dms_replication_instance_encryption_enabled

Implementation

Choose the approach that matches how you manage Terraform.

Open source moduleTerraform resources

If you use terraform-aws-modules/dms/aws, set the right module inputs for this control. You can later migrate to the compliance.tf module with minimal changes because it is compatible by design.

module "dms" {
  source  = "terraform-aws-modules/dms/aws"
  version = ">=2.0.0"

  create_iam_roles                     = false
  repl_instance_class                  = "dms.t3.small"
  repl_instance_id                     = "abc123"
  repl_instance_vpc_security_group_ids = ["sg-abc12345"]
  repl_subnet_group_description        = "DMS Subnet group for pofix testing"
  repl_subnet_group_name               = "abc123"
  repl_subnet_group_subnet_ids         = ["subnet-abc123", "subnet-def456"]

  repl_instance_kms_key_arn = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"
}

Use AWS provider resources directly. See docs for the resources involved: aws_dms_replication_instance.

resource "aws_dms_replication_instance" "this" {
  replication_instance_class = "dms.t3.small"
  replication_instance_id    = "pofix-abc123"

  kms_key_arn = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"
}

Tool mappings

Use these identifiers to cross-reference this control across tools, reports, and evidence.

Compliance.tf Control: dms_replication_instance_encryption_enabled