From fbb6612baf30f2019cd574fc7706e3d0422d19dc Mon Sep 17 00:00:00 2001
From: akcinardoga <doga.akcinar@kloia.com>
Date: Tue, 14 May 2024 21:49:19 +0300
Subject: [PATCH] feat(aws-mongodbatlas-cluster): option to pass aws_kms config
 values as seperate variables

---
 modules/aws-mongodbatlas-cluster/main.tf      |  6 +++---
 modules/aws-mongodbatlas-cluster/variables.tf | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/modules/aws-mongodbatlas-cluster/main.tf b/modules/aws-mongodbatlas-cluster/main.tf
index defed78..80edb9f 100644
--- a/modules/aws-mongodbatlas-cluster/main.tf
+++ b/modules/aws-mongodbatlas-cluster/main.tf
@@ -152,9 +152,9 @@ resource "mongodbatlas_encryption_at_rest" "aws_encryption" {
 
   aws_kms_config {
     enabled                = true
-    customer_master_key_id = lookup(var.aws_kms_config, "customer_master_key_id")
-    region                 = lookup(var.aws_kms_config, "region")
-    role_id                = lookup(var.aws_kms_config, "atlas_role_id")
+    customer_master_key_id = coalesce(lookup(var.aws_kms_config, "customer_master_key_id"), var.kms_customer_master_key_id)
+    region                 = coalesce(lookup(var.aws_kms_config, "region"), var.kms_region)
+    role_id                = coalesce(lookup(var.aws_kms_config, "atlas_role_id"), var.atlas_role_id)
   }
 }
 
diff --git a/modules/aws-mongodbatlas-cluster/variables.tf b/modules/aws-mongodbatlas-cluster/variables.tf
index 231561d..fddc7a8 100644
--- a/modules/aws-mongodbatlas-cluster/variables.tf
+++ b/modules/aws-mongodbatlas-cluster/variables.tf
@@ -123,6 +123,24 @@ variable "encryption_at_rest_provider" {
   default     = ""
 }
 
+variable "kms_customer_master_key_id" {
+  type        = string
+  description = "The AWS customer master key used to encrypt and decrypt the MongoDB master keys."
+  default     = null
+}
+
+variable "kms_region" {
+  type        = string
+  description = "The AWS region in which the AWS customer master key exists needed for atlas encryption at rest. Example values: EU_WEST_1, US_EAST_1"
+  default     = null
+}
+
+variable "atlas_role_id" {
+  type        = string
+  description = "Variable to define the atlas role needed for atlas encryption at rest."
+  default     = null
+}
+
 locals {
   cloud_provider = "AWS"
 }