AWS Glue
Developer Guide

Security APIs in AWS Glue

Data Types

DataCatalogEncryptionSettings Structure

Contains configuration information for maintaining Data Catalog security.

Fields

  • EncryptionAtRest – An EncryptionAtRest object.

    Specifies encryption-at-rest configuration for the Data Catalog.

EncryptionAtRest Structure

Specifies encryption-at-rest configuration for the Data Catalog.

Fields

  • CatalogEncryptionModeRequired: UTF-8 string (valid values: DISABLED | SSE-KMS="SSEKMS").

    The encryption-at-rest mode for encrypting Data Catalog data.

  • SseAwsKmsKeyId – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The ID of the AWS KMS key to use for encryption at rest.

EncryptionConfiguration Structure

Specifies an encryption configuration.

Fields

  • S3Encryption – An array of S3Encryption objects.

    The encryption configuration for S3 data.

  • CloudWatchEncryption – A CloudWatchEncryption object.

    The encryption configuration for CloudWatch.

  • JobBookmarksEncryption – A JobBookmarksEncryption object.

    The encryption configuration for Job Bookmarks.

S3Encryption Structure

Specifies how S3 data should be encrypted.

Fields

  • S3EncryptionMode – UTF-8 string (valid values: DISABLED | SSE-KMS="SSEKMS" | SSE-S3="SSES3").

    The encryption mode to use for S3 data.

  • KmsKeyArn – UTF-8 string, matching the AWS KMS ARN string pattern.

    The AWS ARN of the KMS key to be used to encrypt the data.

CloudWatchEncryption Structure

Specifies how CloudWatch data should be encrypted.

Fields

  • CloudWatchEncryptionMode – UTF-8 string (valid values: DISABLED | SSE-KMS="SSEKMS").

    The encryption mode to use for CloudWatch data.

  • KmsKeyArn – UTF-8 string, matching the AWS KMS ARN string pattern.

    The AWS ARN of the KMS key to be used to encrypt the data.

JobBookmarksEncryption Structure

Specifies how Job bookmark data should be encrypted.

Fields

  • JobBookmarksEncryptionMode – UTF-8 string (valid values: DISABLED | CSE-KMS="CSEKMS").

    The encryption mode to use for Job bookmarks data.

  • KmsKeyArn – UTF-8 string, matching the AWS KMS ARN string pattern.

    The AWS ARN of the KMS key to be used to encrypt the data.

SecurityConfiguration Structure

Specifies a security configuration.

Fields

  • Name – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name of the security configuration.

  • CreatedTimeStamp – Timestamp.

    The time at which this security configuration was created.

  • EncryptionConfiguration – An EncryptionConfiguration object.

    The encryption configuration associated with this security configuration.

Operations

GetDataCatalogEncryptionSettings Action (Python: get_data_catalog_encryption_settings)

Retrieves the security configuration for a specified catalog.

Request

  • CatalogId – Catalog id string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The ID of the Data Catalog for which to retrieve the security configuration. If none is supplied, the AWS account ID is used by default.

Response

Errors

  • InternalServiceException

  • InvalidInputException

  • OperationTimeoutException

PutDataCatalogEncryptionSettings Action (Python: put_data_catalog_encryption_settings)

Sets the security configuration for a specified catalog. Once the configuration has been set, the specified encryption is applied to every catalog write thereafter.

Request

  • CatalogId – Catalog id string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The ID of the Data Catalog for which to set the security configuration. If none is supplied, the AWS account ID is used by default.

  • DataCatalogEncryptionSettingsRequired: A DataCatalogEncryptionSettings object.

    The security configuration to set.

Response

  • No Response parameters.

Errors

  • InternalServiceException

  • InvalidInputException

  • OperationTimeoutException

PutResourcePolicy Action (Python: put_resource_policy)

Sets the Data Catalog resource policy for access control.

Request

  • PolicyInJsonRequired: UTF-8 string, not less than 2 or more than 10240 bytes long.

    Contains the policy document to set, in JSON format.

  • PolicyHashCondition – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    This is the hash value returned when the previous policy was set using PutResourcePolicy. Its purpose is to prevent concurrent modifications of a policy. Do not use this parameter if no previous policy has been set.

  • PolicyExistsCondition – UTF-8 string (valid values: MUST_EXIST | NOT_EXIST | NONE).

    A value of MUST_EXIST is used to update a policy. A value of NOT_EXIST is used to create a new policy. If a value of NONE or a null value is used, the call will not depend on the existence of a policy.

Response

  • PolicyHash – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    A hash of the policy that has just been set. This must be included in a subsequent call that overwrites or updates this policy.

Errors

  • EntityNotFoundException

  • InternalServiceException

  • OperationTimeoutException

  • InvalidInputException

  • ConditionCheckFailureException

GetResourcePolicy Action (Python: get_resource_policy)

Retrieves a specified resource policy.

Request

  • No Request parameters.

Response

  • PolicyInJson – UTF-8 string, not less than 2 or more than 10240 bytes long.

    Contains the requested policy document, in JSON format.

  • PolicyHash – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    Contains the hash value associated with this policy.

  • CreateTime – Timestamp.

    The date and time at which the policy was created.

  • UpdateTime – Timestamp.

    The date and time at which the policy was last updated.

Errors

  • EntityNotFoundException

  • InternalServiceException

  • OperationTimeoutException

  • InvalidInputException

DeleteResourcePolicy Action (Python: delete_resource_policy)

Deletes a specified policy.

Request

  • PolicyHashCondition – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The hash value returned when this policy was set.

Response

  • No Response parameters.

Errors

  • EntityNotFoundException

  • InternalServiceException

  • OperationTimeoutException

  • InvalidInputException

  • ConditionCheckFailureException

CreateSecurityConfiguration Action (Python: create_security_configuration)

Creates a new security configuration.

Request

  • NameRequired: UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name for the new security configuration.

  • EncryptionConfigurationRequired: An EncryptionConfiguration object.

    The encryption configuration for the new security configuration.

Response

  • Name – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name assigned to the new security configuration.

  • CreatedTimestamp – Timestamp.

    The time at which the new security configuration was created.

Errors

  • AlreadyExistsException

  • InvalidInputException

  • InternalServiceException

  • OperationTimeoutException

  • ResourceNumberLimitExceededException

DeleteSecurityConfiguration Action (Python: delete_security_configuration)

Deletes a specified security configuration.

Request

  • NameRequired: UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name of the security configuration to delete.

Response

  • No Response parameters.

Errors

  • EntityNotFoundException

  • InvalidInputException

  • InternalServiceException

  • OperationTimeoutException

GetSecurityConfiguration Action (Python: get_security_configuration)

Retrieves a specified security configuration.

Request

  • NameRequired: UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name of the security configuration to retrieve.

Response

Errors

  • EntityNotFoundException

  • InvalidInputException

  • InternalServiceException

  • OperationTimeoutException

GetSecurityConfigurations Action (Python: get_security_configurations)

Retrieves a list of all security configurations.

Request

  • MaxResults – Number (integer), not less than 1 or more than 1000.

    The maximum number of results to return.

  • NextToken – UTF-8 string.

    A continuation token, if this is a continuation call.

Response

  • SecurityConfigurations – An array of SecurityConfiguration objects.

    A list of security configurations.

  • NextToken – UTF-8 string.

    A continuation token, if there are more security configurations to return.

Errors

  • EntityNotFoundException

  • InvalidInputException

  • InternalServiceException

  • OperationTimeoutException