class SecurityConfiguration (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Glue.Alpha.SecurityConfiguration |
 Go | github.com/aws/aws-cdk-go/awscdkgluealpha/v2#SecurityConfiguration |
 Java | software.amazon.awscdk.services.glue.alpha.SecurityConfiguration |
 Python | aws_cdk.aws_glue_alpha.SecurityConfiguration |
 TypeScript (source) | @aws-cdk/aws-glue-alpha ยป SecurityConfiguration |
Implements
IConstruct, IDependable, IResource, IEnvironment, ISecurity
A security configuration is a set of security properties that can be used by AWS Glue to encrypt data at rest.
The following scenarios show some of the ways that you can use a security configuration.
- Attach a security configuration to an AWS Glue crawler to write encrypted Amazon CloudWatch Logs.
- Attach a security configuration to an extract, transform, and load (ETL) job to write encrypted Amazon Simple Storage Service (Amazon S3) targets and encrypted CloudWatch Logs.
- Attach a security configuration to an ETL job to write its jobs bookmarks as encrypted Amazon S3 data.
- Attach a security configuration to a development endpoint to write encrypted Amazon S3 targets.
Example
import * as cdk from 'aws-cdk-lib';
import * as iam from 'aws-cdk-lib/aws-iam';
declare const stack: cdk.Stack;
declare const role: iam.IRole;
declare const script: glue.Code;
new glue.RayJob(stack, 'ImportedJob', {
role,
script,
jobName: 'RayCustomJobName',
description: 'This is a description',
workerType: glue.WorkerType.Z_2X,
numberOfWorkers: 5,
runtime: glue.Runtime.RAY_TWO_FOUR,
maxRetries: 3,
maxConcurrentRuns: 100,
timeout: cdk.Duration.hours(2),
connections: [glue.Connection.fromConnectionName(stack, 'Connection', 'connectionName')],
securityConfiguration: glue.SecurityConfiguration.fromSecurityConfigurationName(stack, 'SecurityConfig', 'securityConfigName'),
tags: {
FirstTagName: 'FirstTagValue',
SecondTagName: 'SecondTagValue',
XTagName: 'XTagValue',
},
});
Initializer
new SecurityConfiguration(scope: Construct, id: string, props?: SecurityConfigurationProps)
Parameters
- scope
Construct - id
string - props
SecurityConfiguration Props
Construct Props
| Name | Type | Description |
|---|---|---|
| cloud | Cloud | The encryption configuration for Amazon CloudWatch Logs. |
| job | Job | The encryption configuration for Glue Job Bookmarks. |
| s3 | S3 | The encryption configuration for Amazon Simple Storage Service (Amazon S3) data. |
| security | string | The name of the security configuration. |
cloudWatchEncryption?
Type:
Cloud
(optional, default: no cloudwatch logs encryption.)
The encryption configuration for Amazon CloudWatch Logs.
jobBookmarksEncryption?
Type:
Job
(optional, default: no job bookmarks encryption.)
The encryption configuration for Glue Job Bookmarks.
s3Encryption?
Type:
S3
(optional, default: no s3 encryption.)
The encryption configuration for Amazon Simple Storage Service (Amazon S3) data.
securityConfigurationName?
Type:
string
(optional, default: generated by CDK.)
The name of the security configuration.
Properties
| Name | Type | Description |
|---|---|---|
| env | Resource | The environment this resource belongs to. |
| node | Node | The tree node. |
| security | string | The name of the security configuration. |
| stack | Stack | The stack in which this resource is defined. |
| cloud | IKey | The KMS key used in CloudWatch encryption if it requires a kms key. |
| job | IKey | The KMS key used in job bookmarks encryption if it requires a kms key. |
| s3 | IKey | The KMS key used in S3 encryption if it requires a kms key. |
| static PROPERTY_INJECTION_ID | string | Uniquely identifies this class. |
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
node
Type:
Node
The tree node.
securityConfigurationName
Type:
string
The name of the security configuration.
stack
Type:
Stack
The stack in which this resource is defined.
cloudWatchEncryptionKey?
Type:
IKey
(optional)
The KMS key used in CloudWatch encryption if it requires a kms key.
jobBookmarksEncryptionKey?
Type:
IKey
(optional)
The KMS key used in job bookmarks encryption if it requires a kms key.
s3EncryptionKey?
Type:
IKey
(optional)
The KMS key used in S3 encryption if it requires a kms key.
static PROPERTY_INJECTION_ID
Type:
string
Uniquely identifies this class.
Methods
| Name | Description |
|---|---|
| apply | Apply the given removal policy to this resource. |
| to | Returns a string representation of this construct. |
| static from | Creates a Connection construct that represents an external security configuration. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromSecurityConfigurationName(scope, id, securityConfigurationName)
public static fromSecurityConfigurationName(scope: Construct, id: string, securityConfigurationName: string): ISecurityConfiguration
Parameters
- scope
Constructโ The scope creating construct (usuallythis). - id
stringโ The construct's id. - securityConfigurationName
stringโ name of external security configuration.
Returns
Creates a Connection construct that represents an external security configuration.