Example #1
0
    static Task Main()
    {
        return(Deployment.RunAsync(() =>
        {
            // Create a KMS Key for S3 server-side encryption
            var key = new Aws.Kms.Key("hello-world-key");

            // Create an AWS resource (S3 Bucket)
            var bucket = new Aws.S3.Bucket("hello-world-bucket", new Aws.S3.BucketArgs
            {
                ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
                {
                    Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
                    {
                        ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
                        {
                            SseAlgorithm = "aws:kms",
                            KmsMasterKeyId = key.Id,
                        },
                    },
                },
            });
            // Export the name of the bucket
            return new Dictionary <string, object> {
                { "bucket_name", bucket.Id },
            };
        }));
    }
Example #2
0
 public MyStack()
 {
     var key = new Aws.Kms.Key("key", new Aws.Kms.KeyArgs
     {
         DeletionWindowInDays = 10,
         Description          = "KMS key 1",
     });
 }
Example #3
0
 public MyStack()
 {
     var key = new Aws.Kms.Key("key", new Aws.Kms.KeyArgs
     {
     });
     var @alias = new Aws.Kms.Alias("alias", new Aws.Kms.AliasArgs
     {
         TargetKeyId = key.KeyId,
     });
 }
Example #4
0
    public MyStack()
    {
        var key = new Aws.Kms.Key("key", new Aws.Kms.KeyArgs
        {
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""lambda.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var grant = new Aws.Kms.Grant("grant", new Aws.Kms.GrantArgs
        {
            Constraints =
            {
                new Aws.Kms.Inputs.GrantConstraintArgs
                {
                    EncryptionContextEquals =
                    {
                        { "Department", "Finance" },
                    },
                },
            },
            GranteePrincipal = role.Arn,
            KeyId            = key.KeyId,
            Operations       =
            {
                "Encrypt",
                "Decrypt",
                "GenerateDataKey",
            },
        });
    }
Example #5
0
    public MyStack()
    {
        var oauthConfig = new Aws.Kms.Key("oauthConfig", new Aws.Kms.KeyArgs
        {
            Description = "oauth config",
            IsEnabled = true,
        });
        var oauth = new Aws.Kms.Ciphertext("oauth", new Aws.Kms.CiphertextArgs
        {
            KeyId = oauthConfig.KeyId,
            Plaintext = @"{
  ""client_id"": ""e587dbae22222f55da22"",
  ""client_secret"": ""8289575d00000ace55e1815ec13673955721b8a5""
}

",
        });
    }
Example #6
0
 public MyStack()
 {
     var examplekms = new Aws.Kms.Key("examplekms", new Aws.Kms.KeyArgs
     {
         DeletionWindowInDays = 7,
         Description          = "KMS key 1",
     });
     var examplebucket = new Aws.S3.Bucket("examplebucket", new Aws.S3.BucketArgs
     {
         Acl = "private",
     });
     var examplebucketObject = new Aws.S3.BucketObject("examplebucketObject", new Aws.S3.BucketObjectArgs
     {
         Bucket   = examplebucket.Id,
         Key      = "someobject",
         KmsKeyId = examplekms.Arn,
         Source   = new FileAsset("index.html"),
     });
 }
Example #7
0
 public MyStack()
 {
     var mykey = new Aws.Kms.Key("mykey", new Aws.Kms.KeyArgs
     {
         DeletionWindowInDays = 10,
         Description          = "This key is used to encrypt bucket objects",
     });
     var mybucket = new Aws.S3.Bucket("mybucket", new Aws.S3.BucketArgs
     {
         ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
         {
             Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
             {
                 ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
                 {
                     KmsMasterKeyId = mykey.Arn,
                     SseAlgorithm   = "aws:kms",
                 },
             },
         },
     });
 }
Example #8
0
 public MyStack()
 {
     var hogeBucket = new Aws.S3.Bucket("hogeBucket", new Aws.S3.BucketArgs
     {
     });
     var testKey = new Aws.Kms.Key("testKey", new Aws.Kms.KeyArgs
     {
         DeletionWindowInDays = 7,
         Description          = "Athena KMS Key",
     });
     var testWorkgroup = new Aws.Athena.Workgroup("testWorkgroup", new Aws.Athena.WorkgroupArgs
     {
         Configuration = new Aws.Athena.Inputs.WorkgroupConfigurationArgs
         {
             ResultConfiguration = new Aws.Athena.Inputs.WorkgroupConfigurationResultConfigurationArgs
             {
                 EncryptionConfiguration = new Aws.Athena.Inputs.WorkgroupConfigurationResultConfigurationEncryptionConfigurationArgs
                 {
                     EncryptionOption = "SSE_KMS",
                     KmsKeyArn        = testKey.Arn,
                 },
             },
         },
     });
     var hogeDatabase = new Aws.Athena.Database("hogeDatabase", new Aws.Athena.DatabaseArgs
     {
         Bucket = hogeBucket.Id,
         Name   = "users",
     });
     var foo = new Aws.Athena.NamedQuery("foo", new Aws.Athena.NamedQueryArgs
     {
         Database  = hogeDatabase.Name,
         Query     = hogeDatabase.Name.Apply(name => $"SELECT * FROM {name} limit 10;"),
         Workgroup = testWorkgroup.Id,
     });
 }