UNPKG

@aws-cdk/aws-glue-alpha

Version:

The CDK Construct Library for AWS::Glue

github.com/aws/aws-cdk

aws/aws-cdk

163 lines (162 loc) 5.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
import * as kms from 'aws-cdk-lib/aws-kms'; import * as cdk from 'aws-cdk-lib/core'; import * as constructs from 'constructs'; /** * Interface representing a created or an imported `SecurityConfiguration`. */ export interface ISecurityConfiguration extends cdk.IResource { /** * The name of the security configuration. * @attribute */ readonly securityConfigurationName: string; } /** * Encryption mode for S3. * @see https://docs.aws.amazon.com/glue/latest/webapi/API_S3Encryption.html#Glue-Type-S3Encryption-S3EncryptionMode */ export declare enum S3EncryptionMode { /** * Server side encryption (SSE) with an Amazon S3-managed key. * * @see https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html */ S3_MANAGED = "SSE-S3", /** * Server-side encryption (SSE) with an AWS KMS key managed by the account owner. * * @see https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html */ KMS = "SSE-KMS" } /** * Encryption mode for CloudWatch Logs. * @see https://docs.aws.amazon.com/glue/latest/webapi/API_CloudWatchEncryption.html#Glue-Type-CloudWatchEncryption-CloudWatchEncryptionMode */ export declare enum CloudWatchEncryptionMode { /** * Server-side encryption (SSE) with an AWS KMS key managed by the account owner. * * @see https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html */ KMS = "SSE-KMS" } /** * Encryption mode for Job Bookmarks. * @see https://docs.aws.amazon.com/glue/latest/webapi/API_JobBookmarksEncryption.html#Glue-Type-JobBookmarksEncryption-JobBookmarksEncryptionMode */ export declare enum JobBookmarksEncryptionMode { /** * Client-side encryption (CSE) with an AWS KMS key managed by the account owner. * * @see https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html */ CLIENT_SIDE_KMS = "CSE-KMS" } /** * S3 encryption configuration. */ export interface S3Encryption { /** * Encryption mode. */ readonly mode: S3EncryptionMode; /** * The KMS key to be used to encrypt the data. * @default no kms key if mode = S3_MANAGED. A key will be created if one is not provided and mode = KMS. */ readonly kmsKey?: kms.IKeyRef; } /** * CloudWatch Logs encryption configuration. */ export interface CloudWatchEncryption { /** * Encryption mode */ readonly mode: CloudWatchEncryptionMode; /** * The KMS key to be used to encrypt the data. * @default A key will be created if one is not provided. */ readonly kmsKey?: kms.IKeyRef; } /** * Job bookmarks encryption configuration. */ export interface JobBookmarksEncryption { /** * Encryption mode. */ readonly mode: JobBookmarksEncryptionMode; /** * The KMS key to be used to encrypt the data. * @default A key will be created if one is not provided. */ readonly kmsKey?: kms.IKeyRef; } /** * Constructions properties of `SecurityConfiguration`. */ export interface SecurityConfigurationProps { /** * The name of the security configuration. * * @default - generated by CDK. */ readonly securityConfigurationName?: string; /** * The encryption configuration for Amazon CloudWatch Logs. * @default no cloudwatch logs encryption. */ readonly cloudWatchEncryption?: CloudWatchEncryption; /** * The encryption configuration for Glue Job Bookmarks. * @default no job bookmarks encryption. */ readonly jobBookmarksEncryption?: JobBookmarksEncryption; /** * The encryption configuration for Amazon Simple Storage Service (Amazon S3) data. * @default no s3 encryption. */ readonly s3Encryption?: S3Encryption; } /** * A security configuration is a set of security properties that can be used by AWS Glue to encrypt data at rest. * * The following scenarios show some of the ways that you can use a security configuration. * - Attach a security configuration to an AWS Glue crawler to write encrypted Amazon CloudWatch Logs. * - Attach a security configuration to an extract, transform, and load (ETL) job to write encrypted Amazon Simple Storage Service (Amazon S3) targets and encrypted CloudWatch Logs. * - Attach a security configuration to an ETL job to write its jobs bookmarks as encrypted Amazon S3 data. * - Attach a security configuration to a development endpoint to write encrypted Amazon S3 targets. */ export declare class SecurityConfiguration extends cdk.Resource implements ISecurityConfiguration { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Creates a Connection construct that represents an external security configuration. * * @param scope The scope creating construct (usually `this`). * @param id The construct's id. * @param securityConfigurationName name of external security configuration. */ static fromSecurityConfigurationName(scope: constructs.Construct, id: string, securityConfigurationName: string): ISecurityConfiguration; /** * The name of the security configuration. * @attribute */ readonly securityConfigurationName: string; /** * The KMS key used in CloudWatch encryption if it requires a kms key. */ readonly cloudWatchEncryptionKey?: kms.IKeyRef; /** * The KMS key used in job bookmarks encryption if it requires a kms key. */ readonly jobBookmarksEncryptionKey?: kms.IKeyRef; /** * The KMS key used in S3 encryption if it requires a kms key. */ readonly s3EncryptionKey?: kms.IKeyRef; constructor(scope: constructs.Construct, id: string, props?: SecurityConfigurationProps); }