Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.MediaConvert.Types.S3EncryptionSettings

Description

Documentation

data S3EncryptionSettings Source #

Settings for how your job outputs are encrypted as they are uploaded to Amazon S3.

See: newS3EncryptionSettings smart constructor.

Constructors

S3EncryptionSettings'

Fields

encryptionType :: Maybe S3ServerSideEncryptionType
Specify how you want your data keys managed. AWS uses data keys to encrypt your content. AWS also encrypts the data keys themselves, using a customer master key (CMK), and then stores the encrypted data keys alongside your encrypted content. Use this setting to specify which AWS service manages the CMK. For simplest set up, choose Amazon S3 (SERVER_SIDE_ENCRYPTION_S3). If you want your master key to be managed by AWS Key Management Service (KMS), choose AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). By default, when you choose AWS KMS, KMS uses the AWS managed customer master key (CMK) associated with Amazon S3 to encrypt your data keys. You can optionally choose to specify a different, customer managed CMK. Do so by specifying the Amazon Resource Name (ARN) of the key for the setting KMS ARN (kmsKeyArn).
kmsKeyArn :: Maybe Text
Optionally, specify the customer master key (CMK) that you want to use to encrypt the data key that AWS uses to encrypt your output content. Enter the Amazon Resource Name (ARN) of the CMK. To use this setting, you must also set Server-side encryption (S3ServerSideEncryptionType) to AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). If you set Server-side encryption to AWS KMS but don't specify a CMK here, AWS uses the AWS managed CMK associated with Amazon S3.
kmsEncryptionContext :: Maybe Text
Optionally, specify the encryption context that you want to use alongside your KMS key. AWS KMS uses this encryption context as additional authenticated data (AAD) to support authenticated encryption. This value must be a base64-encoded UTF-8 string holding JSON which represents a string-string map. To use this setting, you must also set Server-side encryption (S3ServerSideEncryptionType) to AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). For more information about encryption context, see: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context.

Instances

Instances details

Eq S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings Methods (==) :: S3EncryptionSettings -> S3EncryptionSettings -> Bool # (/=) :: S3EncryptionSettings -> S3EncryptionSettings -> Bool #
Read S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings Methods readsPrec :: Int -> ReadS S3EncryptionSettings # readList :: ReadS [S3EncryptionSettings] # readPrec :: ReadPrec S3EncryptionSettings # readListPrec :: ReadPrec [S3EncryptionSettings] #
Show S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings Methods showsPrec :: Int -> S3EncryptionSettings -> ShowS # show :: S3EncryptionSettings -> String # showList :: [S3EncryptionSettings] -> ShowS #
Generic S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings Associated Types type Rep S3EncryptionSettings :: Type -> Type # Methods from :: S3EncryptionSettings -> Rep S3EncryptionSettings x # to :: Rep S3EncryptionSettings x -> S3EncryptionSettings #
NFData S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings Methods rnf :: S3EncryptionSettings -> () #
Hashable S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings Methods hashWithSalt :: Int -> S3EncryptionSettings -> Int # hash :: S3EncryptionSettings -> Int #
ToJSON S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings Methods toJSON :: S3EncryptionSettings -> Value # toEncoding :: S3EncryptionSettings -> Encoding # toJSONList :: [S3EncryptionSettings] -> Value # toEncodingList :: [S3EncryptionSettings] -> Encoding #
FromJSON S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings Methods parseJSON :: Value -> Parser S3EncryptionSettings # parseJSONList :: Value -> Parser [S3EncryptionSettings] #
type Rep S3EncryptionSettings Source #
Instance details Defined in Amazonka.MediaConvert.Types.S3EncryptionSettings type Rep S3EncryptionSettings = D1 ('MetaData "S3EncryptionSettings" "Amazonka.MediaConvert.Types.S3EncryptionSettings" "libZSservicesZSamazonka-mediaconvertZSamazonka-mediaconvert" 'False) (C1 ('MetaCons "S3EncryptionSettings'" 'PrefixI 'True) (S1 ('MetaSel ('Just "encryptionType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe S3ServerSideEncryptionType)) :: (S1 ('MetaSel ('Just "kmsKeyArn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "kmsEncryptionContext") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))))

newS3EncryptionSettings :: S3EncryptionSettings Source #

Create a value of S3EncryptionSettings with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:encryptionType:S3EncryptionSettings', s3EncryptionSettings_encryptionType - Specify how you want your data keys managed. AWS uses data keys to encrypt your content. AWS also encrypts the data keys themselves, using a customer master key (CMK), and then stores the encrypted data keys alongside your encrypted content. Use this setting to specify which AWS service manages the CMK. For simplest set up, choose Amazon S3 (SERVER_SIDE_ENCRYPTION_S3). If you want your master key to be managed by AWS Key Management Service (KMS), choose AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). By default, when you choose AWS KMS, KMS uses the AWS managed customer master key (CMK) associated with Amazon S3 to encrypt your data keys. You can optionally choose to specify a different, customer managed CMK. Do so by specifying the Amazon Resource Name (ARN) of the key for the setting KMS ARN (kmsKeyArn).

$sel:kmsKeyArn:S3EncryptionSettings', s3EncryptionSettings_kmsKeyArn - Optionally, specify the customer master key (CMK) that you want to use to encrypt the data key that AWS uses to encrypt your output content. Enter the Amazon Resource Name (ARN) of the CMK. To use this setting, you must also set Server-side encryption (S3ServerSideEncryptionType) to AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). If you set Server-side encryption to AWS KMS but don't specify a CMK here, AWS uses the AWS managed CMK associated with Amazon S3.

$sel:kmsEncryptionContext:S3EncryptionSettings', s3EncryptionSettings_kmsEncryptionContext - Optionally, specify the encryption context that you want to use alongside your KMS key. AWS KMS uses this encryption context as additional authenticated data (AAD) to support authenticated encryption. This value must be a base64-encoded UTF-8 string holding JSON which represents a string-string map. To use this setting, you must also set Server-side encryption (S3ServerSideEncryptionType) to AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). For more information about encryption context, see: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context.

s3EncryptionSettings_encryptionType :: Lens' S3EncryptionSettings (Maybe S3ServerSideEncryptionType) Source #

Specify how you want your data keys managed. AWS uses data keys to encrypt your content. AWS also encrypts the data keys themselves, using a customer master key (CMK), and then stores the encrypted data keys alongside your encrypted content. Use this setting to specify which AWS service manages the CMK. For simplest set up, choose Amazon S3 (SERVER_SIDE_ENCRYPTION_S3). If you want your master key to be managed by AWS Key Management Service (KMS), choose AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). By default, when you choose AWS KMS, KMS uses the AWS managed customer master key (CMK) associated with Amazon S3 to encrypt your data keys. You can optionally choose to specify a different, customer managed CMK. Do so by specifying the Amazon Resource Name (ARN) of the key for the setting KMS ARN (kmsKeyArn).

s3EncryptionSettings_kmsKeyArn :: Lens' S3EncryptionSettings (Maybe Text) Source #

Optionally, specify the customer master key (CMK) that you want to use to encrypt the data key that AWS uses to encrypt your output content. Enter the Amazon Resource Name (ARN) of the CMK. To use this setting, you must also set Server-side encryption (S3ServerSideEncryptionType) to AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). If you set Server-side encryption to AWS KMS but don't specify a CMK here, AWS uses the AWS managed CMK associated with Amazon S3.

s3EncryptionSettings_kmsEncryptionContext :: Lens' S3EncryptionSettings (Maybe Text) Source #

Optionally, specify the encryption context that you want to use alongside your KMS key. AWS KMS uses this encryption context as additional authenticated data (AAD) to support authenticated encryption. This value must be a base64-encoded UTF-8 string holding JSON which represents a string-string map. To use this setting, you must also set Server-side encryption (S3ServerSideEncryptionType) to AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). For more information about encryption context, see: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context.