| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.Glue.Types.ConnectionPasswordEncryption
Description
Synopsis
- data ConnectionPasswordEncryption = ConnectionPasswordEncryption' {}
- newConnectionPasswordEncryption :: Bool -> ConnectionPasswordEncryption
- connectionPasswordEncryption_awsKmsKeyId :: Lens' ConnectionPasswordEncryption (Maybe Text)
- connectionPasswordEncryption_returnConnectionPasswordEncrypted :: Lens' ConnectionPasswordEncryption Bool
Documentation
data ConnectionPasswordEncryption Source #
The data structure used by the Data Catalog to encrypt the password as
part of CreateConnection or UpdateConnection and store it in the
ENCRYPTED_PASSWORD field in the connection properties. You can enable
catalog encryption or only password encryption.
When a CreationConnection request arrives containing a password, the
Data Catalog first encrypts the password using your KMS key. It then
encrypts the whole connection object again if catalog encryption is also
enabled.
This encryption requires that you set KMS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.
See: newConnectionPasswordEncryption smart constructor.
Constructors
| ConnectionPasswordEncryption' | |
Fields
| |
Instances
newConnectionPasswordEncryption Source #
Arguments
| :: Bool |
|
| -> ConnectionPasswordEncryption |
Create a value of ConnectionPasswordEncryption with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:awsKmsKeyId:ConnectionPasswordEncryption', connectionPasswordEncryption_awsKmsKeyId - An KMS key that is used to encrypt the connection password.
If connection password protection is enabled, the caller of
CreateConnection and UpdateConnection needs at least kms:Encrypt
permission on the specified KMS key, to encrypt passwords before storing
them in the Data Catalog.
You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.
$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption', connectionPasswordEncryption_returnConnectionPasswordEncrypted - When the ReturnConnectionPasswordEncrypted flag is set to "true",
passwords remain encrypted in the responses of GetConnection and
GetConnections. This encryption takes effect independently from
catalog encryption.
connectionPasswordEncryption_awsKmsKeyId :: Lens' ConnectionPasswordEncryption (Maybe Text) Source #
An KMS key that is used to encrypt the connection password.
If connection password protection is enabled, the caller of
CreateConnection and UpdateConnection needs at least kms:Encrypt
permission on the specified KMS key, to encrypt passwords before storing
them in the Data Catalog.
You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.
connectionPasswordEncryption_returnConnectionPasswordEncrypted :: Lens' ConnectionPasswordEncryption Bool Source #
When the ReturnConnectionPasswordEncrypted flag is set to "true",
passwords remain encrypted in the responses of GetConnection and
GetConnections. This encryption takes effect independently from
catalog encryption.