Resource: awsXrayEncryptionConfig
Creates and manages an AWS XRay Encryption Config.
\~> NOTE: Removing this resource from Terraform has no effect to the encryption configuration within X-Ray.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.xrayEncryptionConfig.XrayEncryptionConfig(this, "example", {
type: "NONE",
});
Example Usage with KMS Key
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsCallerIdentityCurrent =
new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "current", {});
const dataAwsIamPolicyDocumentExample =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example", {
statement: [
{
actions: ["kms:*"],
effect: "Allow",
principals: [
{
identifiers: [
`arn:aws:iam::\${${dataAwsCallerIdentityCurrent.accountId}}:root`,
],
type: "AWS",
},
],
resources: ["*"],
sid: "Enable IAM User Permissions",
},
],
});
const awsKmsKeyExample = new aws.kmsKey.KmsKey(this, "example_2", {
deletionWindowInDays: 7,
description: "Some Key",
policy: dataAwsIamPolicyDocumentExample.json,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsKmsKeyExample.overrideLogicalId("example");
const awsXrayEncryptionConfigExample =
new aws.xrayEncryptionConfig.XrayEncryptionConfig(this, "example_3", {
keyId: awsKmsKeyExample.arn,
type: "KMS",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsXrayEncryptionConfigExample.overrideLogicalId("example");
Argument Reference
type
- (Required) The type of encryption. Set tokms
to use your own key for encryption. Set tonone
for default encryption.keyId
- (Optional) An AWS KMS customer master key (CMK) ARN.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Region name.
Import
XRay Encryption Config can be imported using the region name, e.g.,