AWS Glue
Developer Guide

Security APIs in AWS Glue

Data Types

DataCatalogEncryptionSettings Structure

Contains configuration information for maintaining Data Catalog security.

Fields

  • EncryptionAtRest – An EncryptionAtRest object.

    Specifies encryption-at-rest configuration for the Data Catalog.

EncryptionAtRest Structure

Specifies encryption-at-rest configuration for the Data Catalog.

Fields

  • CatalogEncryptionModeRequired: UTF-8 string (valid values: DISABLED | SSE-KMS="SSEKMS").

    The encryption-at-rest mode for encrypting Data Catalog data.

  • SseAwsKmsKeyId – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The ID of the AWS KMS key to use for encryption at rest.

EncryptionConfiguration Structure

Specifies an encryption configuration.

Fields

  • S3Encryption – An array of S3Encryption objects.

    The encryption configuration for S3 data.

  • CloudWatchEncryption – A CloudWatchEncryption object.

    The encryption configuration for CloudWatch.

  • JobBookmarksEncryption – A JobBookmarksEncryption object.

    The encryption configuration for Job Bookmarks.

S3Encryption Structure

Specifies how S3 data should be encrypted.

Fields

  • S3EncryptionMode – UTF-8 string (valid values: DISABLED | SSE-KMS="SSEKMS" | SSE-S3="SSES3").

    The encryption mode to use for S3 data.

  • KmsKeyArn – UTF-8 string, matching the Custom string pattern #10.

    The AWS ARN of the KMS key to be used to encrypt the data.

CloudWatchEncryption Structure

Specifies how CloudWatch data should be encrypted.

Fields

  • CloudWatchEncryptionMode – UTF-8 string (valid values: DISABLED | SSE-KMS="SSEKMS").

    The encryption mode to use for CloudWatch data.

  • KmsKeyArn – UTF-8 string, matching the Custom string pattern #10.

    The AWS ARN of the KMS key to be used to encrypt the data.

JobBookmarksEncryption Structure

Specifies how Job bookmark data should be encrypted.

Fields

  • JobBookmarksEncryptionMode – UTF-8 string (valid values: DISABLED | CSE-KMS="CSEKMS").

    The encryption mode to use for Job bookmarks data.

  • KmsKeyArn – UTF-8 string, matching the Custom string pattern #10.

    The AWS ARN of the KMS key to be used to encrypt the data.

SecurityConfiguration Structure

Specifies a security configuration.

Fields

  • Name – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name of the security configuration.

  • CreatedTimeStamp – Timestamp.

    The time at which this security configuration was created.

  • EncryptionConfiguration – An EncryptionConfiguration object.

    The encryption configuration associated with this security configuration.

Operations

GetDataCatalogEncryptionSettings Action (Python: get_data_catalog_encryption_settings)

Retrieves the security configuration for a specified catalog.

Request

  • CatalogId – Catalog id string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The ID of the Data Catalog for which to retrieve the security configuration. If none is supplied, the AWS account ID is used by default.

Response

Errors

  • InternalServiceException

  • InvalidInputException

  • OperationTimeoutException

PutDataCatalogEncryptionSettings Action (Python: put_data_catalog_encryption_settings)

Sets the security configuration for a specified catalog. Once the configuration has been set, the specified encryption is applied to every catalog write thereafter.

Request

  • CatalogId – Catalog id string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The ID of the Data Catalog for which to set the security configuration. If none is supplied, the AWS account ID is used by default.

  • DataCatalogEncryptionSettingsRequired: A DataCatalogEncryptionSettings object.

    The security configuration to set.

Response

  • No Response parameters.

Errors

  • InternalServiceException

  • InvalidInputException

  • OperationTimeoutException

CreateSecurityConfiguration Action (Python: create_security_configuration)

Creates a new security configuration.

Request

  • NameRequired: UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name for the new security configuration.

  • EncryptionConfigurationRequired: An EncryptionConfiguration object.

    The encryption configuration for the new security configuration.

Response

  • Name – UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name assigned to the new security configuration.

  • CreatedTimestamp – Timestamp.

    The time at which the new security configuration was created.

Errors

  • AlreadyExistsException

  • InvalidInputException

  • InternalServiceException

  • OperationTimeoutException

  • ResourceNumberLimitExceededException

DeleteSecurityConfiguration Action (Python: delete_security_configuration)

Deletes a specified security configuration.

Request

  • NameRequired: UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name of the security configuration to delete.

Response

  • No Response parameters.

Errors

  • EntityNotFoundException

  • InvalidInputException

  • InternalServiceException

  • OperationTimeoutException

GetSecurityConfiguration Action (Python: get_security_configuration)

Retrieves a specified security configuration.

Request

  • NameRequired: UTF-8 string, not less than 1 or more than 255 bytes long, matching the Single-line string pattern.

    The name of the security configuration to retrieve.

Response

Errors

  • EntityNotFoundException

  • InvalidInputException

  • InternalServiceException

  • OperationTimeoutException

GetSecurityConfigurations Action (Python: get_security_configurations)

Retrieves a list of all security configurations.

Request

  • MaxResults – Number (integer), not less than 1 or more than 1000.

    The maximum number of results to return.

  • NextToken – UTF-8 string.

    A continuation token, if this is a continuation call.

Response

  • SecurityConfigurations – An array of SecurityConfiguration objects.

    A list of security configurations.

  • NextToken – UTF-8 string.

    A continuation token, if there are more security configurations to return.

Errors

  • EntityNotFoundException

  • InvalidInputException

  • InternalServiceException

  • OperationTimeoutException