-
Notifications
You must be signed in to change notification settings - Fork 42
Expand file tree
/
Copy pathencryption-at-rest.json
More file actions
99 lines (99 loc) · 3.17 KB
/
encryption-at-rest.json
File metadata and controls
99 lines (99 loc) · 3.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This template creates an encryption at rest on the MongoDB Atlas API, this will be billed to your Atlas account.",
"Parameters": {
"ProjectId": {
"Type": "String",
"Description": "Atlas Project Id."
},
"RoleID": {
"Type": "String",
"Description": "ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role, send a GET request to the cloudProviderAccess API endpoint."
},
"CustomerMasterKeyID": {
"Type": "String",
"Description": "AWS customer master key used to encrypt and decrypt the MongoDB master keys."
},
"Enabled": {
"Type": "String",
"Description": "Flag that indicates whether Encryption at Rest using Customer Key Management is enabled for an Atlas project. To disable Encryption at Rest using Customer Key Management, pass only this parameter with a value of false. When you disable Encryption at Rest using Customer Key Management, Atlas removes the configuration details.",
"Default": "true",
"AllowedValues": ["true", "false"]
},
"Region": {
"Type": "String",
"Description": "AWS region in which the AWS customer master key exists."
},
"EnabledForSearchNodes": {
"Type": "String",
"Description": "Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.",
"Default": "false",
"AllowedValues": ["true", "false"]
},
"RequirePrivateNetworking": {
"Type": "String",
"Description": "Enable connection to your Amazon Web Services (AWS) Key Management Service (KMS) over private networking.",
"Default": "false",
"AllowedValues": ["true", "false"]
},
"Profile": {
"Type": "String",
"Default": "default",
"Description": "Secret Manager Profile that contains the Atlas Programmatic keys."
}
},
"Mappings": {},
"Resources": {
"EncryptionAtRest": {
"Type": "MongoDB::Atlas::EncryptionAtRest",
"Properties": {
"ProjectId": {
"Ref": "ProjectId"
},
"Profile": {
"Ref": "Profile"
},
"EnabledForSearchNodes": {
"Ref": "EnabledForSearchNodes"
},
"AwsKmsConfig": {
"RoleID": {
"Ref": "RoleID"
},
"CustomerMasterKeyID": {
"Ref": "CustomerMasterKeyID"
},
"Enabled": {
"Ref": "Enabled"
},
"Region": {
"Ref": "Region"
},
"RequirePrivateNetworking": {
"Ref": "RequirePrivateNetworking"
}
}
}
}
},
"Outputs": {
"ProjectId": {
"Description": "Id of the project",
"Value": {
"Ref": "ProjectId"
}
},
"Id": {
"Description": "encryption at rest identifier",
"Value": {
"Ref": "EncryptionAtRest"
}
},
"Valid": {
"Description": "Flag that indicates whether the AWS KMS encryption key can encrypt and decrypt data",
"Value": {
"Fn::GetAtt": ["EncryptionAtRest", "AwsKmsConfig.Valid"]
}
}
}
}