Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.Glue.Types.ConnectionPasswordEncryption

Description

Synopsis

data ConnectionPasswordEncryption = ConnectionPasswordEncryption' {
- awsKmsKeyId :: Maybe Text
- returnConnectionPasswordEncrypted :: Bool
}
newConnectionPasswordEncryption :: Bool -> ConnectionPasswordEncryption
connectionPasswordEncryption_awsKmsKeyId :: Lens' ConnectionPasswordEncryption (Maybe Text)
connectionPasswordEncryption_returnConnectionPasswordEncrypted :: Lens' ConnectionPasswordEncryption Bool

Documentation

data ConnectionPasswordEncryption Source #

The data structure used by the Data Catalog to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption.

When a CreationConnection request arrives containing a password, the Data Catalog first encrypts the password using your KMS key. It then encrypts the whole connection object again if catalog encryption is also enabled.

This encryption requires that you set KMS key permissions to enable or restrict access on the password key according to your security requirements. For example, you might want only administrators to have decrypt permission on the password key.

See: newConnectionPasswordEncryption smart constructor.

Constructors

ConnectionPasswordEncryption'

Fields

awsKmsKeyId :: Maybe Text
An KMS key that is used to encrypt the connection password.
If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified KMS key, to encrypt passwords before storing them in the Data Catalog.
You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.
returnConnectionPasswordEncrypted :: Bool
When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently from catalog encryption.

Instances

Instances details

FromJSON ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption Methods parseJSON :: Value -> Parser ConnectionPasswordEncryption # parseJSONList :: Value -> Parser [ConnectionPasswordEncryption] #
ToJSON ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption Methods toJSON :: ConnectionPasswordEncryption -> Value # toEncoding :: ConnectionPasswordEncryption -> Encoding # toJSONList :: [ConnectionPasswordEncryption] -> Value # toEncodingList :: [ConnectionPasswordEncryption] -> Encoding #
Generic ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption Associated Types type Rep ConnectionPasswordEncryption :: Type -> Type # Methods from :: ConnectionPasswordEncryption -> Rep ConnectionPasswordEncryption x # to :: Rep ConnectionPasswordEncryption x -> ConnectionPasswordEncryption #
Read ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption Methods readsPrec :: Int -> ReadS ConnectionPasswordEncryption # readList :: ReadS [ConnectionPasswordEncryption] # readPrec :: ReadPrec ConnectionPasswordEncryption # readListPrec :: ReadPrec [ConnectionPasswordEncryption] #
Show ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption Methods showsPrec :: Int -> ConnectionPasswordEncryption -> ShowS # show :: ConnectionPasswordEncryption -> String # showList :: [ConnectionPasswordEncryption] -> ShowS #
NFData ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption Methods rnf :: ConnectionPasswordEncryption -> () #
Eq ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption Methods (==) :: ConnectionPasswordEncryption -> ConnectionPasswordEncryption -> Bool # (/=) :: ConnectionPasswordEncryption -> ConnectionPasswordEncryption -> Bool #
Hashable ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption Methods hashWithSalt :: Int -> ConnectionPasswordEncryption -> Int # hash :: ConnectionPasswordEncryption -> Int #
type Rep ConnectionPasswordEncryption Source #
Instance details Defined in Amazonka.Glue.Types.ConnectionPasswordEncryption type Rep ConnectionPasswordEncryption = D1 ('MetaData "ConnectionPasswordEncryption" "Amazonka.Glue.Types.ConnectionPasswordEncryption" "amazonka-glue-2.0-7miPWwBHdfn8N8SvbpLgE0" 'False) (C1 ('MetaCons "ConnectionPasswordEncryption'" 'PrefixI 'True) (S1 ('MetaSel ('Just "awsKmsKeyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "returnConnectionPasswordEncrypted") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Bool)))

newConnectionPasswordEncryption Source #

Arguments

:: Bool	`$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption'`
-> ConnectionPasswordEncryption

Create a value of ConnectionPasswordEncryption with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:awsKmsKeyId:ConnectionPasswordEncryption', connectionPasswordEncryption_awsKmsKeyId - An KMS key that is used to encrypt the connection password.

If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified KMS key, to encrypt passwords before storing them in the Data Catalog.

You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.

$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption', connectionPasswordEncryption_returnConnectionPasswordEncrypted - When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently from catalog encryption.

connectionPasswordEncryption_awsKmsKeyId :: Lens' ConnectionPasswordEncryption (Maybe Text) Source #

An KMS key that is used to encrypt the connection password.

If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified KMS key, to encrypt passwords before storing them in the Data Catalog.

You can set the decrypt permission to enable or restrict access on the password key according to your security requirements.

connectionPasswordEncryption_returnConnectionPasswordEncrypted :: Lens' ConnectionPasswordEncryption Bool Source #

When the ReturnConnectionPasswordEncrypted flag is set to "true", passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently from catalog encryption.