Package software.amazon.awscdk.services.glue

Interface CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty.Jsii$Proxy

Enclosing class:

CfnDataCatalogEncryptionSettings

@Stability(Stable)
public static interface CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty
extends software.amazon.jsii.JsiiSerializable

The data structure used by the Data Catalog to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties.

You can enable catalog encryption or only password encryption.

When a CreationConnection request arrives containing a password, the Data Catalog first encrypts the password using your AWS KMS key. It then encrypts the whole connection object again if catalog encryption is also enabled.

This encryption requires that you set AWS KMS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.glue.*;
 ConnectionPasswordEncryptionProperty connectionPasswordEncryptionProperty = ConnectionPasswordEncryptionProperty.builder()
         .kmsKeyId("kmsKeyId")
         .returnConnectionPasswordEncrypted(false)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty.Builder	A builder for CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty
static final class	CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty.Jsii$Proxy	An implementation for CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty

Method Summary

Modifier and Type	Method	Description
static CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty.Builder	builder()
default String	getKmsKeyId()	An AWS KMS key that is used to encrypt the connection password.
default Object	getReturnConnectionPasswordEncrypted()	When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections .

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getKmsKeyId

@Stability(Stable)
@Nullable
default String getKmsKeyId()

An AWS KMS key that is used to encrypt the connection password.

If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog. You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.

getReturnConnectionPasswordEncrypted

@Stability(Stable)
@Nullable
default Object getReturnConnectionPasswordEncrypted()

When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections .

This encryption takes effect independently from catalog encryption.

builder

@Stability(Stable)
static CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty.Builder builder()

Returns:

a CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty.Builder of CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty