github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/documentdb/AVD-AWS-0022/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/documentdb/AVD-AWS-0022/Terraform.md (about)

     1  
     2  Enable encryption using customer managed keys
     3  
     4  ```hcl
     5   resource "aws_kms_key" "docdb_encryption" {
     6   	enable_key_rotation = true
     7   }
     8   			
     9   resource "aws_docdb_cluster" "docdb" {
    10     cluster_identifier      = "my-docdb-cluster"
    11     engine                  = "docdb"
    12     master_username         = "foo"
    13     master_password         = "mustbeeightchars"
    14     backup_retention_period = 5
    15     preferred_backup_window = "07:00-09:00"
    16     skip_final_snapshot     = true
    17     kms_key_id 			  = aws_kms_key.docdb_encryption.arn
    18   }
    19   
    20  ```
    21  
    22  #### Remediation Links
    23   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#kms_key_id
    24