- class aws_cdk.aws_glue.SecurityConfiguration(scope, id, *, security_configuration_name, cloud_watch_encryption=None, job_bookmarks_encryption=None, s3_encryption=None)
(experimental) A security configuration is a set of security properties that can be used by AWS Glue to encrypt data at rest.
The following scenarios show some of the ways that you can use a security configuration.
Attach a security configuration to an AWS Glue crawler to write encrypted Amazon CloudWatch Logs.
Attach a security configuration to an extract, transform, and load (ETL) job to write encrypted Amazon Simple Storage Service (Amazon S3) targets and encrypted CloudWatch Logs.
Attach a security configuration to an ETL job to write its jobs bookmarks as encrypted Amazon S3 data.
Attach a security configuration to a development endpoint to write encrypted Amazon S3 targets.
glue.SecurityConfiguration(self, "MySecurityConfiguration", security_configuration_name="name", cloud_watch_encryption=glue.CloudWatchEncryption( mode=glue.CloudWatchEncryptionMode.KMS ), job_bookmarks_encryption=glue.JobBookmarksEncryption( mode=glue.JobBookmarksEncryptionMode.CLIENT_SIDE_KMS ), s3_encryption=glue.S3Encryption( mode=glue.S3EncryptionMode.KMS ) )
str) – (experimental) The name of the security configuration.
None]) – (experimental) The encryption configuration for Amazon CloudWatch Logs. Default: no cloudwatch logs encryption.
None]) – (experimental) The encryption configuration for Glue Job Bookmarks. Default: no job bookmarks encryption.
None]) – (experimental) The encryption configuration for Amazon Simple Storage Service (Amazon S3) data. Default: no s3 encryption.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (
- Return type
Returns a string representation of this construct.
- Return type
(experimental) The KMS key used in CloudWatch encryption if it requires a kms key.
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
(experimental) The KMS key used in job bookmarks encryption if it requires a kms key.
The construct tree node associated with this construct.
(experimental) The KMS key used in S3 encryption if it requires a kms key.
(experimental) The name of the security configuration.
The stack in which this resource is defined.
- classmethod from_security_configuration_name(scope, id, security_configuration_name)
(experimental) Creates a Connection construct that represents an external security configuration.
- classmethod is_construct(x)
Return whether the given object is a Construct.
- Return type