Provides a MAC Security (MACSec) secret key resource for use with Direct Connect. See MACsec prerequisites for information about MAC Security (MACsec) prerequisites.
Creating this resource will also create a resource of type aws_secretsmanager_secret
which is managed by Direct Connect. While you can import this resource into your Terraform state, because this secret is managed by Direct Connect, you will not be able to make any modifications to it. See How AWS Direct Connect uses AWS Secrets Manager for details.
data "aws_dx_connection" "example" {
name = "tf-dx-connection"
}
resource "aws_dx_macsec_key_association" "test" {
connection_id = data.aws_dx_connection.example.id
ckn = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
cak = "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"
}
data "aws_dx_connection" "example" {
name = "tf-dx-connection"
}
data "aws_secretsmanager_secret" "example" {
name = "directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
}
resource "aws_dx_macsec_key_association" "test" {
connection_id = data.aws_dx_connection.example.id
secret_arn = data.aws_secretsmanager_secret.example.arn
}
This resource supports the following arguments:
cak
- (Optional) The MAC Security (MACsec) CAK to associate with the dedicated connection. The valid values are 64 hexadecimal characters (0-9, A-E). Required if using ckn
.ckn
- (Optional) The MAC Security (MACsec) CKN to associate with the dedicated connection. The valid values are 64 hexadecimal characters (0-9, A-E). Required if using cak
.connection_id
- (Required) The ID of the dedicated Direct Connect connection. The connection must be a dedicated connection in the AVAILABLE
state.secret_arn
- (Optional) The Amazon Resource Name (ARN) of the MAC Security (MACsec) secret key to associate with the dedicated connection.This resource exports the following attributes in addition to the arguments above:
id
- ID of the MAC Security (MACSec) secret key resource.start_on
- The date in UTC format that the MAC Security (MACsec) secret key takes effect.state
- The state of the MAC Security (MACsec) secret key. The possible values are: associating, associated, disassociating, disassociated. See MacSecKey for descriptions of each state.