip = ["10.10.10.10"]
  network_rule_name = format("%s3", var.name)
}


resource "alicloud_kms_policy" "default" {
  description          = "terraformpolicy"
  permissions          = ["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]
  resources            = ["secret/*", "key/*"]
  policy_name          = var.name
  kms_instance_id      = "shared"
  access_control_rules = <<EOF
  {
      "NetworkRules":[
          "alicloud_kms_network_rule.networkRule1.network_rule_name"
      ]
  }
  EOF
}
  {
      "NetworkRules":[
          "alicloud_kms_network_rule.networkRule1.network_rule_name"
      ]
  }
  EOF
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

KMS Policy can be imported using the id, e.g.

$ terraform import alicloud_kms_policy.example <id>