doc: Add example & documentation for mongodbatlas_encryption_at_rest_private_endpoint to specify AWS usage
#2999
+479
−192
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maastha
commented
Jan 23, 2025
| @@ -5,27 +5,34 @@ | |||
| ~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. | |||
There was a problem hiding this comment.
TODO: Awaiting response for correct messaging here from upstream
maastha
commented
Jan 23, 2025
| @@ -5,13 +5,13 @@ | |||
| ~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. | |||
There was a problem hiding this comment.
TODO: Awaiting response for correct messaging here from upstream
maastha
commented
Jan 23, 2025
|
|
||
| **1\. Ensure that Encryption At Rest AWS KMS Private Endpoint feature is available for your project.** | ||
|
|
||
| The Encryption at Rest using AWS KMS over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. |
There was a problem hiding this comment.
TODO: Awaiting response for correct messaging here from upstream
|
APIx bot: a message has been sent to Docs Slack channel |
marcosuma
approved these changes
Jan 24, 2025
lantoli
approved these changes
Jan 24, 2025
Base automatically changed from
CLOUDP-295878-ear-pe
to
CLOUDP-262752-ear-aws-kms-dev
January 24, 2025 11:32
EspenAlbert
reviewed
Jan 24, 2025
| @@ -0,0 +1,8 @@ | |||
| data "mongodbatlas_encryption_at_rest_private_endpoints" "plural" { | |||
There was a problem hiding this comment.
Why are the data-sources in separate files?
EspenAlbert
reviewed
Jan 24, 2025
| This project will execute the following changes to acheive successful encryption at rest over AWS PrivateLink for customer managed keys: | ||
|
|
||
| - Configure encryption at rest in an existing project using a custom AWS KMS Key. For successful private networking configuration, the `requires_private_networking` attribute in `mongodbatlas_encryption_at_rest.aws_kms_config` is set to `true`. | ||
| - Create a private endpoint for the existing project under a certain AWS region using `mongodbatlas_encryption_at_rest_private_endpoint`. |
There was a problem hiding this comment.
Cool that there is no requirement of creating any AWS resources other than IAM Role
EspenAlbert
reviewed
Jan 24, 2025
| @@ -22,7 +22,7 @@ | |||
| ### Configuring encryption at rest using customer key management in Azure | |||
| {{ tffile (printf "examples/%s/azure/main.tf" .Name )}} | |||
|
|
|||
| -> **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. | |||
| -> **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Customer Managed Keys (Azure Key Vault or AWS KMS) over private network interfaces (Azure Private Link or AWS PrivateLinK). This requires enabling `azure_key_vault_config.require_private_networking` or `aws_kms_config.require_private_networking` attribute, together with the configuration of `mongodbatlas_encryption_at_rest_private_endpoint` resource. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. | |||
EspenAlbert
reviewed
Jan 24, 2025
|
|
||
| {{ tffile (printf "examples/%s/azure/singular-data-source.tf" .Name )}} | ||
|
|
||
| ### Encryption At Rest AWS KMS Private Endpoint | ||
| {{ tffile (printf "examples/%s/aws/singular-data-source.tf" .Name )}} |
There was a problem hiding this comment.
aha. I see the usage of separate files for data sources now 😅.
Would be cool if we had a custom directive tffile_resource so we don't need separate files in the examples
EspenAlbert
reviewed
Jan 24, 2025
| @@ -47,9 +47,9 @@ resource "mongodbatlas_encryption_at_rest" "default" { | |||
| {{ tffile (printf "examples/%s/azure/main.tf" .Name )}} | |||
|
|
|||
| #### Manage Customer Keys with Azure Key Vault Over Private Endpoints | |||
| It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. This requires enabling `azure_key_vault_config.require_private_networking` attribute, together with the configuration of `mongodbatlas_encryption_at_rest_private_endpoint` resource. | |||
| It is possible to configure Atlas Encryption at Rest to communicate with Customer Managed Keys (Azure Key Vault or AWS KMS) over private network interfaces (Azure Private Link or AWS PrivateLinK). This requires enabling `azure_key_vault_config.require_private_networking` or `aws_kms_config.require_private_networking` attribute, together with the configuration of `mongodbatlas_encryption_at_rest_private_endpoint` resource. | |||
There was a problem hiding this comment.
same typo: uppercase K
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Add example & documentation for
mongodbatlas_encryption_at_rest_private_endpointto specify AWS usageLink to any related issue(s): CLOUDP-296238
Type of change:
Required Checklist:
Further comments