# Terraform configuration to create a Customer Master Key (CMK) in AWS KMS,
# create an alias, and enable key rotation.

provider "aws" {
  region = "us-east-1"
}

# --- 1. Create KMS Key (CMK) ---
resource "aws_kms_key" "my_cmk" {
  description             = "My Terraform Test CMK"
  deletion_window_in_days = 7 # Required for deletion
  enable_key_rotation     = true # Enable automatic key rotation

  tags = {
    Name        = "MyTerraformCMK"
    Environment = "Dev"
  }
}

# --- 2. Create Alias for CMK ---
resource "aws_kms_alias" "my_cmk_alias" {
  name          = "alias/MyTerraformCMK"
  target_key_id = aws_kms_key.my_cmk.id
}

# --- Outputs ---
output "kms_key_id" {
  value       = aws_kms_key.my_cmk.id
  description = "The ID of the created KMS CMK."
}

output "kms_key_arn" {
  value       = aws_kms_key.my_cmk.arn
  description = "The ARN of the created KMS CMK."
}

output "kms_alias_name" {
  value       = aws_kms_alias.my_cmk_alias.name
  description = "The alias name for the KMS CMK."
}