Class: AWSCDK::Glue::CfnDataCatalogEncryptionSettings::ConnectionPasswordEncryptionProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
glue/cfn_data_catalog_encryption_settings.rb

Overview

The data structure used by the Data Catalog to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties.

You can enable catalog encryption or only password encryption.

When a CreationConnection request arrives containing a password, the Data Catalog first encrypts the password using your AWS key. It then encrypts the whole connection object again if catalog encryption is also enabled.

This encryption requires that you set AWS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(kms_key_id: nil, return_connection_password_encrypted: nil) ⇒ ConnectionPasswordEncryptionProperty

Returns a new instance of ConnectionPasswordEncryptionProperty.

Parameters:

  • kms_key_id (String, nil) (defaults to: nil)

    An AWS key that is used to encrypt the connection password.

  • return_connection_password_encrypted (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections .



521
522
523
524
525
526
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 521

def initialize(kms_key_id: nil, return_connection_password_encrypted: nil)
  @kms_key_id = kms_key_id
  Jsii::Type.check_type(@kms_key_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "kmsKeyId") unless @kms_key_id.nil?
  @return_connection_password_encrypted = return_connection_password_encrypted
  Jsii::Type.check_type(@return_connection_password_encrypted, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "returnConnectionPasswordEncrypted") unless @return_connection_password_encrypted.nil?
end

Instance Attribute Details

#kms_key_idString? (readonly)

An AWS key that is used to encrypt the connection password.

If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS key, to encrypt passwords before storing them in the Data Catalog. You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.



534
535
536
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 534

def kms_key_id
  @kms_key_id
end

#return_connection_password_encryptedBoolean, ... (readonly)

When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections .

This encryption takes effect independently from catalog encryption.



541
542
543
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 541

def return_connection_password_encrypted
  @return_connection_password_encrypted
end

Class Method Details

.jsii_propertiesObject



543
544
545
546
547
548
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 543

def self.jsii_properties
  {
    :kms_key_id => "kmsKeyId",
    :return_connection_password_encrypted => "returnConnectionPasswordEncrypted",
  }
end

Instance Method Details

#to_jsiiObject



550
551
552
553
554
555
556
557
# File 'glue/cfn_data_catalog_encryption_settings.rb', line 550

def to_jsii
  result = {}
  result.merge!({
    "kmsKeyId" => @kms_key_id,
    "returnConnectionPasswordEncrypted" => @return_connection_password_encrypted,
  })
  result.compact
end