Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

MongoDB Atlas

v3.0.1 published on Monday, Nov 1, 2021 by Pulumi

EncryptionAtRest

Create a EncryptionAtRest Resource

new EncryptionAtRest(name: string, args: EncryptionAtRestArgs, opts?: CustomResourceOptions);
@overload
def EncryptionAtRest(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     aws_kms: Optional[Mapping[str, str]] = None,
                     aws_kms_config: Optional[EncryptionAtRestAwsKmsConfigArgs] = None,
                     azure_key_vault: Optional[Mapping[str, str]] = None,
                     azure_key_vault_config: Optional[EncryptionAtRestAzureKeyVaultConfigArgs] = None,
                     google_cloud_kms: Optional[Mapping[str, str]] = None,
                     google_cloud_kms_config: Optional[EncryptionAtRestGoogleCloudKmsConfigArgs] = None,
                     project_id: Optional[str] = None)
@overload
def EncryptionAtRest(resource_name: str,
                     args: EncryptionAtRestArgs,
                     opts: Optional[ResourceOptions] = None)
func NewEncryptionAtRest(ctx *Context, name string, args EncryptionAtRestArgs, opts ...ResourceOption) (*EncryptionAtRest, error)
public EncryptionAtRest(string name, EncryptionAtRestArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args EncryptionAtRestArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args EncryptionAtRestArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args EncryptionAtRestArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args EncryptionAtRestArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

EncryptionAtRest Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The EncryptionAtRest resource accepts the following input properties:

ProjectId string
The unique identifier for the project.
AwsKms Dictionary<string, string>
Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use aws_kms_config instead

AwsKmsConfig EncryptionAtRestAwsKmsConfigArgs
AzureKeyVault Dictionary<string, string>
Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use azure_key_vault_config instead

AzureKeyVaultConfig EncryptionAtRestAzureKeyVaultConfigArgs
GoogleCloudKms Dictionary<string, string>
Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use google_cloud_kms_config instead

GoogleCloudKmsConfig EncryptionAtRestGoogleCloudKmsConfigArgs
ProjectId string
The unique identifier for the project.
AwsKms map[string]string
Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use aws_kms_config instead

AwsKmsConfig EncryptionAtRestAwsKmsConfigArgs
AzureKeyVault map[string]string
Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use azure_key_vault_config instead

AzureKeyVaultConfig EncryptionAtRestAzureKeyVaultConfigArgs
GoogleCloudKms map[string]string
Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use google_cloud_kms_config instead

GoogleCloudKmsConfig EncryptionAtRestGoogleCloudKmsConfigArgs
projectId string
The unique identifier for the project.
awsKms {[key: string]: string}
Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use aws_kms_config instead

awsKmsConfig EncryptionAtRestAwsKmsConfigArgs
azureKeyVault {[key: string]: string}
Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use azure_key_vault_config instead

azureKeyVaultConfig EncryptionAtRestAzureKeyVaultConfigArgs
googleCloudKms {[key: string]: string}
Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use google_cloud_kms_config instead

googleCloudKmsConfig EncryptionAtRestGoogleCloudKmsConfigArgs
project_id str
The unique identifier for the project.
aws_kms Mapping[str, str]
Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use aws_kms_config instead

aws_kms_config EncryptionAtRestAwsKmsConfigArgs
azure_key_vault Mapping[str, str]
Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use azure_key_vault_config instead

azure_key_vault_config EncryptionAtRestAzureKeyVaultConfigArgs
google_cloud_kms Mapping[str, str]
Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use google_cloud_kms_config instead

google_cloud_kms_config EncryptionAtRestGoogleCloudKmsConfigArgs

Outputs

All input properties are implicitly available as output properties. Additionally, the EncryptionAtRest resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing EncryptionAtRest Resource

Get an existing EncryptionAtRest resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: EncryptionAtRestState, opts?: CustomResourceOptions): EncryptionAtRest
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        aws_kms: Optional[Mapping[str, str]] = None,
        aws_kms_config: Optional[EncryptionAtRestAwsKmsConfigArgs] = None,
        azure_key_vault: Optional[Mapping[str, str]] = None,
        azure_key_vault_config: Optional[EncryptionAtRestAzureKeyVaultConfigArgs] = None,
        google_cloud_kms: Optional[Mapping[str, str]] = None,
        google_cloud_kms_config: Optional[EncryptionAtRestGoogleCloudKmsConfigArgs] = None,
        project_id: Optional[str] = None) -> EncryptionAtRest
func GetEncryptionAtRest(ctx *Context, name string, id IDInput, state *EncryptionAtRestState, opts ...ResourceOption) (*EncryptionAtRest, error)
public static EncryptionAtRest Get(string name, Input<string> id, EncryptionAtRestState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AwsKms Dictionary<string, string>
Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use aws_kms_config instead

AwsKmsConfig EncryptionAtRestAwsKmsConfigArgs
AzureKeyVault Dictionary<string, string>
Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use azure_key_vault_config instead

AzureKeyVaultConfig EncryptionAtRestAzureKeyVaultConfigArgs
GoogleCloudKms Dictionary<string, string>
Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use google_cloud_kms_config instead

GoogleCloudKmsConfig EncryptionAtRestGoogleCloudKmsConfigArgs
ProjectId string
The unique identifier for the project.
AwsKms map[string]string
Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use aws_kms_config instead

AwsKmsConfig EncryptionAtRestAwsKmsConfigArgs
AzureKeyVault map[string]string
Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use azure_key_vault_config instead

AzureKeyVaultConfig EncryptionAtRestAzureKeyVaultConfigArgs
GoogleCloudKms map[string]string
Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use google_cloud_kms_config instead

GoogleCloudKmsConfig EncryptionAtRestGoogleCloudKmsConfigArgs
ProjectId string
The unique identifier for the project.
awsKms {[key: string]: string}
Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use aws_kms_config instead

awsKmsConfig EncryptionAtRestAwsKmsConfigArgs
azureKeyVault {[key: string]: string}
Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use azure_key_vault_config instead

azureKeyVaultConfig EncryptionAtRestAzureKeyVaultConfigArgs
googleCloudKms {[key: string]: string}
Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use google_cloud_kms_config instead

googleCloudKmsConfig EncryptionAtRestGoogleCloudKmsConfigArgs
projectId string
The unique identifier for the project.
aws_kms Mapping[str, str]
Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use aws_kms_config instead

aws_kms_config EncryptionAtRestAwsKmsConfigArgs
azure_key_vault Mapping[str, str]
Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use azure_key_vault_config instead

azure_key_vault_config EncryptionAtRestAzureKeyVaultConfigArgs
google_cloud_kms Mapping[str, str]
Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Deprecated: use google_cloud_kms_config instead

google_cloud_kms_config EncryptionAtRestGoogleCloudKmsConfigArgs
project_id str
The unique identifier for the project.

Supporting Types

EncryptionAtRestAwsKmsConfig

AccessKeyId string
CustomerMasterKeyId string
The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
Enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
Region string
The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
RoleId string
ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas.CloudProviderAccess resource.
SecretAccessKey string
AccessKeyId string
CustomerMasterKeyId string
The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
Enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
Region string
The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
RoleId string
ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas.CloudProviderAccess resource.
SecretAccessKey string
accessKeyId string
customerMasterKeyId string
The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
enabled boolean
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
region string
The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
roleId string
ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas.CloudProviderAccess resource.
secretAccessKey string
access_key_id str
customer_master_key_id str
The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
region str
The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
role_id str
ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas.CloudProviderAccess resource.
secret_access_key str

EncryptionAtRestAzureKeyVaultConfig

Enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
AzureEnvironment string
The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
ClientId string
The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
KeyIdentifier string
The unique identifier of a key in an Azure Key Vault.
KeyVaultName string
The name of an Azure Key Vault containing your key.
ResourceGroupName string
The name of the Azure Resource group that contains an Azure Key Vault.
Secret string
The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
SubscriptionId string
The unique identifier associated with an Azure subscription.
TenantId string
The unique identifier for an Azure AD tenant within an Azure subscription.
Enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
AzureEnvironment string
The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
ClientId string
The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
KeyIdentifier string
The unique identifier of a key in an Azure Key Vault.
KeyVaultName string
The name of an Azure Key Vault containing your key.
ResourceGroupName string
The name of the Azure Resource group that contains an Azure Key Vault.
Secret string
The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
SubscriptionId string
The unique identifier associated with an Azure subscription.
TenantId string
The unique identifier for an Azure AD tenant within an Azure subscription.
enabled boolean
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
azureEnvironment string
The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
clientId string
The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
keyIdentifier string
The unique identifier of a key in an Azure Key Vault.
keyVaultName string
The name of an Azure Key Vault containing your key.
resourceGroupName string
The name of the Azure Resource group that contains an Azure Key Vault.
secret string
The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
subscriptionId string
The unique identifier associated with an Azure subscription.
tenantId string
The unique identifier for an Azure AD tenant within an Azure subscription.
enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
azure_environment str
The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
client_id str
The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
key_identifier str
The unique identifier of a key in an Azure Key Vault.
key_vault_name str
The name of an Azure Key Vault containing your key.
resource_group_name str
The name of the Azure Resource group that contains an Azure Key Vault.
secret str
The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
subscription_id str
The unique identifier associated with an Azure subscription.
tenant_id str
The unique identifier for an Azure AD tenant within an Azure subscription.

EncryptionAtRestGoogleCloudKmsConfig

Enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
KeyVersionResourceId string
The Key Version Resource ID from your GCP account.
ServiceAccountKey string
String-formatted JSON object containing GCP KMS credentials from your GCP account.
Enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
KeyVersionResourceId string
The Key Version Resource ID from your GCP account.
ServiceAccountKey string
String-formatted JSON object containing GCP KMS credentials from your GCP account.
enabled boolean
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
keyVersionResourceId string
The Key Version Resource ID from your GCP account.
serviceAccountKey string
String-formatted JSON object containing GCP KMS credentials from your GCP account.
enabled bool
Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
key_version_resource_id str
The Key Version Resource ID from your GCP account.
service_account_key str
String-formatted JSON object containing GCP KMS credentials from your GCP account.

Package Details

Repository
https://github.com/pulumi/pulumi-mongodbatlas
License
Apache-2.0
Notes
This Pulumi package is based on the mongodbatlas Terraform Provider.