-
Notifications
You must be signed in to change notification settings - Fork 32
/
glue_data_catalog_encryption_settings.tf
39 lines (32 loc) · 1.49 KB
/
glue_data_catalog_encryption_settings.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#---------------------------------------------------
# AWS Glue data catalog encryption settings
#---------------------------------------------------
resource "aws_glue_data_catalog_encryption_settings" "glue_data_catalog_encryption_settings" {
count = var.enable_glue_data_catalog_encryption_settings ? 1 : 0
catalog_id = var.glue_data_catalog_encryption_settings_catalog_id
data_catalog_encryption_settings {
dynamic "connection_password_encryption" {
iterator = connection_password_encryption
for_each = lookup(var.glue_data_catalog_encryption_settings_data_catalog_encryption_settings, "connection_password_encryption", [])
content {
aws_kms_key_id = lookup(connection_password_encryption.value, "aws_kms_key_id", null)
return_connection_password_encrypted = lookup(connection_password_encryption.value, "return_connection_password_encrypted", null)
}
}
dynamic "encryption_at_rest" {
iterator = encryption_at_rest
for_each = lookup(var.glue_data_catalog_encryption_settings_data_catalog_encryption_settings, "encryption_at_rest", [])
content {
catalog_encryption_mode = lookup(encryption_at_rest.value, "catalog_encryption_mode", null)
sse_aws_kms_key_id = lookup(encryption_at_rest.value, "sse_aws_kms_key_id", null)
}
}
}
lifecycle {
create_before_destroy = true
ignore_changes = []
}
depends_on = [
aws_glue_catalog_database.glue_catalog_database
]
}