Resource: awsGlueDataCatalogEncryptionSettings
Provides a Glue Data Catalog Encryption Settings resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.glueDataCatalogEncryptionSettings.GlueDataCatalogEncryptionSettings(
this,
"example",
{
dataCatalogEncryptionSettings: {
connectionPasswordEncryption: {
awsKmsKeyId: "${aws_kms_key.test.arn}",
returnConnectionPasswordEncrypted: true,
},
encryptionAtRest: {
catalogEncryptionMode: "SSE-KMS",
sseAwsKmsKeyId: "${aws_kms_key.test.arn}",
},
},
}
);
Argument Reference
The following arguments are supported:
dataCatalogEncryptionSettings
– (Required) The security configuration to set. see Data Catalog Encryption Settings.catalogId
– (Optional) The ID of the Data Catalog to set the security configuration for. If none is provided, the AWS account ID is used by default.
dataCatalogEncryptionSettings
connectionPasswordEncryption
- (Required) When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption. see Connection Password Encryption.encryptionAtRest
- (Required) Specifies the encryption-at-rest configuration for the Data Catalog. see Encryption At Rest.
connectionPasswordEncryption
returnConnectionPasswordEncrypted
- (Required) When set totrue
, passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently of the catalog encryption.awsKmsKeyId
- (Optional) A KMS key ARN that is used to encrypt the connection password. If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at leastkms:encrypt
permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog.
encryptionAtRest
catalogEncryptionMode
- (Required) The encryption-at-rest mode for encrypting Data Catalog data. Valid values aredisabled
andsseKms
.sseAwsKmsKeyId
- (Optional) The ARN of the AWS KMS key to use for encryption at rest.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the Data Catalog to set the security configuration for.
Import
Glue Data Catalog Encryption Settings can be imported using catalogId
(AWS account ID if not custom), e.g.,