Skip to content

Resource: awsXrayEncryptionConfig

Creates and manages an AWS XRay Encryption Config.

\~> NOTE: Removing this resource from Terraform has no effect to the encryption configuration within X-Ray.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.xrayEncryptionConfig.XrayEncryptionConfig(this, "example", {
  type: "NONE",
});

Example Usage with KMS Key

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsCallerIdentityCurrent =
  new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "current", {});
const dataAwsIamPolicyDocumentExample =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example", {
    statement: [
      {
        actions: ["kms:*"],
        effect: "Allow",
        principals: [
          {
            identifiers: [
              `arn:aws:iam::\${${dataAwsCallerIdentityCurrent.accountId}}:root`,
            ],
            type: "AWS",
          },
        ],
        resources: ["*"],
        sid: "Enable IAM User Permissions",
      },
    ],
  });
const awsKmsKeyExample = new aws.kmsKey.KmsKey(this, "example_2", {
  deletionWindowInDays: 7,
  description: "Some Key",
  policy: dataAwsIamPolicyDocumentExample.json,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsKmsKeyExample.overrideLogicalId("example");
const awsXrayEncryptionConfigExample =
  new aws.xrayEncryptionConfig.XrayEncryptionConfig(this, "example_3", {
    keyId: awsKmsKeyExample.arn,
    type: "KMS",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsXrayEncryptionConfigExample.overrideLogicalId("example");

Argument Reference

  • type - (Required) The type of encryption. Set to kms to use your own key for encryption. Set to none for default encryption.
  • keyId - (Optional) An AWS KMS customer master key (CMK) ARN.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - Region name.

Import

XRay Encryption Config can be imported using the region name, e.g.,

$ terraform import aws_xray_encryption_config.example us-west-2