-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathencryption-at-rest.json
73 lines (73 loc) · 2.19 KB
/
encryption-at-rest.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This template creates an encryption at rest on the MongoDB Atlas API, this will be billed to your Atlas account.",
"Parameters": {
"ProjectId": {
"Type": "String",
"Description": "Atlas Project Id."
},
"RoleID": {
"Type": "String",
"Description": "ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role, send a GET request to the cloudProviderAccess API endpoint."
},
"CustomerMasterKeyID": {
"Type": "String",
"Description": "AWS customer master key used to encrypt and decrypt the MongoDB master keys."
},
"Enabled": {
"Type": "String",
"Description": "Flag that indicates whether Encryption at Rest using Customer Key Management is enabled for an Atlas project. To disable Encryption at Rest using Customer Key Management, pass only this parameter with a value of false. When you disable Encryption at Rest using Customer Key Management, Atlas removes the configuration details."
},
"Region": {
"Type": "String",
"Description": "AWS region in which the AWS customer master key exists."
},
"Profile": {
"Type": "String",
"Default": "default",
"Description": "Secret Manager Profile that contains the Atlas Programmatic keys."
}
},
"Mappings": {},
"Resources": {
"EncryptionAtRest": {
"Type": "MongoDB::Atlas::EncryptionAtRest",
"Properties": {
"ProjectId": {
"Ref": "ProjectId"
},
"Profile": {
"Ref": "Profile"
},
"AwsKms": {
"RoleID": {
"Ref": "RoleID"
},
"CustomerMasterKeyID": {
"Ref": "CustomerMasterKeyID"
},
"Enabled": {
"Ref": "Enabled"
},
"Region": {
"Ref": "Region"
}
}
}
}
},
"Outputs": {
"ProjectId": {
"Description": "Id of the project",
"Value": {
"Ref": "ProjectId"
}
},
"Id": {
"Description": "encryption at rest identifier",
"Value": {
"Ref": "EncryptionAtRest"
}
}
}
}