CfnDataCatalogEncryptionSettingsPropsMixin

class aws_cdk.mixins_preview.aws_glue.mixins.CfnDataCatalogEncryptionSettingsPropsMixin(props, *, strategy=None)

Bases: Mixin

Sets the security configuration for a specified catalog.

After the configuration has been set, the specified encryption is applied to every catalog write thereafter.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-datacatalogencryptionsettings.html

CloudformationResource:

AWS::Glue::DataCatalogEncryptionSettings

Mixin:

true

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_glue import mixins as glue_mixins

cfn_data_catalog_encryption_settings_props_mixin = glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin(glue_mixins.CfnDataCatalogEncryptionSettingsMixinProps(
    catalog_id="catalogId",
    data_catalog_encryption_settings=glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin.DataCatalogEncryptionSettingsProperty(
        connection_password_encryption=glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin.ConnectionPasswordEncryptionProperty(
            kms_key_id="kmsKeyId",
            return_connection_password_encrypted=False
        ),
        encryption_at_rest=glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin.EncryptionAtRestProperty(
            catalog_encryption_mode="catalogEncryptionMode",
            catalog_encryption_service_role="catalogEncryptionServiceRole",
            sse_aws_kms_key_id="sseAwsKmsKeyId"
        )
    )
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::Glue::DataCatalogEncryptionSettings.

Parameters:

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:

construct (IConstruct)

Return type:

IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:

construct (IConstruct)

Return type:

bool

Attributes

CFN_PROPERTY_KEYS = ['catalogId', 'dataCatalogEncryptionSettings']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Mixin.

Stability:

experimental

ConnectionPasswordEncryptionProperty

class CfnDataCatalogEncryptionSettingsPropsMixin.ConnectionPasswordEncryptionProperty(*, kms_key_id=None, return_connection_password_encrypted=None)

Bases: object

The data structure used by the Data Catalog to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties.

You can enable catalog encryption or only password encryption.

When a CreationConnection request arrives containing a password, the Data Catalog first encrypts the password using your AWS key. It then encrypts the whole connection object again if catalog encryption is also enabled.

This encryption requires that you set AWS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.

Parameters:

  • kms_key_id (Optional[str]) – An AWS key that is used to encrypt the connection password. If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS key, to encrypt passwords before storing them in the Data Catalog. You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.

  • return_connection_password_encrypted (Union[bool, IResolvable, None]) – When the ReturnConnectionPasswordEncrypted flag is set to “true”, passwords remain encrypted in the responses of GetConnection and GetConnections . This encryption takes effect independently from catalog encryption.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_glue import mixins as glue_mixins

connection_password_encryption_property = glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin.ConnectionPasswordEncryptionProperty(
    kms_key_id="kmsKeyId",
    return_connection_password_encrypted=False
)

Attributes

kms_key_id

An AWS key that is used to encrypt the connection password.

If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS key, to encrypt passwords before storing them in the Data Catalog. You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html#cfn-glue-datacatalogencryptionsettings-connectionpasswordencryption-kmskeyid

return_connection_password_encrypted

When the ReturnConnectionPasswordEncrypted flag is set to “true”, passwords remain encrypted in the responses of GetConnection and GetConnections .

This encryption takes effect independently from catalog encryption.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-connectionpasswordencryption.html#cfn-glue-datacatalogencryptionsettings-connectionpasswordencryption-returnconnectionpasswordencrypted

DataCatalogEncryptionSettingsProperty

class CfnDataCatalogEncryptionSettingsPropsMixin.DataCatalogEncryptionSettingsProperty(*, connection_password_encryption=None, encryption_at_rest=None)

Bases: object

Contains configuration information for maintaining Data Catalog security.

Parameters:

  • connection_password_encryption (Union[IResolvable, ConnectionPasswordEncryptionProperty, Dict[str, Any], None]) – When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption.

  • encryption_at_rest (Union[IResolvable, EncryptionAtRestProperty, Dict[str, Any], None]) – Specifies the encryption-at-rest configuration for the Data Catalog.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-datacatalogencryptionsettings.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_glue import mixins as glue_mixins

data_catalog_encryption_settings_property = glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin.DataCatalogEncryptionSettingsProperty(
    connection_password_encryption=glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin.ConnectionPasswordEncryptionProperty(
        kms_key_id="kmsKeyId",
        return_connection_password_encrypted=False
    ),
    encryption_at_rest=glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin.EncryptionAtRestProperty(
        catalog_encryption_mode="catalogEncryptionMode",
        catalog_encryption_service_role="catalogEncryptionServiceRole",
        sse_aws_kms_key_id="sseAwsKmsKeyId"
    )
)

Attributes

connection_password_encryption

When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties.

You can enable catalog encryption or only password encryption.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-datacatalogencryptionsettings.html#cfn-glue-datacatalogencryptionsettings-datacatalogencryptionsettings-connectionpasswordencryption

encryption_at_rest

Specifies the encryption-at-rest configuration for the Data Catalog.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-datacatalogencryptionsettings.html#cfn-glue-datacatalogencryptionsettings-datacatalogencryptionsettings-encryptionatrest

EncryptionAtRestProperty

class CfnDataCatalogEncryptionSettingsPropsMixin.EncryptionAtRestProperty(*, catalog_encryption_mode=None, catalog_encryption_service_role=None, sse_aws_kms_key_id=None)

Bases: object

Specifies the encryption-at-rest configuration for the Data Catalog.

Parameters:

  • catalog_encryption_mode (Optional[str]) – The encryption-at-rest mode for encrypting Data Catalog data.

  • catalog_encryption_service_role (Optional[str]) – The role that AWS Glue assumes to encrypt and decrypt the Data Catalog objects on the caller’s behalf.

  • sse_aws_kms_key_id (Optional[str]) – The ID of the AWS key to use for encryption at rest.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-encryptionatrest.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_glue import mixins as glue_mixins

encryption_at_rest_property = glue_mixins.CfnDataCatalogEncryptionSettingsPropsMixin.EncryptionAtRestProperty(
    catalog_encryption_mode="catalogEncryptionMode",
    catalog_encryption_service_role="catalogEncryptionServiceRole",
    sse_aws_kms_key_id="sseAwsKmsKeyId"
)

Attributes

catalog_encryption_mode

The encryption-at-rest mode for encrypting Data Catalog data.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-encryptionatrest.html#cfn-glue-datacatalogencryptionsettings-encryptionatrest-catalogencryptionmode

catalog_encryption_service_role

The role that AWS Glue assumes to encrypt and decrypt the Data Catalog objects on the caller’s behalf.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-encryptionatrest.html#cfn-glue-datacatalogencryptionsettings-encryptionatrest-catalogencryptionservicerole

sse_aws_kms_key_id

The ID of the AWS key to use for encryption at rest.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-datacatalogencryptionsettings-encryptionatrest.html#cfn-glue-datacatalogencryptionsettings-encryptionatrest-sseawskmskeyid