Class CfnDataCatalogEncryptionSettingsPropsMixin.ConnectionPasswordEncryptionProperty
The data structure used by the Data Catalog to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties.
Inherited Members
Namespace: Amazon.CDK.CfnPropertyMixins.AWS.Glue
Assembly: Amazon.CDK.CfnPropertyMixins.dll
Syntax (csharp)
public class CfnDataCatalogEncryptionSettingsPropsMixin.ConnectionPasswordEncryptionProperty : CfnDataCatalogEncryptionSettingsPropsMixin.IConnectionPasswordEncryptionPropertySyntax (vb)
Public Class CfnDataCatalogEncryptionSettingsPropsMixin.ConnectionPasswordEncryptionProperty Implements CfnDataCatalogEncryptionSettingsPropsMixin.IConnectionPasswordEncryptionPropertyRemarks
You can enable catalog encryption or only password encryption.
When a CreationConnection request arrives containing a password, the Data Catalog first encrypts the password using your AWS key. It then encrypts the whole connection object again if catalog encryption is also enabled.
This encryption requires that you set AWS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.Glue;
var connectionPasswordEncryptionProperty = new ConnectionPasswordEncryptionProperty {
KmsKeyId = "kmsKeyId",
ReturnConnectionPasswordEncrypted = false
};Synopsis
Constructors
| ConnectionPasswordEncryptionProperty() | The data structure used by the Data Catalog to encrypt the password as part of |
Properties
| KmsKeyId | An AWS key that is used to encrypt the connection password. |
| ReturnConnectionPasswordEncrypted | When the |
Constructors
ConnectionPasswordEncryptionProperty()
The data structure used by the Data Catalog to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties.
public ConnectionPasswordEncryptionProperty()Remarks
You can enable catalog encryption or only password encryption.
When a CreationConnection request arrives containing a password, the Data Catalog first encrypts the password using your AWS key. It then encrypts the whole connection object again if catalog encryption is also enabled.
This encryption requires that you set AWS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.Glue;
var connectionPasswordEncryptionProperty = new ConnectionPasswordEncryptionProperty {
KmsKeyId = "kmsKeyId",
ReturnConnectionPasswordEncrypted = false
};Properties
KmsKeyId
An AWS key that is used to encrypt the connection password.
public string? KmsKeyId { get; set; }Property Value
Remarks
If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS key, to encrypt passwords before storing them in the Data Catalog. You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.
ReturnConnectionPasswordEncrypted
When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections .
public object? ReturnConnectionPasswordEncrypted { get; set; }Property Value
Remarks
This encryption takes effect independently from catalog encryption.
Type union: either bool or IResolvable