Resource: awsRedshiftSnapshotCopyGrant
Creates a snapshot copy grant that allows AWS Redshift to encrypt copied snapshots with a customer master key from AWS KMS in a destination region.
Note that the grant must exist in the destination region, and not in the region of the cluster.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsRedshiftSnapshotCopyGrantTest =
new aws.redshiftSnapshotCopyGrant.RedshiftSnapshotCopyGrant(this, "test", {
snapshotCopyGrantName: "my-grant",
});
const awsRedshiftClusterTest = new aws.redshiftCluster.RedshiftCluster(
this,
"test_1",
{
snapshotCopy: {
destinationRegion: "us-east-2",
grantName: awsRedshiftSnapshotCopyGrantTest.snapshotCopyGrantName,
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRedshiftClusterTest.overrideLogicalId("test");
Argument Reference
The following arguments are supported:
snapshotCopyGrantName- (Required, Forces new resource) A friendly name for identifying the grant.kmsKeyId- (Optional, Forces new resource) The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. If not specified, the default key is used.tags- (Optional) A map of tags to assign to the resource. If configured with a providerdefaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn- Amazon Resource Name (ARN) of snapshot copy granttagsAll- A map of tags assigned to the resource, including those inherited from the providerdefaultTagsconfiguration block.
Import
Redshift Snapshot Copy Grants support import by name, e.g.,