@pulumi/mongodbatlas 3.18.0-alpha.1726033906 → 3.18.0-alpha.1726175162

package/getEncryptionAtRest.d.ts

@@ -0,0 +1,275 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as outputs from "./types/output";
+/**
+ * ## # Data Source: mongodbatlas.EncryptionAtRest
+ *
+ * `mongodbatlas.EncryptionAtRest` describes encryption at rest configuration for an Atlas project with one of the following providers:
+ *
+ * [Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms)
+ * [Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms)
+ * [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms)
+ *
+ * > **IMPORTANT** By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes.
+ *
+ * > **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management
+ *
+ * > **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation.
+ *
+ * ## Example Usage
+ *
+ * ### S
+ *
+ * ### Configuring encryption at rest using customer key management in AWS
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
+ *     projectId: atlasProjectId,
+ *     providerName: "AWS",
+ * });
+ * const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
+ *     projectId: atlasProjectId,
+ *     roleId: setupOnly.roleId,
+ *     aws: {
+ *         iamAssumedRoleArn: testRole.arn,
+ *     },
+ * });
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     awsKmsConfig: {
+ *         enabled: true,
+ *         customerMasterKeyId: kmsKey.id,
+ *         region: atlasRegion,
+ *         roleId: authRole.roleId,
+ *     },
+ * });
+ * const cluster = new mongodbatlas.AdvancedCluster("cluster", {
+ *     projectId: testEncryptionAtRest.projectId,
+ *     name: "MyCluster",
+ *     clusterType: "REPLICASET",
+ *     backupEnabled: true,
+ *     encryptionAtRestProvider: "AWS",
+ *     replicationSpecs: [{
+ *         regionConfigs: [{
+ *             priority: 7,
+ *             providerName: "AWS",
+ *             regionName: "US_EAST_1",
+ *             electableSpecs: {
+ *                 instanceSize: "M10",
+ *                 nodeCount: 3,
+ *             },
+ *         }],
+ *     }],
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isAwsKmsEncryptionAtRestValid = test.apply(test => test.awsKmsConfig?.valid);
+ * ```
+ *
+ * ### Configuring encryption at rest using customer key management in Azure
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     azureKeyVaultConfig: {
+ *         enabled: true,
+ *         azureEnvironment: "AZURE",
+ *         tenantId: azureTenantId,
+ *         subscriptionId: azureSubscriptionId,
+ *         clientId: azureClientId,
+ *         secret: azureClientSecret,
+ *         resourceGroupName: azureResourceGroupName,
+ *         keyVaultName: azureKeyVaultName,
+ *         keyIdentifier: azureKeyIdentifier,
+ *     },
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isAzureEncryptionAtRestValid = test.apply(test => test.azureKeyVaultConfig?.valid);
+ * ```
+ *
+ * > **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas.EncryptionAtRestPrivateEndpoint` resource for details.
+ *
+ * ### Configuring encryption at rest using customer key management in GCP
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     googleCloudKmsConfig: {
+ *         enabled: true,
+ *         serviceAccountKey: "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}",
+ *         keyVersionResourceId: "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1",
+ *     },
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isGcpEncryptionAtRestValid = test.apply(test => test.googleCloudKmsConfig?.valid);
+ * ```
+ */
+export declare function getEncryptionAtRest(args: GetEncryptionAtRestArgs, opts?: pulumi.InvokeOptions): Promise<GetEncryptionAtRestResult>;
+/**
+ * A collection of arguments for invoking getEncryptionAtRest.
+ */
+export interface GetEncryptionAtRestArgs {
+    /**
+     * Unique 24-hexadecimal digit string that identifies your project.
+     */
+    projectId: string;
+}
+/**
+ * A collection of values returned by getEncryptionAtRest.
+ */
+export interface GetEncryptionAtRestResult {
+    /**
+     * Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
+     */
+    readonly awsKmsConfig: outputs.GetEncryptionAtRestAwsKmsConfig;
+    /**
+     * Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
+     */
+    readonly azureKeyVaultConfig: outputs.GetEncryptionAtRestAzureKeyVaultConfig;
+    /**
+     * Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
+     */
+    readonly googleCloudKmsConfig: outputs.GetEncryptionAtRestGoogleCloudKmsConfig;
+    /**
+     * The ID of this resource.
+     */
+    readonly id: string;
+    /**
+     * Unique 24-hexadecimal digit string that identifies your project.
+     */
+    readonly projectId: string;
+}
+/**
+ * ## # Data Source: mongodbatlas.EncryptionAtRest
+ *
+ * `mongodbatlas.EncryptionAtRest` describes encryption at rest configuration for an Atlas project with one of the following providers:
+ *
+ * [Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms)
+ * [Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms)
+ * [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms)
+ *
+ * > **IMPORTANT** By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes.
+ *
+ * > **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management
+ *
+ * > **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation.
+ *
+ * ## Example Usage
+ *
+ * ### S
+ *
+ * ### Configuring encryption at rest using customer key management in AWS
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
+ *     projectId: atlasProjectId,
+ *     providerName: "AWS",
+ * });
+ * const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
+ *     projectId: atlasProjectId,
+ *     roleId: setupOnly.roleId,
+ *     aws: {
+ *         iamAssumedRoleArn: testRole.arn,
+ *     },
+ * });
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     awsKmsConfig: {
+ *         enabled: true,
+ *         customerMasterKeyId: kmsKey.id,
+ *         region: atlasRegion,
+ *         roleId: authRole.roleId,
+ *     },
+ * });
+ * const cluster = new mongodbatlas.AdvancedCluster("cluster", {
+ *     projectId: testEncryptionAtRest.projectId,
+ *     name: "MyCluster",
+ *     clusterType: "REPLICASET",
+ *     backupEnabled: true,
+ *     encryptionAtRestProvider: "AWS",
+ *     replicationSpecs: [{
+ *         regionConfigs: [{
+ *             priority: 7,
+ *             providerName: "AWS",
+ *             regionName: "US_EAST_1",
+ *             electableSpecs: {
+ *                 instanceSize: "M10",
+ *                 nodeCount: 3,
+ *             },
+ *         }],
+ *     }],
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isAwsKmsEncryptionAtRestValid = test.apply(test => test.awsKmsConfig?.valid);
+ * ```
+ *
+ * ### Configuring encryption at rest using customer key management in Azure
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     azureKeyVaultConfig: {
+ *         enabled: true,
+ *         azureEnvironment: "AZURE",
+ *         tenantId: azureTenantId,
+ *         subscriptionId: azureSubscriptionId,
+ *         clientId: azureClientId,
+ *         secret: azureClientSecret,
+ *         resourceGroupName: azureResourceGroupName,
+ *         keyVaultName: azureKeyVaultName,
+ *         keyIdentifier: azureKeyIdentifier,
+ *     },
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isAzureEncryptionAtRestValid = test.apply(test => test.azureKeyVaultConfig?.valid);
+ * ```
+ *
+ * > **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas.EncryptionAtRestPrivateEndpoint` resource for details.
+ *
+ * ### Configuring encryption at rest using customer key management in GCP
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     googleCloudKmsConfig: {
+ *         enabled: true,
+ *         serviceAccountKey: "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}",
+ *         keyVersionResourceId: "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1",
+ *     },
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isGcpEncryptionAtRestValid = test.apply(test => test.googleCloudKmsConfig?.valid);
+ * ```
+ */
+export declare function getEncryptionAtRestOutput(args: GetEncryptionAtRestOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output<GetEncryptionAtRestResult>;
+/**
+ * A collection of arguments for invoking getEncryptionAtRest.
+ */
+export interface GetEncryptionAtRestOutputArgs {
+    /**
+     * Unique 24-hexadecimal digit string that identifies your project.
+     */
+    projectId: pulumi.Input<string>;
+}

package/getEncryptionAtRest.js

@@ -0,0 +1,247 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getEncryptionAtRestOutput = exports.getEncryptionAtRest = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * ## # Data Source: mongodbatlas.EncryptionAtRest
+ *
+ * `mongodbatlas.EncryptionAtRest` describes encryption at rest configuration for an Atlas project with one of the following providers:
+ *
+ * [Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms)
+ * [Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms)
+ * [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms)
+ *
+ * > **IMPORTANT** By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes.
+ *
+ * > **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management
+ *
+ * > **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation.
+ *
+ * ## Example Usage
+ *
+ * ### S
+ *
+ * ### Configuring encryption at rest using customer key management in AWS
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
+ *     projectId: atlasProjectId,
+ *     providerName: "AWS",
+ * });
+ * const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
+ *     projectId: atlasProjectId,
+ *     roleId: setupOnly.roleId,
+ *     aws: {
+ *         iamAssumedRoleArn: testRole.arn,
+ *     },
+ * });
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     awsKmsConfig: {
+ *         enabled: true,
+ *         customerMasterKeyId: kmsKey.id,
+ *         region: atlasRegion,
+ *         roleId: authRole.roleId,
+ *     },
+ * });
+ * const cluster = new mongodbatlas.AdvancedCluster("cluster", {
+ *     projectId: testEncryptionAtRest.projectId,
+ *     name: "MyCluster",
+ *     clusterType: "REPLICASET",
+ *     backupEnabled: true,
+ *     encryptionAtRestProvider: "AWS",
+ *     replicationSpecs: [{
+ *         regionConfigs: [{
+ *             priority: 7,
+ *             providerName: "AWS",
+ *             regionName: "US_EAST_1",
+ *             electableSpecs: {
+ *                 instanceSize: "M10",
+ *                 nodeCount: 3,
+ *             },
+ *         }],
+ *     }],
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isAwsKmsEncryptionAtRestValid = test.apply(test => test.awsKmsConfig?.valid);
+ * ```
+ *
+ * ### Configuring encryption at rest using customer key management in Azure
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     azureKeyVaultConfig: {
+ *         enabled: true,
+ *         azureEnvironment: "AZURE",
+ *         tenantId: azureTenantId,
+ *         subscriptionId: azureSubscriptionId,
+ *         clientId: azureClientId,
+ *         secret: azureClientSecret,
+ *         resourceGroupName: azureResourceGroupName,
+ *         keyVaultName: azureKeyVaultName,
+ *         keyIdentifier: azureKeyIdentifier,
+ *     },
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isAzureEncryptionAtRestValid = test.apply(test => test.azureKeyVaultConfig?.valid);
+ * ```
+ *
+ * > **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas.EncryptionAtRestPrivateEndpoint` resource for details.
+ *
+ * ### Configuring encryption at rest using customer key management in GCP
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     googleCloudKmsConfig: {
+ *         enabled: true,
+ *         serviceAccountKey: "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}",
+ *         keyVersionResourceId: "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1",
+ *     },
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isGcpEncryptionAtRestValid = test.apply(test => test.googleCloudKmsConfig?.valid);
+ * ```
+ */
+function getEncryptionAtRest(args, opts) {
+    opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});
+    return pulumi.runtime.invoke("mongodbatlas:index/getEncryptionAtRest:getEncryptionAtRest", {
+        "projectId": args.projectId,
+    }, opts);
+}
+exports.getEncryptionAtRest = getEncryptionAtRest;
+/**
+ * ## # Data Source: mongodbatlas.EncryptionAtRest
+ *
+ * `mongodbatlas.EncryptionAtRest` describes encryption at rest configuration for an Atlas project with one of the following providers:
+ *
+ * [Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms)
+ * [Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms)
+ * [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms)
+ *
+ * > **IMPORTANT** By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes.
+ *
+ * > **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management
+ *
+ * > **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation.
+ *
+ * ## Example Usage
+ *
+ * ### S
+ *
+ * ### Configuring encryption at rest using customer key management in AWS
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
+ *     projectId: atlasProjectId,
+ *     providerName: "AWS",
+ * });
+ * const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
+ *     projectId: atlasProjectId,
+ *     roleId: setupOnly.roleId,
+ *     aws: {
+ *         iamAssumedRoleArn: testRole.arn,
+ *     },
+ * });
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     awsKmsConfig: {
+ *         enabled: true,
+ *         customerMasterKeyId: kmsKey.id,
+ *         region: atlasRegion,
+ *         roleId: authRole.roleId,
+ *     },
+ * });
+ * const cluster = new mongodbatlas.AdvancedCluster("cluster", {
+ *     projectId: testEncryptionAtRest.projectId,
+ *     name: "MyCluster",
+ *     clusterType: "REPLICASET",
+ *     backupEnabled: true,
+ *     encryptionAtRestProvider: "AWS",
+ *     replicationSpecs: [{
+ *         regionConfigs: [{
+ *             priority: 7,
+ *             providerName: "AWS",
+ *             regionName: "US_EAST_1",
+ *             electableSpecs: {
+ *                 instanceSize: "M10",
+ *                 nodeCount: 3,
+ *             },
+ *         }],
+ *     }],
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isAwsKmsEncryptionAtRestValid = test.apply(test => test.awsKmsConfig?.valid);
+ * ```
+ *
+ * ### Configuring encryption at rest using customer key management in Azure
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     azureKeyVaultConfig: {
+ *         enabled: true,
+ *         azureEnvironment: "AZURE",
+ *         tenantId: azureTenantId,
+ *         subscriptionId: azureSubscriptionId,
+ *         clientId: azureClientId,
+ *         secret: azureClientSecret,
+ *         resourceGroupName: azureResourceGroupName,
+ *         keyVaultName: azureKeyVaultName,
+ *         keyIdentifier: azureKeyIdentifier,
+ *     },
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isAzureEncryptionAtRestValid = test.apply(test => test.azureKeyVaultConfig?.valid);
+ * ```
+ *
+ * > **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas.EncryptionAtRestPrivateEndpoint` resource for details.
+ *
+ * ### Configuring encryption at rest using customer key management in GCP
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
+ *     projectId: atlasProjectId,
+ *     googleCloudKmsConfig: {
+ *         enabled: true,
+ *         serviceAccountKey: "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}",
+ *         keyVersionResourceId: "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1",
+ *     },
+ * });
+ * const test = mongodbatlas.getEncryptionAtRestOutput({
+ *     projectId: testEncryptionAtRest.projectId,
+ * });
+ * export const isGcpEncryptionAtRestValid = test.apply(test => test.googleCloudKmsConfig?.valid);
+ * ```
+ */
+function getEncryptionAtRestOutput(args, opts) {
+    return pulumi.output(args).apply((a) => getEncryptionAtRest(a, opts));
+}
+exports.getEncryptionAtRestOutput = getEncryptionAtRestOutput;
+//# sourceMappingURL=getEncryptionAtRest.js.map

package/getEncryptionAtRest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getEncryptionAtRest.js","sourceRoot":"","sources":["../getEncryptionAtRest.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiHG;AACH,SAAgB,mBAAmB,CAAC,IAA6B,EAAE,IAA2B;IAE1F,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,4DAA4D,EAAE;QACvF,WAAW,EAAE,IAAI,CAAC,SAAS;KAC9B,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AAND,kDAMC;AAqCD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiHG;AACH,SAAgB,yBAAyB,CAAC,IAAmC,EAAE,IAA2B;IACtG,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,mBAAmB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAA;AAC9E,CAAC;AAFD,8DAEC"}

package/getEncryptionAtRestPrivateEndpoint.d.ts

@@ -0,0 +1,122 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * ## # Data Source: mongodbatlas.EncryptionAtRestPrivateEndpoint
+ *
+ * `mongodbatlas.EncryptionAtRestPrivateEndpoint` describes a private endpoint used for encryption at rest using customer-managed keys.
+ *
+ * > **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager.
+ * To learn more about existing limitations, see [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
+ *
+ * ## Example Usage
+ *
+ * ### S
+ *
+ * > **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time.
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const single = mongodbatlas.getEncryptionAtRestPrivateEndpoint({
+ *     projectId: atlasProjectId,
+ *     cloudProvider: "AZURE",
+ *     id: endpoint.id,
+ * });
+ * export const endpointConnectionName = single.then(single => single.privateEndpointConnectionName);
+ * ```
+ */
+export declare function getEncryptionAtRestPrivateEndpoint(args: GetEncryptionAtRestPrivateEndpointArgs, opts?: pulumi.InvokeOptions): Promise<GetEncryptionAtRestPrivateEndpointResult>;
+/**
+ * A collection of arguments for invoking getEncryptionAtRestPrivateEndpoint.
+ */
+export interface GetEncryptionAtRestPrivateEndpointArgs {
+    /**
+     * Label that identifies the cloud provider of the private endpoint.
+     */
+    cloudProvider: string;
+    /**
+     * Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.
+     */
+    id: string;
+    /**
+     * Unique 24-hexadecimal digit string that identifies your project.
+     */
+    projectId: string;
+}
+/**
+ * A collection of values returned by getEncryptionAtRestPrivateEndpoint.
+ */
+export interface GetEncryptionAtRestPrivateEndpointResult {
+    /**
+     * Label that identifies the cloud provider of the private endpoint.
+     */
+    readonly cloudProvider: string;
+    /**
+     * Error message for failures associated with the Encryption At Rest private endpoint.
+     */
+    readonly errorMessage: string;
+    /**
+     * Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.
+     */
+    readonly id: string;
+    /**
+     * Connection name of the Azure Private Endpoint.
+     */
+    readonly privateEndpointConnectionName: string;
+    /**
+     * Unique 24-hexadecimal digit string that identifies your project.
+     */
+    readonly projectId: string;
+    /**
+     * Cloud provider region in which the Encryption At Rest private endpoint is located.
+     */
+    readonly regionName: string;
+    /**
+     * State of the Encryption At Rest private endpoint.
+     */
+    readonly status: string;
+}
+/**
+ * ## # Data Source: mongodbatlas.EncryptionAtRestPrivateEndpoint
+ *
+ * `mongodbatlas.EncryptionAtRestPrivateEndpoint` describes a private endpoint used for encryption at rest using customer-managed keys.
+ *
+ * > **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager.
+ * To learn more about existing limitations, see [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
+ *
+ * ## Example Usage
+ *
+ * ### S
+ *
+ * > **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time.
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as mongodbatlas from "@pulumi/mongodbatlas";
+ *
+ * const single = mongodbatlas.getEncryptionAtRestPrivateEndpoint({
+ *     projectId: atlasProjectId,
+ *     cloudProvider: "AZURE",
+ *     id: endpoint.id,
+ * });
+ * export const endpointConnectionName = single.then(single => single.privateEndpointConnectionName);
+ * ```
+ */
+export declare function getEncryptionAtRestPrivateEndpointOutput(args: GetEncryptionAtRestPrivateEndpointOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output<GetEncryptionAtRestPrivateEndpointResult>;
+/**
+ * A collection of arguments for invoking getEncryptionAtRestPrivateEndpoint.
+ */
+export interface GetEncryptionAtRestPrivateEndpointOutputArgs {
+    /**
+     * Label that identifies the cloud provider of the private endpoint.
+     */
+    cloudProvider: pulumi.Input<string>;
+    /**
+     * Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.
+     */
+    id: pulumi.Input<string>;
+    /**
+     * Unique 24-hexadecimal digit string that identifies your project.
+     */
+    projectId: pulumi.Input<string>;
+}