Move the cmk creation to outside of the module (#12)

* Move the cmk creation to the outside of the module

* terraform-docs: automated update action

Co-authored-by: lzrocha <lzrocha@users.noreply.github.com>

Author: lzrocha

README.md

@@ -34,7 +34,7 @@ The following resources will be created:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| ecr\_cmk\_encryption | Enabled KMS CMK encryption for ECR repository | `bool` | `false` | no |
+| kms\_key\_arn | KMS Key ARN to use a CMK instead of default key | `string` | n/a | yes |
 | name | Name for ECR repository | `any` | n/a | yes |
 | trust\_accounts | Accounts to trust and allow ECR fetch | `list(string)` | n/a | yes |
 

_outputs.tf

@@ -7,8 +7,7 @@ variable "trust_accounts" {
   description = "Accounts to trust and allow ECR fetch"
 }
 
-variable "ecr_cmk_encryption" {
-  type        = bool
-  description = "Enabled KMS CMK encryption for ECR repository"
-  default     = false
+variable "kms_key_arn" {
+  type        = string
+  description = "KMS Key ARN to use a CMK instead of default key"
 }

_variables.tf

@@ -7,8 +7,6 @@ resource "aws_ecr_repository" "default" {
 
   encryption_configuration {
     encryption_type = "KMS"
-    kms_key         = try(var.ecr_cmk_encryption, false) ? aws_kms_key.ecr[0].arn : null
+    kms_key         = length(var.kms_key_arn) > 0 ? var.kms_key_arn : null
   }
-
-  depends_on = [aws_kms_alias.ecr]
 }