Creates and manages an AWS XRay Encryption Config.
resource "aws_xray_encryption_config" "example" {
type = "NONE"
}
data "aws_caller_identity" "current" {}
data "aws_iam_policy_document" "example" {
statement {
sid = "Enable IAM User Permissions"
effect = "Allow"
principals {
type = "AWS"
identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
}
actions = ["kms:*"]
resources = ["*"]
}
}
resource "aws_kms_key" "example" {
description = "Some Key"
deletion_window_in_days = 7
policy = data.aws_iam_policy_document.example.json
}
resource "aws_xray_encryption_config" "example" {
type = "KMS"
key_id = aws_kms_key.example.arn
}
type
- (Required) The type of encryption. Set to KMS
to use your own key for encryption. Set to NONE
for default encryption.key_id
- (Optional) An AWS KMS customer master key (CMK) ARN.This resource exports the following attributes in addition to the arguments above:
id
- Region name.In Terraform v1.5.0 and later, use an import
block to import XRay Encryption Config using the region name. For example:
import {
to = aws_xray_encryption_config.example
id = "us-west-2"
}
Using terraform import
, import XRay Encryption Config using the region name. For example:
% terraform import aws_xray_encryption_config.example us-west-2