Skip to content

Resource: awsCloudfrontFieldLevelEncryptionProfile

Provides a CloudFront Field-level Encryption Profile resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCloudfrontPublicKeyExample =
  new aws.cloudfrontPublicKey.CloudfrontPublicKey(this, "example", {
    comment: "test public key",
    encodedKey: '${file("public_key.pem")}',
    name: "test_key",
  });
new aws.cloudfrontFieldLevelEncryptionProfile.CloudfrontFieldLevelEncryptionProfile(
  this,
  "test",
  {
    comment: "test comment",
    encryptionEntities: {
      items: [
        {
          fieldPatterns: {
            items: ["DateOfBirth"],
          },
          providerId: "test provider",
          publicKeyId: awsCloudfrontPublicKeyExample.id,
        },
      ],
    },
    name: "test profile",
  }
);

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the Field Level Encryption Profile.
  • comment - (Optional) An optional comment about the Field Level Encryption Profile.
  • encryptionEntities - (Required) The encryption entities config block for field-level encryption profiles that contains an attribute items which includes the encryption key and field pattern specifications.

Encryption Entities

  • publicKeyId - (Required) The public key associated with a set of field-level encryption patterns, to be used when encrypting the fields that match the patterns.
  • providerId - (Required) The provider associated with the public key being used for encryption.
  • fieldPatterns - (Required) Object that contains an attribute items that contains the list of field patterns in a field-level encryption content type profile specify the fields that you want to be encrypted.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • callerReference - Internal value used by CloudFront to allow future updates to the Field Level Encryption Profile.
  • etag - The current version of the Field Level Encryption Profile. For example: e2Qwruhapomqzl.
  • id - The identifier for the Field Level Encryption Profile. For example: k3D5Eweudccxon.

Import

Cloudfront Field Level Encryption Profile can be imported using the id, e.g.

$ terraform import aws_cloudfront_field_level_encryption_profile.profile K3D5EWEUDCCXON