curl -X POST https://{region}.api.konghq.com/v1/event-gateways/{eventGatewayId}/virtual-clusters/{virtualClusterId}/produce-policies \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "encrypt-using-aws",
"type": "encrypt",
"config": {
"failure_mode": "passthrough",
"part_of_record": [
"value"
],
"encryption_key": {
"type": "aws",
"arn": "'$AWS_KEY_ARN'"
}
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates.
-
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
-
virtualClusterId: The id of the Virtual Cluster.
-
eventGatewayId: The id of the Event Gateway.
-
eventGatewayListenerId: The id of the Event Gateway Listener.
See the Konnect Event Gateway API reference to learn about region-specific URLs and personal access tokens.
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect-beta = {
source = "kong/konnect-beta"
}
}
}
provider "konnect-beta" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
resource "konnect_event_gateway_produce_policy_encrypt" "my_virtual_cluster_policy_encrypt" {
provider = konnect-beta
type = "encrypt"
config = {
failure_mode = "passthrough"
part_of_record = ["value"]
encryption_key = {
type = "aws"
arn = var.aws_key_arn
}
}
virtual_cluster_id = konnect_event_gateway_virtual_cluster.my_virtual_cluster.id
gateway_id = konnect_event_gateway.my_event_gateway.id
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "aws_key_arn" {
type = string
}
