{ "version": 4, "terraform_version": "1.3.1", "serial": 14, "lineage": "e3e93a0f-93ed-63a2-17ab-4fa507053640", "outputs": {}, "resources": [ { "mode": "data", "type": "aws_iam_policy_document", "name": "assume_role", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { "id": "1903849331", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n }\n }\n ]\n}", "override_json": null, "override_policy_documents": null, "policy_id": null, "source_json": null, "source_policy_documents": null, "statement": [ { "actions": [ "sts:AssumeRole" ], "condition": [], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "ec2.amazonaws.com" ], "type": "Service" } ], "resources": [], "sid": "" } ], "version": "2012-10-17" }, "sensitive_attributes": [] } ] }, { "mode": "data", "type": "aws_iam_policy_document", "name": "vault-kms-unseal", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { "id": "2560863897", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VaultKMSUnseal\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"arn:aws:kms:ap-northeast-2:508259851457:key/c7641fb7-1689-4ec0-80ea-8b931deeb5a1\"\n }\n ]\n}", "override_json": null, "override_policy_documents": null, "policy_id": null, "source_json": null, "source_policy_documents": null, "statement": [ { "actions": [ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt" ], "condition": [], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [], "resources": [ "arn:aws:kms:ap-northeast-2:508259851457:key/c7641fb7-1689-4ec0-80ea-8b931deeb5a1" ], "sid": "VaultKMSUnseal" } ], "version": "2012-10-17" }, "sensitive_attributes": [] } ] }, { "mode": "managed", "type": "aws_iam_instance_profile", "name": "vault-kms-unseal", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { "arn": "arn:aws:iam::508259851457:instance-profile/vault-kms-unseal-mighty_terrier", "create_date": "2022-12-12T08:20:12Z", "id": "vault-kms-unseal-mighty_terrier", "name": "vault-kms-unseal-mighty_terrier", "name_prefix": null, "path": "/", "role": "vault-kms-role-mighty_terrier", "tags": {}, "tags_all": {}, "unique_id": "AIPAXMVVF3TAVAWIQ62TS" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ "aws_iam_role.vault-kms-unseal", "data.aws_iam_policy_document.assume_role", "random_pet.env" ] } ] }, { "mode": "managed", "type": "aws_iam_role", "name": "vault-kms-unseal", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { "arn": "arn:aws:iam::508259851457:role/vault-kms-role-mighty_terrier", "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", "create_date": "2022-12-12T08:20:10Z", "description": "", "force_detach_policies": false, "id": "vault-kms-role-mighty_terrier", "inline_policy": [ { "name": "Vault-KMS-Unseal-mighty_terrier", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VaultKMSUnseal\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"arn:aws:kms:ap-northeast-2:508259851457:key/c7641fb7-1689-4ec0-80ea-8b931deeb5a1\"\n }\n ]\n}" } ], "managed_policy_arns": [], "max_session_duration": 3600, "name": "vault-kms-role-mighty_terrier", "name_prefix": "", "path": "/", "permissions_boundary": null, "tags": {}, "tags_all": {}, "unique_id": "AROAXMVVF3TA3MJDOSJFJ" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ "data.aws_iam_policy_document.assume_role", "random_pet.env" ] } ] }, { "mode": "managed", "type": "aws_iam_role_policy", "name": "vault-kms-unseal", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { "id": "vault-kms-role-mighty_terrier:Vault-KMS-Unseal-mighty_terrier", "name": "Vault-KMS-Unseal-mighty_terrier", "name_prefix": null, "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VaultKMSUnseal\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"arn:aws:kms:ap-northeast-2:508259851457:key/c7641fb7-1689-4ec0-80ea-8b931deeb5a1\"\n }\n ]\n}", "role": "vault-kms-role-mighty_terrier" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ "aws_iam_role.vault-kms-unseal", "data.aws_iam_policy_document.assume_role", "data.aws_iam_policy_document.vault-kms-unseal", "random_pet.env" ] } ] }, { "mode": "managed", "type": "aws_kms_alias", "name": "vault-a", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { "arn": "arn:aws:kms:ap-northeast-2:508259851457:alias/prod-vault-auto-unseal", "id": "alias/prod-vault-auto-unseal", "name": "alias/prod-vault-auto-unseal", "name_prefix": "", "target_key_arn": "arn:aws:kms:ap-northeast-2:508259851457:key/c7641fb7-1689-4ec0-80ea-8b931deeb5a1", "target_key_id": "c7641fb7-1689-4ec0-80ea-8b931deeb5a1" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ "aws_kms_key.vault", "random_pet.env" ] } ] }, { "mode": "managed", "type": "aws_kms_key", "name": "vault", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, "attributes": { "arn": "arn:aws:kms:ap-northeast-2:508259851457:key/c7641fb7-1689-4ec0-80ea-8b931deeb5a1", "bypass_policy_lockout_safety_check": false, "custom_key_store_id": "", "customer_master_key_spec": "SYMMETRIC_DEFAULT", "deletion_window_in_days": 10, "description": "Vault unseal key", "enable_key_rotation": false, "id": "c7641fb7-1689-4ec0-80ea-8b931deeb5a1", "is_enabled": true, "key_id": "c7641fb7-1689-4ec0-80ea-8b931deeb5a1", "key_usage": "ENCRYPT_DECRYPT", "multi_region": false, "policy": "{\"Id\":\"key-default-1\",\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::508259851457:root\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM User Permissions\"}],\"Version\":\"2012-10-17\"}", "tags": { "Name": "vault-kms-unseal-mighty_terrier" }, "tags_all": { "Name": "vault-kms-unseal-mighty_terrier" } }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ "random_pet.env" ] } ] }, { "mode": "managed", "type": "random_pet", "name": "env", "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", "instances": [ { "schema_version": 0, "attributes": { "id": "mighty_terrier", "keepers": null, "length": 2, "prefix": null, "separator": "_" }, "sensitive_attributes": [] } ] } ], "check_results": [] }