Skip to content

Resource: awsRedshiftHsmConfiguration

Creates an HSM configuration that contains the information required by an Amazon Redshift cluster to store and use database encryption keys in a Hardware Security Module (HSM).

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.redshiftHsmConfiguration.RedshiftHsmConfiguration(this, "example", {
  description: "example",
  hsmConfigurationIdentifier: "example",
  hsmIpAddress: "10.0.0.1",
  hsmPartitionName: "aws",
  hsmPartitionPassword: "example",
  hsmServerPublicCertificate: "example",
});

Argument Reference

The following arguments are supported:

  • description - (Required, Forces new resource) A text description of the HSM configuration to be created.
  • hsmConfigurationIdentifier - (Required, Forces new resource) The identifier to be assigned to the new Amazon Redshift HSM configuration.
  • hsmIpAddress - (Required, Forces new resource) The IP address that the Amazon Redshift cluster must use to access the HSM.
  • hsmPartitionName - (Required, Forces new resource) The name of the partition in the HSM where the Amazon Redshift clusters will store their database encryption keys.
  • hsmPartitionPassword - (Required, Forces new resource) The password required to access the HSM partition.
  • hsmServerPublicCertificate - (Required, Forces new resource) The HSMs public certificate file. When using Cloud HSM, the file name is server.pem.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the Hsm Client Certificate.
  • hsmConfigurationPublicKey - The public key that the Amazon Redshift cluster will use to connect to the HSM. You must register the public key in the HSM.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Redshift Hsm Client Certificates support import by hsmConfigurationIdentifier, e.g.,

$ terraform import aws_redshift_hsm_configuration.example example