Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
mongodbatlas.EncryptionAtRest allows management of Encryption at Rest for an Atlas project using Customer Key Management configuration. The following providers are supported:
The encryption at rest Terraform module makes use of this resource and simplifies its use. It is currently limited to AWS KMS.
Atlas does not automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest provider’s documentation and guidance for best practices on key rotation. Atlas automatically creates a 90-day key rotation alert when you configure Encryption at Rest using your Key Management in an Atlas project.
See Encryption at Rest for more information, including prerequisites and restrictions.
IMPORTANT By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes.
IMPORTANT Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/api/doc/atlas-admin-api-v2/group/endpoint-encryption-at-rest-using-customer-key-management
NOTE: Groups and projects are synonymous terms. You may find
groupIdin the official documentation.
IMPORTANT NOTE To disable encryption at rest with customer key management for a project, set
encryption_at_rest_providerto"NONE"in all existing clusters in the project that use custom key management or delete said clusters.
Enabling Encryption at Rest for existing Atlas cluster
After configuring at least one key management provider for an Atlas project, Project Owners can enable customer key management for each Atlas cluster for which they require encryption. For clusters defined in terraform, the encryption_at_rest_provider attribute can be used in both mongodbatlas.AdvancedCluster and mongodbatlas.Cluster resources. The key management provider does not have to match the cluster cloud service provider.
Please reference Enable Customer Key Management for an Atlas Cluster documentation for additional considerations.
Example Usage
S
Configuring encryption at rest using customer key management in AWS
The configuration of encryption at rest with customer key management, mongodbatlas.EncryptionAtRest, needs to be completed before a cluster is created in the project. Force this wait by using an implicit dependency via project_id as shown in the example below.
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
projectId: atlasProjectId,
providerName: "AWS",
});
const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
projectId: atlasProjectId,
roleId: setupOnly.roleId,
aws: {
iamAssumedRoleArn: testRole.arn,
},
});
const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
projectId: atlasProjectId,
awsKmsConfig: {
enabled: true,
customerMasterKeyId: kmsKey.id,
region: atlasRegion,
roleId: authRole.roleId,
},
enabledForSearchNodes: true,
});
const cluster = new mongodbatlas.AdvancedCluster("cluster", {
projectId: testEncryptionAtRest.projectId,
name: "MyCluster",
clusterType: "REPLICASET",
backupEnabled: true,
encryptionAtRestProvider: "AWS",
replicationSpecs: [{
regionConfigs: [{
priority: 7,
providerName: "AWS",
regionName: "US_EAST_1",
electableSpecs: {
instanceSize: "M10",
nodeCount: 3,
},
}],
}],
});
const test = mongodbatlas.getEncryptionAtRestOutput({
projectId: testEncryptionAtRest.projectId,
});
export const isAwsKmsEncryptionAtRestValid = test.apply(test => test.awsKmsConfig?.valid);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
setup_only = mongodbatlas.CloudProviderAccessSetup("setup_only",
project_id=atlas_project_id,
provider_name="AWS")
auth_role = mongodbatlas.CloudProviderAccessAuthorization("auth_role",
project_id=atlas_project_id,
role_id=setup_only.role_id,
aws={
"iam_assumed_role_arn": test_role["arn"],
})
test_encryption_at_rest = mongodbatlas.EncryptionAtRest("test",
project_id=atlas_project_id,
aws_kms_config={
"enabled": True,
"customer_master_key_id": kms_key["id"],
"region": atlas_region,
"role_id": auth_role.role_id,
},
enabled_for_search_nodes=True)
cluster = mongodbatlas.AdvancedCluster("cluster",
project_id=test_encryption_at_rest.project_id,
name="MyCluster",
cluster_type="REPLICASET",
backup_enabled=True,
encryption_at_rest_provider="AWS",
replication_specs=[{
"region_configs": [{
"priority": 7,
"provider_name": "AWS",
"region_name": "US_EAST_1",
"electable_specs": {
"instance_size": "M10",
"node_count": 3,
},
}],
}])
test = mongodbatlas.get_encryption_at_rest_output(project_id=test_encryption_at_rest.project_id)
pulumi.export("isAwsKmsEncryptionAtRestValid", test.aws_kms_config.valid)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
setupOnly, err := mongodbatlas.NewCloudProviderAccessSetup(ctx, "setup_only", &mongodbatlas.CloudProviderAccessSetupArgs{
ProjectId: pulumi.Any(atlasProjectId),
ProviderName: pulumi.String("AWS"),
})
if err != nil {
return err
}
authRole, err := mongodbatlas.NewCloudProviderAccessAuthorization(ctx, "auth_role", &mongodbatlas.CloudProviderAccessAuthorizationArgs{
ProjectId: pulumi.Any(atlasProjectId),
RoleId: setupOnly.RoleId,
Aws: &mongodbatlas.CloudProviderAccessAuthorizationAwsArgs{
IamAssumedRoleArn: pulumi.Any(testRole.Arn),
},
})
if err != nil {
return err
}
testEncryptionAtRest, err := mongodbatlas.NewEncryptionAtRest(ctx, "test", &mongodbatlas.EncryptionAtRestArgs{
ProjectId: pulumi.Any(atlasProjectId),
AwsKmsConfig: &mongodbatlas.EncryptionAtRestAwsKmsConfigArgs{
Enabled: pulumi.Bool(true),
CustomerMasterKeyId: pulumi.Any(kmsKey.Id),
Region: pulumi.Any(atlasRegion),
RoleId: authRole.RoleId,
},
EnabledForSearchNodes: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = mongodbatlas.NewAdvancedCluster(ctx, "cluster", &mongodbatlas.AdvancedClusterArgs{
ProjectId: testEncryptionAtRest.ProjectId,
Name: pulumi.String("MyCluster"),
ClusterType: pulumi.String("REPLICASET"),
BackupEnabled: pulumi.Bool(true),
EncryptionAtRestProvider: pulumi.String("AWS"),
ReplicationSpecs: mongodbatlas.AdvancedClusterReplicationSpecArray{
&mongodbatlas.AdvancedClusterReplicationSpecArgs{
RegionConfigs: mongodbatlas.AdvancedClusterReplicationSpecRegionConfigArray{
&mongodbatlas.AdvancedClusterReplicationSpecRegionConfigArgs{
Priority: pulumi.Int(7),
ProviderName: pulumi.String("AWS"),
RegionName: pulumi.String("US_EAST_1"),
ElectableSpecs: &mongodbatlas.AdvancedClusterReplicationSpecRegionConfigElectableSpecsArgs{
InstanceSize: pulumi.String("M10"),
NodeCount: pulumi.Int(3),
},
},
},
},
},
})
if err != nil {
return err
}
test := mongodbatlas.LookupEncryptionAtRestOutput(ctx, mongodbatlas.GetEncryptionAtRestOutputArgs{
ProjectId: testEncryptionAtRest.ProjectId,
}, nil)
ctx.Export("isAwsKmsEncryptionAtRestValid", test.ApplyT(func(test mongodbatlas.GetEncryptionAtRestResult) (*bool, error) {
return &test.AwsKmsConfig.Valid, nil
}).(pulumi.BoolPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var setupOnly = new Mongodbatlas.CloudProviderAccessSetup("setup_only", new()
{
ProjectId = atlasProjectId,
ProviderName = "AWS",
});
var authRole = new Mongodbatlas.CloudProviderAccessAuthorization("auth_role", new()
{
ProjectId = atlasProjectId,
RoleId = setupOnly.RoleId,
Aws = new Mongodbatlas.Inputs.CloudProviderAccessAuthorizationAwsArgs
{
IamAssumedRoleArn = testRole.Arn,
},
});
var testEncryptionAtRest = new Mongodbatlas.EncryptionAtRest("test", new()
{
ProjectId = atlasProjectId,
AwsKmsConfig = new Mongodbatlas.Inputs.EncryptionAtRestAwsKmsConfigArgs
{
Enabled = true,
CustomerMasterKeyId = kmsKey.Id,
Region = atlasRegion,
RoleId = authRole.RoleId,
},
EnabledForSearchNodes = true,
});
var cluster = new Mongodbatlas.AdvancedCluster("cluster", new()
{
ProjectId = testEncryptionAtRest.ProjectId,
Name = "MyCluster",
ClusterType = "REPLICASET",
BackupEnabled = true,
EncryptionAtRestProvider = "AWS",
ReplicationSpecs = new[]
{
new Mongodbatlas.Inputs.AdvancedClusterReplicationSpecArgs
{
RegionConfigs = new[]
{
new Mongodbatlas.Inputs.AdvancedClusterReplicationSpecRegionConfigArgs
{
Priority = 7,
ProviderName = "AWS",
RegionName = "US_EAST_1",
ElectableSpecs = new Mongodbatlas.Inputs.AdvancedClusterReplicationSpecRegionConfigElectableSpecsArgs
{
InstanceSize = "M10",
NodeCount = 3,
},
},
},
},
},
});
var test = Mongodbatlas.GetEncryptionAtRest.Invoke(new()
{
ProjectId = testEncryptionAtRest.ProjectId,
});
return new Dictionary<string, object?>
{
["isAwsKmsEncryptionAtRestValid"] = test.Apply(getEncryptionAtRestResult => getEncryptionAtRestResult.AwsKmsConfig?.Valid),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.CloudProviderAccessSetup;
import com.pulumi.mongodbatlas.CloudProviderAccessSetupArgs;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorization;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorizationArgs;
import com.pulumi.mongodbatlas.inputs.CloudProviderAccessAuthorizationAwsArgs;
import com.pulumi.mongodbatlas.EncryptionAtRest;
import com.pulumi.mongodbatlas.EncryptionAtRestArgs;
import com.pulumi.mongodbatlas.inputs.EncryptionAtRestAwsKmsConfigArgs;
import com.pulumi.mongodbatlas.AdvancedCluster;
import com.pulumi.mongodbatlas.AdvancedClusterArgs;
import com.pulumi.mongodbatlas.inputs.AdvancedClusterReplicationSpecArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetEncryptionAtRestArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var setupOnly = new CloudProviderAccessSetup("setupOnly", CloudProviderAccessSetupArgs.builder()
.projectId(atlasProjectId)
.providerName("AWS")
.build());
var authRole = new CloudProviderAccessAuthorization("authRole", CloudProviderAccessAuthorizationArgs.builder()
.projectId(atlasProjectId)
.roleId(setupOnly.roleId())
.aws(CloudProviderAccessAuthorizationAwsArgs.builder()
.iamAssumedRoleArn(testRole.arn())
.build())
.build());
var testEncryptionAtRest = new EncryptionAtRest("testEncryptionAtRest", EncryptionAtRestArgs.builder()
.projectId(atlasProjectId)
.awsKmsConfig(EncryptionAtRestAwsKmsConfigArgs.builder()
.enabled(true)
.customerMasterKeyId(kmsKey.id())
.region(atlasRegion)
.roleId(authRole.roleId())
.build())
.enabledForSearchNodes(true)
.build());
var cluster = new AdvancedCluster("cluster", AdvancedClusterArgs.builder()
.projectId(testEncryptionAtRest.projectId())
.name("MyCluster")
.clusterType("REPLICASET")
.backupEnabled(true)
.encryptionAtRestProvider("AWS")
.replicationSpecs(AdvancedClusterReplicationSpecArgs.builder()
.regionConfigs(AdvancedClusterReplicationSpecRegionConfigArgs.builder()
.priority(7)
.providerName("AWS")
.regionName("US_EAST_1")
.electableSpecs(AdvancedClusterReplicationSpecRegionConfigElectableSpecsArgs.builder()
.instanceSize("M10")
.nodeCount(3)
.build())
.build())
.build())
.build());
final var test = MongodbatlasFunctions.getEncryptionAtRest(GetEncryptionAtRestArgs.builder()
.projectId(testEncryptionAtRest.projectId())
.build());
ctx.export("isAwsKmsEncryptionAtRestValid", test.applyValue(_test -> _test.awsKmsConfig().valid()));
}
}
resources:
setupOnly:
type: mongodbatlas:CloudProviderAccessSetup
name: setup_only
properties:
projectId: ${atlasProjectId}
providerName: AWS
authRole:
type: mongodbatlas:CloudProviderAccessAuthorization
name: auth_role
properties:
projectId: ${atlasProjectId}
roleId: ${setupOnly.roleId}
aws:
iamAssumedRoleArn: ${testRole.arn}
testEncryptionAtRest:
type: mongodbatlas:EncryptionAtRest
name: test
properties:
projectId: ${atlasProjectId}
awsKmsConfig:
enabled: true
customerMasterKeyId: ${kmsKey.id}
region: ${atlasRegion}
roleId: ${authRole.roleId}
enabledForSearchNodes: true
cluster:
type: mongodbatlas:AdvancedCluster
properties:
projectId: ${testEncryptionAtRest.projectId}
name: MyCluster
clusterType: REPLICASET
backupEnabled: true
encryptionAtRestProvider: AWS
replicationSpecs:
- regionConfigs:
- priority: 7
providerName: AWS
regionName: US_EAST_1
electableSpecs:
instanceSize: M10
nodeCount: 3
variables:
test:
fn::invoke:
function: mongodbatlas:getEncryptionAtRest
arguments:
projectId: ${testEncryptionAtRest.projectId}
outputs:
isAwsKmsEncryptionAtRestValid: ${test.awsKmsConfig.valid}
NOTE If using the two resources path for cloud provider access, cloud_provider_access_setup and cloud_provider_access_authorization, you may need to define a depends_on statement for these two resources, because terraform is not able to infer the dependency.
Configuring encryption at rest using customer key management in Azure
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
projectId: atlasProjectId,
azureKeyVaultConfig: {
enabled: true,
azureEnvironment: "AZURE",
subscriptionId: azureSubscriptionId,
resourceGroupName: azureResourceGroupName,
keyVaultName: azureKeyVaultName,
keyIdentifier: azureKeyIdentifier,
roleId: azureRoleId,
},
});
const test = mongodbatlas.getEncryptionAtRestOutput({
projectId: testEncryptionAtRest.projectId,
});
export const isAzureEncryptionAtRestValid = test.apply(test => test.azureKeyVaultConfig?.valid);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test_encryption_at_rest = mongodbatlas.EncryptionAtRest("test",
project_id=atlas_project_id,
azure_key_vault_config={
"enabled": True,
"azure_environment": "AZURE",
"subscription_id": azure_subscription_id,
"resource_group_name": azure_resource_group_name,
"key_vault_name": azure_key_vault_name,
"key_identifier": azure_key_identifier,
"role_id": azure_role_id,
})
test = mongodbatlas.get_encryption_at_rest_output(project_id=test_encryption_at_rest.project_id)
pulumi.export("isAzureEncryptionAtRestValid", test.azure_key_vault_config.valid)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testEncryptionAtRest, err := mongodbatlas.NewEncryptionAtRest(ctx, "test", &mongodbatlas.EncryptionAtRestArgs{
ProjectId: pulumi.Any(atlasProjectId),
AzureKeyVaultConfig: &mongodbatlas.EncryptionAtRestAzureKeyVaultConfigArgs{
Enabled: pulumi.Bool(true),
AzureEnvironment: pulumi.String("AZURE"),
SubscriptionId: pulumi.Any(azureSubscriptionId),
ResourceGroupName: pulumi.Any(azureResourceGroupName),
KeyVaultName: pulumi.Any(azureKeyVaultName),
KeyIdentifier: pulumi.Any(azureKeyIdentifier),
RoleId: pulumi.Any(azureRoleId),
},
})
if err != nil {
return err
}
test := mongodbatlas.LookupEncryptionAtRestOutput(ctx, mongodbatlas.GetEncryptionAtRestOutputArgs{
ProjectId: testEncryptionAtRest.ProjectId,
}, nil)
ctx.Export("isAzureEncryptionAtRestValid", test.ApplyT(func(test mongodbatlas.GetEncryptionAtRestResult) (*bool, error) {
return &test.AzureKeyVaultConfig.Valid, nil
}).(pulumi.BoolPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var testEncryptionAtRest = new Mongodbatlas.EncryptionAtRest("test", new()
{
ProjectId = atlasProjectId,
AzureKeyVaultConfig = new Mongodbatlas.Inputs.EncryptionAtRestAzureKeyVaultConfigArgs
{
Enabled = true,
AzureEnvironment = "AZURE",
SubscriptionId = azureSubscriptionId,
ResourceGroupName = azureResourceGroupName,
KeyVaultName = azureKeyVaultName,
KeyIdentifier = azureKeyIdentifier,
RoleId = azureRoleId,
},
});
var test = Mongodbatlas.GetEncryptionAtRest.Invoke(new()
{
ProjectId = testEncryptionAtRest.ProjectId,
});
return new Dictionary<string, object?>
{
["isAzureEncryptionAtRestValid"] = test.Apply(getEncryptionAtRestResult => getEncryptionAtRestResult.AzureKeyVaultConfig?.Valid),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.EncryptionAtRest;
import com.pulumi.mongodbatlas.EncryptionAtRestArgs;
import com.pulumi.mongodbatlas.inputs.EncryptionAtRestAzureKeyVaultConfigArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetEncryptionAtRestArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testEncryptionAtRest = new EncryptionAtRest("testEncryptionAtRest", EncryptionAtRestArgs.builder()
.projectId(atlasProjectId)
.azureKeyVaultConfig(EncryptionAtRestAzureKeyVaultConfigArgs.builder()
.enabled(true)
.azureEnvironment("AZURE")
.subscriptionId(azureSubscriptionId)
.resourceGroupName(azureResourceGroupName)
.keyVaultName(azureKeyVaultName)
.keyIdentifier(azureKeyIdentifier)
.roleId(azureRoleId)
.build())
.build());
final var test = MongodbatlasFunctions.getEncryptionAtRest(GetEncryptionAtRestArgs.builder()
.projectId(testEncryptionAtRest.projectId())
.build());
ctx.export("isAzureEncryptionAtRestValid", test.applyValue(_test -> _test.azureKeyVaultConfig().valid()));
}
}
resources:
testEncryptionAtRest:
type: mongodbatlas:EncryptionAtRest
name: test
properties:
projectId: ${atlasProjectId}
azureKeyVaultConfig:
enabled: true
azureEnvironment: AZURE
subscriptionId: ${azureSubscriptionId}
resourceGroupName: ${azureResourceGroupName}
keyVaultName: ${azureKeyVaultName}
keyIdentifier: ${azureKeyIdentifier}
roleId: ${azureRoleId}
variables:
test:
fn::invoke:
function: mongodbatlas:getEncryptionAtRest
arguments:
projectId: ${testEncryptionAtRest.projectId}
outputs:
isAzureEncryptionAtRestValid: ${test.azureKeyVaultConfig.valid}
Manage Customer Keys with Azure Key Vault Over Private Endpoints
It is possible to configure Atlas Encryption at Rest to communicate with Customer Managed Keys (Azure Key Vault or AWS KMS) over private network interfaces (Azure Private Link or AWS PrivateLink). This requires enabling the azure_key_vault_config.require_private_networking or the aws_kms_config.require_private_networking attribute, together with the configuration of the mongodbatlas.EncryptionAtRestPrivateEndpoint resource.
Please review the mongodbatlas.EncryptionAtRestPrivateEndpoint resource documentation and complete the example for details on this functionality.
Configuring encryption at rest using customer key management in GCP
For GCP environments using static service account key, we recommend configuring encryption at rest with customer key management. For more details see our Migration Guide: Encryption at Rest (GCP) Service Account JSON to Role-based Auth.
This approach uses role-based authentication through Cloud Provider Access for a more secure solution.
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const _this = new mongodbatlas.CloudProviderAccessSetup("this", {
projectId: atlasProjectId,
providerName: "GCP",
});
const thisCloudProviderAccessAuthorization = new mongodbatlas.CloudProviderAccessAuthorization("this", {
projectId: atlasProjectId,
roleId: _this.roleId,
});
const test = new mongodbatlas.EncryptionAtRest("test", {
projectId: atlasProjectId,
googleCloudKmsConfig: {
enabled: true,
keyVersionResourceId: cryptoKey.primary[0].name,
roleId: thisCloudProviderAccessAuthorization.roleId,
},
}, {
dependsOn: [
encrypterDecrypterBinding,
viewerBinding,
],
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
this = mongodbatlas.CloudProviderAccessSetup("this",
project_id=atlas_project_id,
provider_name="GCP")
this_cloud_provider_access_authorization = mongodbatlas.CloudProviderAccessAuthorization("this",
project_id=atlas_project_id,
role_id=this.role_id)
test = mongodbatlas.EncryptionAtRest("test",
project_id=atlas_project_id,
google_cloud_kms_config={
"enabled": True,
"key_version_resource_id": crypto_key["primary"][0]["name"],
"role_id": this_cloud_provider_access_authorization.role_id,
},
opts = pulumi.ResourceOptions(depends_on=[
encrypter_decrypter_binding,
viewer_binding,
]))
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := mongodbatlas.NewCloudProviderAccessSetup(ctx, "this", &mongodbatlas.CloudProviderAccessSetupArgs{
ProjectId: pulumi.Any(atlasProjectId),
ProviderName: pulumi.String("GCP"),
})
if err != nil {
return err
}
thisCloudProviderAccessAuthorization, err := mongodbatlas.NewCloudProviderAccessAuthorization(ctx, "this", &mongodbatlas.CloudProviderAccessAuthorizationArgs{
ProjectId: pulumi.Any(atlasProjectId),
RoleId: this.RoleId,
})
if err != nil {
return err
}
_, err = mongodbatlas.NewEncryptionAtRest(ctx, "test", &mongodbatlas.EncryptionAtRestArgs{
ProjectId: pulumi.Any(atlasProjectId),
GoogleCloudKmsConfig: &mongodbatlas.EncryptionAtRestGoogleCloudKmsConfigArgs{
Enabled: pulumi.Bool(true),
KeyVersionResourceId: pulumi.Any(cryptoKey.Primary[0].Name),
RoleId: thisCloudProviderAccessAuthorization.RoleId,
},
}, pulumi.DependsOn([]pulumi.Resource{
encrypterDecrypterBinding,
viewerBinding,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var @this = new Mongodbatlas.CloudProviderAccessSetup("this", new()
{
ProjectId = atlasProjectId,
ProviderName = "GCP",
});
var thisCloudProviderAccessAuthorization = new Mongodbatlas.CloudProviderAccessAuthorization("this", new()
{
ProjectId = atlasProjectId,
RoleId = @this.RoleId,
});
var test = new Mongodbatlas.EncryptionAtRest("test", new()
{
ProjectId = atlasProjectId,
GoogleCloudKmsConfig = new Mongodbatlas.Inputs.EncryptionAtRestGoogleCloudKmsConfigArgs
{
Enabled = true,
KeyVersionResourceId = cryptoKey.Primary[0].Name,
RoleId = thisCloudProviderAccessAuthorization.RoleId,
},
}, new CustomResourceOptions
{
DependsOn =
{
encrypterDecrypterBinding,
viewerBinding,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.CloudProviderAccessSetup;
import com.pulumi.mongodbatlas.CloudProviderAccessSetupArgs;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorization;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorizationArgs;
import com.pulumi.mongodbatlas.EncryptionAtRest;
import com.pulumi.mongodbatlas.EncryptionAtRestArgs;
import com.pulumi.mongodbatlas.inputs.EncryptionAtRestGoogleCloudKmsConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new CloudProviderAccessSetup("this", CloudProviderAccessSetupArgs.builder()
.projectId(atlasProjectId)
.providerName("GCP")
.build());
var thisCloudProviderAccessAuthorization = new CloudProviderAccessAuthorization("thisCloudProviderAccessAuthorization", CloudProviderAccessAuthorizationArgs.builder()
.projectId(atlasProjectId)
.roleId(this_.roleId())
.build());
var test = new EncryptionAtRest("test", EncryptionAtRestArgs.builder()
.projectId(atlasProjectId)
.googleCloudKmsConfig(EncryptionAtRestGoogleCloudKmsConfigArgs.builder()
.enabled(true)
.keyVersionResourceId(cryptoKey.primary()[0].name())
.roleId(thisCloudProviderAccessAuthorization.roleId())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
encrypterDecrypterBinding,
viewerBinding)
.build());
}
}
resources:
this:
type: mongodbatlas:CloudProviderAccessSetup
properties:
projectId: ${atlasProjectId}
providerName: GCP
thisCloudProviderAccessAuthorization:
type: mongodbatlas:CloudProviderAccessAuthorization
name: this
properties:
projectId: ${atlasProjectId}
roleId: ${this.roleId}
test:
type: mongodbatlas:EncryptionAtRest
properties:
projectId: ${atlasProjectId}
googleCloudKmsConfig:
enabled: true
keyVersionResourceId: ${cryptoKey.primary[0].name}
roleId: ${thisCloudProviderAccessAuthorization.roleId}
options:
dependsOn:
- ${encrypterDecrypterBinding}
- ${viewerBinding}
Further Examples
- AWS KMS Encryption at Rest
- Azure Key Vault Encryption at Rest
- GCP KMS Encryption at Rest
Create EncryptionAtRest Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EncryptionAtRest(name: string, args: EncryptionAtRestArgs, opts?: CustomResourceOptions);@overload
def EncryptionAtRest(resource_name: str,
args: EncryptionAtRestArgs,
opts: Optional[ResourceOptions] = None)
@overload
def EncryptionAtRest(resource_name: str,
opts: Optional[ResourceOptions] = None,
project_id: Optional[str] = None,
aws_kms_config: Optional[EncryptionAtRestAwsKmsConfigArgs] = None,
azure_key_vault_config: Optional[EncryptionAtRestAzureKeyVaultConfigArgs] = None,
enabled_for_search_nodes: Optional[bool] = None,
google_cloud_kms_config: Optional[EncryptionAtRestGoogleCloudKmsConfigArgs] = None)func NewEncryptionAtRest(ctx *Context, name string, args EncryptionAtRestArgs, opts ...ResourceOption) (*EncryptionAtRest, error)public EncryptionAtRest(string name, EncryptionAtRestArgs args, CustomResourceOptions? opts = null)
public EncryptionAtRest(String name, EncryptionAtRestArgs args)
public EncryptionAtRest(String name, EncryptionAtRestArgs args, CustomResourceOptions options)
type: mongodbatlas:EncryptionAtRest
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EncryptionAtRestArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EncryptionAtRestArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EncryptionAtRestArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EncryptionAtRestArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EncryptionAtRestArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var encryptionAtRestResource = new Mongodbatlas.EncryptionAtRest("encryptionAtRestResource", new()
{
ProjectId = "string",
AwsKmsConfig = new Mongodbatlas.Inputs.EncryptionAtRestAwsKmsConfigArgs
{
AccessKeyId = "string",
CustomerMasterKeyId = "string",
Enabled = false,
Region = "string",
RequirePrivateNetworking = false,
RoleId = "string",
SecretAccessKey = "string",
Valid = false,
},
AzureKeyVaultConfig = new Mongodbatlas.Inputs.EncryptionAtRestAzureKeyVaultConfigArgs
{
AzureEnvironment = "string",
ClientId = "string",
Enabled = false,
KeyIdentifier = "string",
KeyVaultName = "string",
RequirePrivateNetworking = false,
ResourceGroupName = "string",
RoleId = "string",
Secret = "string",
SubscriptionId = "string",
TenantId = "string",
Valid = false,
},
EnabledForSearchNodes = false,
GoogleCloudKmsConfig = new Mongodbatlas.Inputs.EncryptionAtRestGoogleCloudKmsConfigArgs
{
Enabled = false,
KeyVersionResourceId = "string",
RoleId = "string",
ServiceAccountKey = "string",
Valid = false,
},
});
example, err := mongodbatlas.NewEncryptionAtRest(ctx, "encryptionAtRestResource", &mongodbatlas.EncryptionAtRestArgs{
ProjectId: pulumi.String("string"),
AwsKmsConfig: &mongodbatlas.EncryptionAtRestAwsKmsConfigArgs{
AccessKeyId: pulumi.String("string"),
CustomerMasterKeyId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Region: pulumi.String("string"),
RequirePrivateNetworking: pulumi.Bool(false),
RoleId: pulumi.String("string"),
SecretAccessKey: pulumi.String("string"),
Valid: pulumi.Bool(false),
},
AzureKeyVaultConfig: &mongodbatlas.EncryptionAtRestAzureKeyVaultConfigArgs{
AzureEnvironment: pulumi.String("string"),
ClientId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
KeyIdentifier: pulumi.String("string"),
KeyVaultName: pulumi.String("string"),
RequirePrivateNetworking: pulumi.Bool(false),
ResourceGroupName: pulumi.String("string"),
RoleId: pulumi.String("string"),
Secret: pulumi.String("string"),
SubscriptionId: pulumi.String("string"),
TenantId: pulumi.String("string"),
Valid: pulumi.Bool(false),
},
EnabledForSearchNodes: pulumi.Bool(false),
GoogleCloudKmsConfig: &mongodbatlas.EncryptionAtRestGoogleCloudKmsConfigArgs{
Enabled: pulumi.Bool(false),
KeyVersionResourceId: pulumi.String("string"),
RoleId: pulumi.String("string"),
ServiceAccountKey: pulumi.String("string"),
Valid: pulumi.Bool(false),
},
})
var encryptionAtRestResource = new EncryptionAtRest("encryptionAtRestResource", EncryptionAtRestArgs.builder()
.projectId("string")
.awsKmsConfig(EncryptionAtRestAwsKmsConfigArgs.builder()
.accessKeyId("string")
.customerMasterKeyId("string")
.enabled(false)
.region("string")
.requirePrivateNetworking(false)
.roleId("string")
.secretAccessKey("string")
.valid(false)
.build())
.azureKeyVaultConfig(EncryptionAtRestAzureKeyVaultConfigArgs.builder()
.azureEnvironment("string")
.clientId("string")
.enabled(false)
.keyIdentifier("string")
.keyVaultName("string")
.requirePrivateNetworking(false)
.resourceGroupName("string")
.roleId("string")
.secret("string")
.subscriptionId("string")
.tenantId("string")
.valid(false)
.build())
.enabledForSearchNodes(false)
.googleCloudKmsConfig(EncryptionAtRestGoogleCloudKmsConfigArgs.builder()
.enabled(false)
.keyVersionResourceId("string")
.roleId("string")
.serviceAccountKey("string")
.valid(false)
.build())
.build());
encryption_at_rest_resource = mongodbatlas.EncryptionAtRest("encryptionAtRestResource",
project_id="string",
aws_kms_config={
"access_key_id": "string",
"customer_master_key_id": "string",
"enabled": False,
"region": "string",
"require_private_networking": False,
"role_id": "string",
"secret_access_key": "string",
"valid": False,
},
azure_key_vault_config={
"azure_environment": "string",
"client_id": "string",
"enabled": False,
"key_identifier": "string",
"key_vault_name": "string",
"require_private_networking": False,
"resource_group_name": "string",
"role_id": "string",
"secret": "string",
"subscription_id": "string",
"tenant_id": "string",
"valid": False,
},
enabled_for_search_nodes=False,
google_cloud_kms_config={
"enabled": False,
"key_version_resource_id": "string",
"role_id": "string",
"service_account_key": "string",
"valid": False,
})
const encryptionAtRestResource = new mongodbatlas.EncryptionAtRest("encryptionAtRestResource", {
projectId: "string",
awsKmsConfig: {
accessKeyId: "string",
customerMasterKeyId: "string",
enabled: false,
region: "string",
requirePrivateNetworking: false,
roleId: "string",
secretAccessKey: "string",
valid: false,
},
azureKeyVaultConfig: {
azureEnvironment: "string",
clientId: "string",
enabled: false,
keyIdentifier: "string",
keyVaultName: "string",
requirePrivateNetworking: false,
resourceGroupName: "string",
roleId: "string",
secret: "string",
subscriptionId: "string",
tenantId: "string",
valid: false,
},
enabledForSearchNodes: false,
googleCloudKmsConfig: {
enabled: false,
keyVersionResourceId: "string",
roleId: "string",
serviceAccountKey: "string",
valid: false,
},
});
type: mongodbatlas:EncryptionAtRest
properties:
awsKmsConfig:
accessKeyId: string
customerMasterKeyId: string
enabled: false
region: string
requirePrivateNetworking: false
roleId: string
secretAccessKey: string
valid: false
azureKeyVaultConfig:
azureEnvironment: string
clientId: string
enabled: false
keyIdentifier: string
keyVaultName: string
requirePrivateNetworking: false
resourceGroupName: string
roleId: string
secret: string
subscriptionId: string
tenantId: string
valid: false
enabledForSearchNodes: false
googleCloudKmsConfig:
enabled: false
keyVersionResourceId: string
roleId: string
serviceAccountKey: string
valid: false
projectId: string
EncryptionAtRest Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EncryptionAtRest resource accepts the following input properties:
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Aws
Kms EncryptionConfig At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- Azure
Key EncryptionVault Config At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- Enabled
For boolSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- Google
Cloud EncryptionKms Config At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Aws
Kms EncryptionConfig At Rest Aws Kms Config Args - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- Azure
Key EncryptionVault Config At Rest Azure Key Vault Config Args - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- Enabled
For boolSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- Google
Cloud EncryptionKms Config At Rest Google Cloud Kms Config Args - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms EncryptionConfig At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key EncryptionVault Config At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- enabled
For BooleanSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- google
Cloud EncryptionKms Config At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms EncryptionConfig At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key EncryptionVault Config At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- enabled
For booleanSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- google
Cloud EncryptionKms Config At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- aws_
kms_ Encryptionconfig At Rest Aws Kms Config Args - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure_
key_ Encryptionvault_ config At Rest Azure Key Vault Config Args - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- enabled_
for_ boolsearch_ nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- google_
cloud_ Encryptionkms_ config At Rest Google Cloud Kms Config Args - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms Property MapConfig - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key Property MapVault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- enabled
For BooleanSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- google
Cloud Property MapKms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
Outputs
All input properties are implicitly available as output properties. Additionally, the EncryptionAtRest resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing EncryptionAtRest Resource
Get an existing EncryptionAtRest resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EncryptionAtRestState, opts?: CustomResourceOptions): EncryptionAtRest@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
aws_kms_config: Optional[EncryptionAtRestAwsKmsConfigArgs] = None,
azure_key_vault_config: Optional[EncryptionAtRestAzureKeyVaultConfigArgs] = None,
enabled_for_search_nodes: Optional[bool] = None,
google_cloud_kms_config: Optional[EncryptionAtRestGoogleCloudKmsConfigArgs] = None,
project_id: Optional[str] = None) -> EncryptionAtRestfunc GetEncryptionAtRest(ctx *Context, name string, id IDInput, state *EncryptionAtRestState, opts ...ResourceOption) (*EncryptionAtRest, error)public static EncryptionAtRest Get(string name, Input<string> id, EncryptionAtRestState? state, CustomResourceOptions? opts = null)public static EncryptionAtRest get(String name, Output<String> id, EncryptionAtRestState state, CustomResourceOptions options)resources: _: type: mongodbatlas:EncryptionAtRest get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Aws
Kms EncryptionConfig At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- Azure
Key EncryptionVault Config At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- Enabled
For boolSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- Google
Cloud EncryptionKms Config At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Aws
Kms EncryptionConfig At Rest Aws Kms Config Args - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- Azure
Key EncryptionVault Config At Rest Azure Key Vault Config Args - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- Enabled
For boolSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- Google
Cloud EncryptionKms Config At Rest Google Cloud Kms Config Args - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms EncryptionConfig At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key EncryptionVault Config At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- enabled
For BooleanSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- google
Cloud EncryptionKms Config At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms EncryptionConfig At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key EncryptionVault Config At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- enabled
For booleanSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- google
Cloud EncryptionKms Config At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- aws_
kms_ Encryptionconfig At Rest Aws Kms Config Args - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure_
key_ Encryptionvault_ config At Rest Azure Key Vault Config Args - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- enabled_
for_ boolsearch_ nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- google_
cloud_ Encryptionkms_ config At Rest Google Cloud Kms Config Args - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms Property MapConfig - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key Property MapVault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- enabled
For BooleanSearch Nodes - Flag that indicates whether Encryption at Rest for Dedicated Search Nodes is enabled in the specified project.
- google
Cloud Property MapKms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
Supporting Types
EncryptionAtRestAwsKmsConfig, EncryptionAtRestAwsKmsConfigArgs
- Access
Key stringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- Customer
Master stringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - Region string
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- Require
Private boolNetworking - Enable connection to your Amazon Web Services (AWS) Key Management Service (KMS) over private networking.
- Role
Id string - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- Secret
Access stringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- Valid bool
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- Access
Key stringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- Customer
Master stringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - Region string
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- Require
Private boolNetworking - Enable connection to your Amazon Web Services (AWS) Key Management Service (KMS) over private networking.
- Role
Id string - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- Secret
Access stringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- Valid bool
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- access
Key StringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- customer
Master StringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - region String
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- require
Private BooleanNetworking - Enable connection to your Amazon Web Services (AWS) Key Management Service (KMS) over private networking.
- role
Id String - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- secret
Access StringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- valid Boolean
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- access
Key stringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- customer
Master stringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- enabled boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - region string
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- require
Private booleanNetworking - Enable connection to your Amazon Web Services (AWS) Key Management Service (KMS) over private networking.
- role
Id string - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- secret
Access stringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- valid boolean
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- access_
key_ strid - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- customer_
master_ strkey_ id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - region str
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- require_
private_ boolnetworking - Enable connection to your Amazon Web Services (AWS) Key Management Service (KMS) over private networking.
- role_
id str - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- secret_
access_ strkey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- valid bool
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- access
Key StringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- customer
Master StringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - region String
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- require
Private BooleanNetworking - Enable connection to your Amazon Web Services (AWS) Key Management Service (KMS) over private networking.
- role
Id String - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- secret
Access StringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- valid Boolean
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
EncryptionAtRestAzureKeyVaultConfig, EncryptionAtRestAzureKeyVaultConfigArgs
- Azure
Environment string - Azure environment in which your account credentials reside.
- Client
Id string - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - Key
Identifier string - Web address with a unique key that identifies for your Azure Key Vault.
- Key
Vault stringName - Unique string that identifies the Azure Key Vault that contains your key.
- Require
Private boolNetworking - Enable connection to your Azure Key Vault over private networking.
- Resource
Group stringName - Name of the Azure resource group that contains your Azure Key Vault.
- Role
Id string - Unique 24-hexadecimal digit string that identifies the Azure Service Principal that Atlas uses to access the Azure Key Vault.
- Secret string
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- Subscription
Id string - Unique 36-hexadecimal character string that identifies your Azure subscription.
- Tenant
Id string - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- Valid bool
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- Azure
Environment string - Azure environment in which your account credentials reside.
- Client
Id string - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - Key
Identifier string - Web address with a unique key that identifies for your Azure Key Vault.
- Key
Vault stringName - Unique string that identifies the Azure Key Vault that contains your key.
- Require
Private boolNetworking - Enable connection to your Azure Key Vault over private networking.
- Resource
Group stringName - Name of the Azure resource group that contains your Azure Key Vault.
- Role
Id string - Unique 24-hexadecimal digit string that identifies the Azure Service Principal that Atlas uses to access the Azure Key Vault.
- Secret string
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- Subscription
Id string - Unique 36-hexadecimal character string that identifies your Azure subscription.
- Tenant
Id string - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- Valid bool
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- azure
Environment String - Azure environment in which your account credentials reside.
- client
Id String - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - key
Identifier String - Web address with a unique key that identifies for your Azure Key Vault.
- key
Vault StringName - Unique string that identifies the Azure Key Vault that contains your key.
- require
Private BooleanNetworking - Enable connection to your Azure Key Vault over private networking.
- resource
Group StringName - Name of the Azure resource group that contains your Azure Key Vault.
- role
Id String - Unique 24-hexadecimal digit string that identifies the Azure Service Principal that Atlas uses to access the Azure Key Vault.
- secret String
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- subscription
Id String - Unique 36-hexadecimal character string that identifies your Azure subscription.
- tenant
Id String - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- valid Boolean
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- azure
Environment string - Azure environment in which your account credentials reside.
- client
Id string - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- enabled boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - key
Identifier string - Web address with a unique key that identifies for your Azure Key Vault.
- key
Vault stringName - Unique string that identifies the Azure Key Vault that contains your key.
- require
Private booleanNetworking - Enable connection to your Azure Key Vault over private networking.
- resource
Group stringName - Name of the Azure resource group that contains your Azure Key Vault.
- role
Id string - Unique 24-hexadecimal digit string that identifies the Azure Service Principal that Atlas uses to access the Azure Key Vault.
- secret string
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- subscription
Id string - Unique 36-hexadecimal character string that identifies your Azure subscription.
- tenant
Id string - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- valid boolean
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- azure_
environment str - Azure environment in which your account credentials reside.
- client_
id str - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - key_
identifier str - Web address with a unique key that identifies for your Azure Key Vault.
- key_
vault_ strname - Unique string that identifies the Azure Key Vault that contains your key.
- require_
private_ boolnetworking - Enable connection to your Azure Key Vault over private networking.
- resource_
group_ strname - Name of the Azure resource group that contains your Azure Key Vault.
- role_
id str - Unique 24-hexadecimal digit string that identifies the Azure Service Principal that Atlas uses to access the Azure Key Vault.
- secret str
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- subscription_
id str - Unique 36-hexadecimal character string that identifies your Azure subscription.
- tenant_
id str - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- valid bool
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- azure
Environment String - Azure environment in which your account credentials reside.
- client
Id String - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - key
Identifier String - Web address with a unique key that identifies for your Azure Key Vault.
- key
Vault StringName - Unique string that identifies the Azure Key Vault that contains your key.
- require
Private BooleanNetworking - Enable connection to your Azure Key Vault over private networking.
- resource
Group StringName - Name of the Azure resource group that contains your Azure Key Vault.
- role
Id String - Unique 24-hexadecimal digit string that identifies the Azure Service Principal that Atlas uses to access the Azure Key Vault.
- secret String
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- subscription
Id String - Unique 36-hexadecimal character string that identifies your Azure subscription.
- tenant
Id String - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- valid Boolean
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
EncryptionAtRestGoogleCloudKmsConfig, EncryptionAtRestGoogleCloudKmsConfigArgs
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - Key
Version stringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- Role
Id string - Unique 24-hexadecimal digit string that identifies the Google Cloud Provider Access Role that MongoDB Cloud uses to access the Google Cloud KMS.
- Service
Account stringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- Valid bool
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - Key
Version stringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- Role
Id string - Unique 24-hexadecimal digit string that identifies the Google Cloud Provider Access Role that MongoDB Cloud uses to access the Google Cloud KMS.
- Service
Account stringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- Valid bool
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - key
Version StringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- role
Id String - Unique 24-hexadecimal digit string that identifies the Google Cloud Provider Access Role that MongoDB Cloud uses to access the Google Cloud KMS.
- service
Account StringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- valid Boolean
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- enabled boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - key
Version stringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- role
Id string - Unique 24-hexadecimal digit string that identifies the Google Cloud Provider Access Role that MongoDB Cloud uses to access the Google Cloud KMS.
- service
Account stringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- valid boolean
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - key_
version_ strresource_ id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- role_
id str - Unique 24-hexadecimal digit string that identifies the Google Cloud Provider Access Role that MongoDB Cloud uses to access the Google Cloud KMS.
- service_
account_ strkey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- valid bool
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. Setting this field to
falsemight lead to an inconsistent Terraform state. To disable encryption at rest, remove themongodbatlas.EncryptionAtRestresource and reapply your configuration. - key
Version StringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- role
Id String - Unique 24-hexadecimal digit string that identifies the Google Cloud Provider Access Role that MongoDB Cloud uses to access the Google Cloud KMS.
- service
Account StringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- valid Boolean
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
Import
Encryption at Rest Settings can be imported using project ID, in the format project_id, e.g.
$ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934
For more information see: MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.
Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
