misc: Add encryption (#4)

* misc: Add encryption
* docs(readme): update module usage

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

README.md

@@ -98,13 +98,13 @@ module "aws-energy-labeler" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_config"></a> [config](#input\_config) | Map containing labeler configuration options | <pre>object({<br>    allowed_account_ids        = optional(list(string), [])<br>    denied_account_ids         = optional(list(string), [])<br>    frameworks                 = optional(list(string), [])<br>    log_level                  = optional(string)<br>    report_suppressed_findings = optional(bool, false)<br>    zone_name                  = string<br>  })</pre> | n/a | yes |
+| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS key to use for encryption | `string` | n/a | yes |
 | <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | The name of the bucket to store the exported findings (will be created if not specified) | `string` | `null` | no |
 | <a name="input_bucket_prefix"></a> [bucket\_prefix](#input\_bucket\_prefix) | The prefix to use for the bucket | `string` | `"/"` | no |
-| <a name="input_cluster_arn"></a> [cluster\_arn](#input\_cluster\_arn) | ARN of an existing ECS cluster, if not provided a new one will be created | `string` | `null` | no |
+| <a name="input_cluster_arn"></a> [cluster\_arn](#input\_cluster\_arn) | ARN of an existing ECS cluster, if left empty a new cluster will be created | `string` | `null` | no |
 | <a name="input_iam_permissions_boundary"></a> [iam\_permissions\_boundary](#input\_iam\_permissions\_boundary) | The permissions boundary to attach to the IAM role | `string` | `null` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | The path for the IAM role | `string` | `"/"` | no |
 | <a name="input_image_uri"></a> [image\_uri](#input\_image\_uri) | The URI of the container image to use | `string` | `"ghcr.io/schubergphilis/awsenergylabeler:main"` | no |
-| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS key to use for encryption | `string` | `null` | no |
 | <a name="input_memory"></a> [memory](#input\_memory) | The memory size of the task | `number` | `512` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name prefix of labeler resources | `string` | `"aws-energy-labeler"` | no |
 | <a name="input_schedule_expression"></a> [schedule\_expression](#input\_schedule\_expression) | The cron expression to be used for triggering the labeler | `string` | `"cron(0 13 ? * SUN *)"` | no |

examples/basic/main.tf

@@ -16,6 +16,8 @@ provider "aws" {
 module "aws-energy-labeler" {
   source = "../../"
 
+  kms_key_arn = "arn:aws:kms:eu-west-1:123456789012:key/1234abcd-12ab-34cd-56ef-123456789012"
+
   config = {
     zone_name = "MYZONE"
   }

main.tf

@@ -211,6 +211,7 @@ module "s3" {
   version = "~> 0.14.1"
 
   name_prefix = "${lower(var.name)}-"
+  kms_key_arn = var.kms_key_arn
   versioning  = true
   tags        = var.tags
 

variables.tf

@@ -28,7 +28,7 @@ variable "bucket_prefix" {
 variable "cluster_arn" {
   type        = string
   default     = null
-  description = "ARN of an existing ECS cluster, if not provided a new one will be created"
+  description = "ARN of an existing ECS cluster, if left empty a new cluster will be created"
 }
 
 variable "config" {
@@ -45,7 +45,6 @@ variable "config" {
 
 variable "kms_key_arn" {
   type        = string
-  default     = null
   description = "The ARN of the KMS key to use for encryption"
 }