Interface CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty.Jsii$Proxy
- Enclosing class:
CfnDataCatalogEncryptionSettings
CreateConnection
or UpdateConnection
and store it in the ENCRYPTED_PASSWORD
field in the connection properties.
You can enable catalog encryption or only password encryption.
When a CreationConnection
request arrives containing a password, the Data Catalog first encrypts the password using your AWS KMS key. It then encrypts the whole connection object again if catalog encryption is also enabled.
This encryption requires that you set AWS KMS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.glue.*; ConnectionPasswordEncryptionProperty connectionPasswordEncryptionProperty = ConnectionPasswordEncryptionProperty.builder() .kmsKeyId("kmsKeyId") .returnConnectionPasswordEncrypted(false) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
static final class
An implementation forCfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty
-
Method Summary
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getKmsKeyId
An AWS KMS key that is used to encrypt the connection password.If connection password protection is enabled, the caller of
CreateConnection
andUpdateConnection
needs at leastkms:Encrypt
permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog. You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.- See Also:
-
getReturnConnectionPasswordEncrypted
When theReturnConnectionPasswordEncrypted
flag is set to "true", passwords remain encrypted in the responses ofGetConnection
andGetConnections
.This encryption takes effect independently from catalog encryption.
- See Also:
-
builder
@Stability(Stable) static CfnDataCatalogEncryptionSettings.ConnectionPasswordEncryptionProperty.Builder builder()
-