From 3a1f7c9c85143a0b6038865fd0b2c4c0c5a490d1 Mon Sep 17 00:00:00 2001
From: Bayron Carranza <bayron.carranza@gmail.com>
Date: Mon, 20 Jun 2022 15:48:19 -0600
Subject: [PATCH] enabled rotation for kms eks cluster (#333)

---
 terraform-modules/aws/eks/main.tf      | 1 +
 terraform-modules/aws/eks/variables.tf | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/terraform-modules/aws/eks/main.tf b/terraform-modules/aws/eks/main.tf
index 0a8c337c3..e81ce479a 100644
--- a/terraform-modules/aws/eks/main.tf
+++ b/terraform-modules/aws/eks/main.tf
@@ -27,6 +27,7 @@ provider "kubernetes" {
 
 resource "aws_kms_key" "eks" {
   description = "EKS Secret Encryption Key"
+  enable_key_rotation = var.cluster_kms_enable_rotation
   tags        = var.tags
 }
 
diff --git a/terraform-modules/aws/eks/variables.tf b/terraform-modules/aws/eks/variables.tf
index e33702d1b..79fa45c2c 100644
--- a/terraform-modules/aws/eks/variables.tf
+++ b/terraform-modules/aws/eks/variables.tf
@@ -237,3 +237,10 @@ variable "node_security_group_additional_rules" {
     # }
   }
 }
+
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key#enable_key_rotation
+variable "cluster_kms_enable_rotation" {
+  type        = bool
+  default     = true
+  description = "(Optional) Specifies whether key rotation is enabled. Defaults to true."
+}
\ No newline at end of file