CfnLocationObjectStorageProps
- class aws_cdk.aws_datasync.CfnLocationObjectStorageProps(*, access_key=None, agent_arns=None, bucket_name=None, cmk_secret_config=None, custom_secret_config=None, secret_key=None, server_certificate=None, server_hostname=None, server_port=None, server_protocol=None, subdirectory=None, tags=None)
Bases:
objectProperties for defining a
CfnLocationObjectStorage.- Parameters:
access_key (
Optional[str]) – Specifies the access key (for example, a user name) if credentials are required to authenticate with the object storage server.agent_arns (
Optional[Sequence[str]]) – (Optional) Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter. .. epigraph:: Make sure you configure this parameter correctly when you first create your storage location. You cannot add or remove agents from a storage location after you create it.bucket_name (
Optional[str]) – Specifies the name of the object storage bucket involved in the transfer.cmk_secret_config (
Union[IResolvable,CmkSecretConfigProperty,Dict[str,Any],None]) – Specifies configuration information for a DataSync-managed secret, which includes theSecretKeythat DataSync uses to access a specific object storage location, with a customer-managed AWS KMS key . When you include this paramater as part of aCreateLocationObjectStoragerequest, you provide only the KMS key ARN. DataSync uses this KMS key together with the value you specify for theSecretKeyparameter to create a DataSync-managed secret to store the location access credentials. Make sure the DataSync has permission to access the KMS key that you specify. .. epigraph:: You can use eitherCmkSecretConfig(withSecretKey) orCustomSecretConfig(withoutSecretKey) to provide credentials for aCreateLocationObjectStoragerequest. Do not provide both parameters for the same request.custom_secret_config (
Union[IResolvable,CustomSecretConfigProperty,Dict[str,Any],None]) – Specifies configuration information for a customer-managed Secrets Manager secret where the secret key for a specific object storage location is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret. .. epigraph:: You can use eitherCmkSecretConfig(withSecretKey) orCustomSecretConfig(withoutSecretKey) to provide credentials for aCreateLocationObjectStoragerequest. Do not provide both parameters for the same request.secret_key (
Optional[str]) – Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server. .. epigraph:: If you provide a secret usingSecretKey, but do not provide secret configuration details usingCmkSecretConfigorCustomSecretConfig, then DataSync stores the token using your AWS account’s Secrets Manager secret.server_certificate (
Optional[str]) – Specifies a certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA). You must specify a single.pemfile with a full certificate chain (for example,file:///home/user/.ssh/object_storage_certificates.pem). The certificate chain might include: - The object storage system’s certificate - All intermediate certificates (if there are any) - The root certificate of the signing CA You can concatenate your certificates into a.pemfile (which can be up to 32768 bytes before base64 encoding). The following examplecatcommand creates anobject_storage_certificates.pemfile that includes three certificates:cat object_server_certificate.pem intermediate_certificate.pem ca_root_certificate.pem > object_storage_certificates.pemTo use this parameter, configureServerProtocoltoHTTPS.server_hostname (
Optional[str]) – Specifies the domain name or IP version 4 (IPv4) address of the object storage server that your DataSync agent connects to.server_port (
Union[int,float,None]) – Specifies the port that your object storage server accepts inbound network traffic on (for example, port 443).server_protocol (
Optional[str]) – Specifies the protocol that your object storage server uses to communicate. If not specified, the default value isHTTPS.subdirectory (
Optional[str]) – Specifies the object prefix for your object storage server. If this is a source location, DataSync only copies objects with this prefix. If this is a destination location, DataSync writes all objects with this prefix.tags (
Optional[Sequence[Union[CfnTag,Dict[str,Any]]]]) – Specifies the key-value pair that represents a tag that you want to add to the resource. Tags can help you manage, filter, and search for your resources. We recommend creating a name tag for your location.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_datasync as datasync cfn_location_object_storage_props = datasync.CfnLocationObjectStorageProps( access_key="accessKey", agent_arns=["agentArns"], bucket_name="bucketName", cmk_secret_config=datasync.CfnLocationObjectStorage.CmkSecretConfigProperty( kms_key_arn="kmsKeyArn", secret_arn="secretArn" ), custom_secret_config=datasync.CfnLocationObjectStorage.CustomSecretConfigProperty( secret_access_role_arn="secretAccessRoleArn", secret_arn="secretArn" ), secret_key="secretKey", server_certificate="serverCertificate", server_hostname="serverHostname", server_port=123, server_protocol="serverProtocol", subdirectory="subdirectory", tags=[CfnTag( key="key", value="value" )] )
Attributes
- access_key
Specifies the access key (for example, a user name) if credentials are required to authenticate with the object storage server.
- agent_arns
(Optional) Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system.
If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter. .. epigraph:
Make sure you configure this parameter correctly when you first create your storage location. You cannot add or remove agents from a storage location after you create it.
- bucket_name
Specifies the name of the object storage bucket involved in the transfer.
- cmk_secret_config
Specifies configuration information for a DataSync-managed secret, which includes the
SecretKeythat DataSync uses to access a specific object storage location, with a customer-managed AWS KMS key .When you include this paramater as part of a
CreateLocationObjectStoragerequest, you provide only the KMS key ARN. DataSync uses this KMS key together with the value you specify for theSecretKeyparameter to create a DataSync-managed secret to store the location access credentials.Make sure the DataSync has permission to access the KMS key that you specify. .. epigraph:
You can use either ``CmkSecretConfig`` (with ``SecretKey`` ) or ``CustomSecretConfig`` (without ``SecretKey`` ) to provide credentials for a ``CreateLocationObjectStorage`` request. Do not provide both parameters for the same request.
- custom_secret_config
Specifies configuration information for a customer-managed Secrets Manager secret where the secret key for a specific object storage location is stored in plain text.
This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret. .. epigraph:
You can use either ``CmkSecretConfig`` (with ``SecretKey`` ) or ``CustomSecretConfig`` (without ``SecretKey`` ) to provide credentials for a ``CreateLocationObjectStorage`` request. Do not provide both parameters for the same request.
- secret_key
Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.
If you provide a secret using
SecretKey, but do not provide secret configuration details usingCmkSecretConfigorCustomSecretConfig, then DataSync stores the token using your AWS account’s Secrets Manager secret.
- server_certificate
Specifies a certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA).
You must specify a single
.pemfile with a full certificate chain (for example,file:///home/user/.ssh/object_storage_certificates.pem).The certificate chain might include:
The object storage system’s certificate
All intermediate certificates (if there are any)
The root certificate of the signing CA
You can concatenate your certificates into a
.pemfile (which can be up to 32768 bytes before base64 encoding). The following examplecatcommand creates anobject_storage_certificates.pemfile that includes three certificates:cat object_server_certificate.pem intermediate_certificate.pem ca_root_certificate.pem > object_storage_certificates.pemTo use this parameter, configure
ServerProtocoltoHTTPS.
- server_hostname
Specifies the domain name or IP version 4 (IPv4) address of the object storage server that your DataSync agent connects to.
- server_port
Specifies the port that your object storage server accepts inbound network traffic on (for example, port 443).
- server_protocol
Specifies the protocol that your object storage server uses to communicate.
If not specified, the default value is
HTTPS.
- subdirectory
Specifies the object prefix for your object storage server.
If this is a source location, DataSync only copies objects with this prefix. If this is a destination location, DataSync writes all objects with this prefix.
- tags
Specifies the key-value pair that represents a tag that you want to add to the resource.
Tags can help you manage, filter, and search for your resources. We recommend creating a name tag for your location.