com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of aws Show documentation
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
There is a newer version: 6.60.0-alpha.1731982519
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***

package com.pulumi.aws.opensearch.inputs;

import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.exceptions.MissingRequiredPropertyException;
import java.lang.Boolean;
import java.lang.String;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;


public final class DomainEncryptAtRestArgs extends com.pulumi.resources.ResourceArgs {

    public static final DomainEncryptAtRestArgs Empty = new DomainEncryptAtRestArgs();

    /**
     * Whether to enable encryption at rest. If the `encrypt_at_rest` block is not provided then this defaults to `false`. Enabling encryption on new domains requires an `engine_version` of `OpenSearch_X.Y` or `Elasticsearch_5.1` or greater.
     * 
     */
    @Import(name="enabled", required=true)
    private Output enabled;

    /**
     * @return Whether to enable encryption at rest. If the `encrypt_at_rest` block is not provided then this defaults to `false`. Enabling encryption on new domains requires an `engine_version` of `OpenSearch_X.Y` or `Elasticsearch_5.1` or greater.
     * 
     */
    public Output enabled() {
        return this.enabled;
    }

    /**
     * KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
     * 
     */
    @Import(name="kmsKeyId")
    private @Nullable Output kmsKeyId;

    /**
     * @return KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
     * 
     */
    public Optional> kmsKeyId() {
        return Optional.ofNullable(this.kmsKeyId);
    }

    private DomainEncryptAtRestArgs() {}

    private DomainEncryptAtRestArgs(DomainEncryptAtRestArgs $) {
        this.enabled = $.enabled;
        this.kmsKeyId = $.kmsKeyId;
    }

    public static Builder builder() {
        return new Builder();
    }
    public static Builder builder(DomainEncryptAtRestArgs defaults) {
        return new Builder(defaults);
    }

    public static final class Builder {
        private DomainEncryptAtRestArgs $;

        public Builder() {
            $ = new DomainEncryptAtRestArgs();
        }

        public Builder(DomainEncryptAtRestArgs defaults) {
            $ = new DomainEncryptAtRestArgs(Objects.requireNonNull(defaults));
        }

        /**
         * @param enabled Whether to enable encryption at rest. If the `encrypt_at_rest` block is not provided then this defaults to `false`. Enabling encryption on new domains requires an `engine_version` of `OpenSearch_X.Y` or `Elasticsearch_5.1` or greater.
         * 
         * @return builder
         * 
         */
        public Builder enabled(Output enabled) {
            $.enabled = enabled;
            return this;
        }

        /**
         * @param enabled Whether to enable encryption at rest. If the `encrypt_at_rest` block is not provided then this defaults to `false`. Enabling encryption on new domains requires an `engine_version` of `OpenSearch_X.Y` or `Elasticsearch_5.1` or greater.
         * 
         * @return builder
         * 
         */
        public Builder enabled(Boolean enabled) {
            return enabled(Output.of(enabled));
        }

        /**
         * @param kmsKeyId KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
         * 
         * @return builder
         * 
         */
        public Builder kmsKeyId(@Nullable Output kmsKeyId) {
            $.kmsKeyId = kmsKeyId;
            return this;
        }

        /**
         * @param kmsKeyId KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead.
         * 
         * @return builder
         * 
         */
        public Builder kmsKeyId(String kmsKeyId) {
            return kmsKeyId(Output.of(kmsKeyId));
        }

        public DomainEncryptAtRestArgs build() {
            if ($.enabled == null) {
                throw new MissingRequiredPropertyException("DomainEncryptAtRestArgs", "enabled");
            }
            return $;
        }
    }

}