@aws-cdk_aws-glue-alpha.SecurityConfiguration

class SecurityConfiguration (construct) ๐Ÿ”น

LanguageType name
.NETAmazon.CDK.AWS.Glue.Alpha.SecurityConfiguration
Gogithub.com/aws/aws-cdk-go/awscdkgluealpha/v2#SecurityConfiguration
Javasoftware.amazon.awscdk.services.glue.alpha.SecurityConfiguration
Pythonaws_cdk.aws_glue_alpha.SecurityConfiguration
TypeScript (source)@aws-cdk/aws-glue-alpha ยป SecurityConfiguration

Implements IConstruct, IDependable, IResource, ISecurityConfiguration

A security configuration is a set of security properties that can be used by AWS Glue to encrypt data at rest.

The following scenarios show some of the ways that you can use a security configuration.

  • Attach a security configuration to an AWS Glue crawler to write encrypted Amazon CloudWatch Logs.
  • Attach a security configuration to an extract, transform, and load (ETL) job to write encrypted Amazon Simple Storage Service (Amazon S3) targets and encrypted CloudWatch Logs.
  • Attach a security configuration to an ETL job to write its jobs bookmarks as encrypted Amazon S3 data.
  • Attach a security configuration to a development endpoint to write encrypted Amazon S3 targets.

Example

new glue.SecurityConfiguration(this, 'MySecurityConfiguration', {
  cloudWatchEncryption: {
    mode: glue.CloudWatchEncryptionMode.KMS,
  },
  jobBookmarksEncryption: {
    mode: glue.JobBookmarksEncryptionMode.CLIENT_SIDE_KMS,
  },
  s3Encryption: {
    mode: glue.S3EncryptionMode.KMS,
  },
});

Initializer

new SecurityConfiguration(scope: Construct, id: string, props?: SecurityConfigurationProps)

Parameters

  • scope Construct
  • id string
  • props SecurityConfigurationProps

Construct Props

NameTypeDescription
cloudWatchEncryption?๐Ÿ”นCloudWatchEncryptionThe encryption configuration for Amazon CloudWatch Logs.
jobBookmarksEncryption?๐Ÿ”นJobBookmarksEncryptionThe encryption configuration for Glue Job Bookmarks.
s3Encryption?๐Ÿ”นS3EncryptionThe encryption configuration for Amazon Simple Storage Service (Amazon S3) data.
securityConfigurationName?๐Ÿ”นstringThe name of the security configuration.

cloudWatchEncryption?๐Ÿ”น

Type: CloudWatchEncryption (optional, default: no cloudwatch logs encryption.)

The encryption configuration for Amazon CloudWatch Logs.


jobBookmarksEncryption?๐Ÿ”น

Type: JobBookmarksEncryption (optional, default: no job bookmarks encryption.)

The encryption configuration for Glue Job Bookmarks.


s3Encryption?๐Ÿ”น

Type: S3Encryption (optional, default: no s3 encryption.)

The encryption configuration for Amazon Simple Storage Service (Amazon S3) data.


securityConfigurationName?๐Ÿ”น

Type: string (optional, default: generated by CDK.)

The name of the security configuration.

Properties

NameTypeDescription
env๐Ÿ”นResourceEnvironmentThe environment this resource belongs to.
node๐Ÿ”นNodeThe tree node.
securityConfigurationName๐Ÿ”นstringThe name of the security configuration.
stack๐Ÿ”นStackThe stack in which this resource is defined.
cloudWatchEncryptionKey?๐Ÿ”นIKeyThe KMS key used in CloudWatch encryption if it requires a kms key.
jobBookmarksEncryptionKey?๐Ÿ”นIKeyThe KMS key used in job bookmarks encryption if it requires a kms key.
s3EncryptionKey?๐Ÿ”นIKeyThe KMS key used in S3 encryption if it requires a kms key.

env๐Ÿ”น

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node๐Ÿ”น

Type: Node

The tree node.


securityConfigurationName๐Ÿ”น

Type: string

The name of the security configuration.


stack๐Ÿ”น

Type: Stack

The stack in which this resource is defined.


cloudWatchEncryptionKey?๐Ÿ”น

Type: IKey (optional)

The KMS key used in CloudWatch encryption if it requires a kms key.


jobBookmarksEncryptionKey?๐Ÿ”น

Type: IKey (optional)

The KMS key used in job bookmarks encryption if it requires a kms key.


s3EncryptionKey?๐Ÿ”น

Type: IKey (optional)

The KMS key used in S3 encryption if it requires a kms key.

Methods

NameDescription
applyRemovalPolicy(policy)๐Ÿ”นApply the given removal policy to this resource.
toString()๐Ÿ”นReturns a string representation of this construct.
static fromSecurityConfigurationName(scope, id, securityConfigurationName)๐Ÿ”นCreates a Connection construct that represents an external security configuration.

applyRemovalPolicy(policy)๐Ÿ”น

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()๐Ÿ”น

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static fromSecurityConfigurationName(scope, id, securityConfigurationName)๐Ÿ”น

public static fromSecurityConfigurationName(scope: Construct, id: string, securityConfigurationName: string): ISecurityConfiguration

Parameters

  • scope Construct โ€” The scope creating construct (usually this).
  • id string โ€” The construct's id.
  • securityConfigurationName string โ€” name of external security configuration.

Returns

  • ISecurityConfiguration

Creates a Connection construct that represents an external security configuration.