文档

alicloud_oss_bucket_server_side_encryption

更新时间:
一键部署

Provides a OSS Bucket Server Side Encryption resource. Server-side encryption rules of the bucket.

For information about OSS Bucket Server Side Encryption and how to use it, see What is Bucket Server Side Encryption.

-> NOTE: Available since v1.222.0.

Example Usage

Basic Usage

variable "name" {
  default = "terraform-example"
}

provider "alicloud" {
  region = "cn-hangzhou"
}

resource "random_integer" "default" {
  min = 10000
  max = 99999
}

resource "alicloud_oss_bucket" "CreateBucket" {
  storage_class = "Standard"
  bucket        = "${var.name}-${random_integer.default.result}"
  lifecycle {
    ignore_changes = [
      server_side_encryption_rule,
    ]
  }
}

resource "alicloud_kms_key" "GetKMS" {
  origin                 = "Aliyun_KMS"
  protection_level       = "SOFTWARE"
  description            = var.name
  key_spec               = "Aliyun_AES_256"
  key_usage              = "ENCRYPT/DECRYPT"
  automatic_rotation     = "Disabled"
  pending_window_in_days = 7
}


resource "alicloud_oss_bucket_server_side_encryption" "default" {
  kms_data_encryption = "SM4"
  kms_master_key_id   = alicloud_kms_key.GetKMS.id
  bucket              = alicloud_oss_bucket.CreateBucket.bucket
  sse_algorithm       = "KMS"
}

Argument Reference

The following arguments are supported:

  • bucket - (Required, ForceNew) The name of the bucket.
  • kms_data_encryption - (Optional) The algorithm used to encrypt objects. If this element is not specified, objects are encrypted by using AES256. This element is valid only when the value of SSEAlgorithm is set to KMS.
  • kms_master_key_id - (Optional) The CMK ID that must be specified when SSEAlgorithm is set to KMS and a specified CMK is used for encryption. In other cases, this element must be set to null.
  • sse_algorithm - (Required) The server-side encryption method. Valid Values: KMS, AES256.

Attributes Reference

The following attributes are exported:

  • id - The ID of the resource supplied above.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 5 mins) Used when create the Bucket Server Side Encryption.
  • delete - (Defaults to 5 mins) Used when delete the Bucket Server Side Encryption.
  • update - (Defaults to 5 mins) Used when update the Bucket Server Side Encryption.

Import

OSS Bucket Server Side Encryption can be imported using the id, e.g.

$ terraform import alicloud_oss_bucket_server_side_encryption.example <id>