Class: AWSCDK::Glue::CfnDataCatalogEncryptionSettings::ConnectionPasswordEncryptionProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::Glue::CfnDataCatalogEncryptionSettings::ConnectionPasswordEncryptionProperty
- Defined in:
- glue/cfn_data_catalog_encryption_settings.rb
Overview
The data structure used by the Data Catalog to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties.
You can enable catalog encryption or only password encryption.
When a CreationConnection request arrives containing a password, the Data Catalog first encrypts the password using your AWS key. It then encrypts the whole connection object again if catalog encryption is also enabled.
This encryption requires that you set AWS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.
Instance Attribute Summary collapse
-
#kms_key_id ⇒ String?
readonly
An AWS key that is used to encrypt the connection password.
-
#return_connection_password_encrypted ⇒ Boolean, ...
readonly
When the
ReturnConnectionPasswordEncryptedflag is set to "true", passwords remain encrypted in the responses ofGetConnectionandGetConnections.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(kms_key_id: nil, return_connection_password_encrypted: nil) ⇒ ConnectionPasswordEncryptionProperty
constructor
A new instance of ConnectionPasswordEncryptionProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(kms_key_id: nil, return_connection_password_encrypted: nil) ⇒ ConnectionPasswordEncryptionProperty
Returns a new instance of ConnectionPasswordEncryptionProperty.
521 522 523 524 525 526 |
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 521 def initialize(kms_key_id: nil, return_connection_password_encrypted: nil) @kms_key_id = kms_key_id Jsii::Type.check_type(@kms_key_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "kmsKeyId") unless @kms_key_id.nil? @return_connection_password_encrypted = return_connection_password_encrypted Jsii::Type.check_type(@return_connection_password_encrypted, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "returnConnectionPasswordEncrypted") unless @return_connection_password_encrypted.nil? end |
Instance Attribute Details
#kms_key_id ⇒ String? (readonly)
An AWS key that is used to encrypt the connection password.
If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS key, to encrypt passwords before storing them in the Data Catalog. You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.
534 535 536 |
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 534 def kms_key_id @kms_key_id end |
#return_connection_password_encrypted ⇒ Boolean, ... (readonly)
When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections .
This encryption takes effect independently from catalog encryption.
541 542 543 |
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 541 def return_connection_password_encrypted @return_connection_password_encrypted end |
Class Method Details
.jsii_properties ⇒ Object
543 544 545 546 547 548 |
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 543 def self.jsii_properties { :kms_key_id => "kmsKeyId", :return_connection_password_encrypted => "returnConnectionPasswordEncrypted", } end |
Instance Method Details
#to_jsii ⇒ Object
550 551 552 553 554 555 556 557 |
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 550 def to_jsii result = {} result.merge!({ "kmsKeyId" => @kms_key_id, "returnConnectionPasswordEncrypted" => @return_connection_password_encrypted, }) result.compact end |