INTMDB-245: Added an example for encryption at rest using azure with a cluster #566
Conversation
| encryption_at_rest_provider = "AZURE" | ||
| } | ||
| ``` | ||
| **NOTE** To disable the encryption at rest, all the clusters of the same project must be deleted. |
There was a problem hiding this comment.
First there's actually two methods. Deleteing all the clusters is one but they can also disable encryption at rest with BYOK by setting encryption_at_rest_provider = "NONE" (see the docs)
This is important enough I'd move it to the top of this docs as an IMPORTANT NOTE. Also edit:
NOTE To disable the encryption at rest with customer key management for a project all existing clusters in the project must first either have encryption at rest for the provider set to none, e.g. encryption_at_rest_provider = "NONE", or be deleted.
| resource "mongodbatlas_encryption_at_rest" "default" { | ||
| (...) | ||
| depends_on = [mongodbatlas_cloud_provider_access_setup.<resource_name>, mongodbatlas_cloud_provider_access_authorization.<resource_name>] | ||
| } | ||
| ``` | ||
|
|
||
| ## Example of encryption at rest with azure and a cluster using its encryption at rest |
There was a problem hiding this comment.
So we are providing this for Azure but it would be similar for any cloud provider, correct? Also a slight edit for clarity:
Example: Configuring encryption at rest using customer key management in Azure and then creating a cluster
There was a problem hiding this comment.
Hi melissa, yes it's similar for any cloud provider, understood will make change shortly, thank you
| resource "mongodbatlas_encryption_at_rest" "default" { | ||
| (...) | ||
| depends_on = [mongodbatlas_cloud_provider_access_setup.<resource_name>, mongodbatlas_cloud_provider_access_authorization.<resource_name>] | ||
| } | ||
| ``` | ||
|
|
||
| ## Example of encryption at rest with azure and a cluster using its encryption at rest | ||
|
|
||
| **NOTE** Since the cluster wants to use the encryption at rest it should wait for `mongodbatlas_encryption_at_rest` to finish first by using implicit dependency of `project_id`(see the example below). |
There was a problem hiding this comment.
Slight edit, I'd remove Note as this is is really general instructions for the example:
The configuration of encryption at rest with customer key management, mongodbatlas_encryption_at_rest, needs to be completed before a cluster is created in the project. Force this wait by using an implicit dependency via project_id as shown in the example below.
| The configuration of encryption at rest with customer key management, `mongodbatlas_encryption_at_rest`, needs to be completed before a cluster is created in the project. Force this wait by using an implicit dependency via `project_id` as shown in the example below. | ||
|
|
||
| ```terraform | ||
| resource "mongodbatlas_encryption_at_rest" "example" { |
There was a problem hiding this comment.
You tested this right?
There was a problem hiding this comment.
Yes for the example I tested manually with and without using implicit dependency, without dependency got some issues related to waiting and with dependency I didn't had any issues for creating/destroying.
There was a problem hiding this comment.
@coderGo93 did you test the option I noted, setting the clusters to None? We should probably make sure there's no timing issue with that and Terraform as well.
There was a problem hiding this comment.
@themantissa Not like that, will do that and let you know if I had issues or not.
There was a problem hiding this comment.
Hi @themantissa , I tested manually again with setting None in cluster, it worked without any issues.
Steps:
- Create a encryption then cluster with dependency
- Set
encryption_at_rest_providerto None in cluster then terraform apply to update - Then destroy the encryption at rest resource without destroying the cluster(setting count = 0 in encryption at rest resource)
There was a problem hiding this comment.
Well done @coderGo93, just what we needed. Thank you
…a cluster (#566) * added details about encryption at rest using with cluster in docs * updated docs Co-authored-by: Edgar Lopez <edgarlopez@pop-os.localdomain>
Description
Link to any related issue(s):
#518
Type of change:
Required Checklist:
Further comments