You are viewing documentation for version 3 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: Aws::Glue::Types::ConnectionPasswordEncryption

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-glue/lib/aws-sdk-glue/types.rb

Overview

Note:

When making an API call, you may pass ConnectionPasswordEncryption data as a hash:

{
  return_connection_password_encrypted: false, # required
  aws_kms_key_id: "NameString",
}

The data structure used by the Data Catalog to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption.

When a CreationConnection request arrives containing a password, the Data Catalog first encrypts the password using your AWS KMS key. It then encrypts the whole connection object again if catalog encryption is also enabled.

This encryption requires that you set AWS KMS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.

Instance Attribute Summary collapse

Instance Attribute Details

#aws_kms_key_idString

An AWS KMS key that is used to encrypt the connection password.

If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog.

You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.

Returns:

  • (String)


1412
1413
1414
1415
1416
# File 'gems/aws-sdk-glue/lib/aws-sdk-glue/types.rb', line 1412

class ConnectionPasswordEncryption < Struct.new(
  :return_connection_password_encrypted,
  :aws_kms_key_id)
  include Aws::Structure
end

#return_connection_password_encryptedBoolean

When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently from catalog encryption.

Returns:

  • (Boolean)


1412
1413
1414
1415
1416
# File 'gems/aws-sdk-glue/lib/aws-sdk-glue/types.rb', line 1412

class ConnectionPasswordEncryption < Struct.new(
  :return_connection_password_encrypted,
  :aws_kms_key_id)
  include Aws::Structure
end