Copyright | (c) 2013-2017 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Enables or updates server-side encryption using an AWS KMS key for a specified stream.
Starting encryption is an asynchronous operation. Upon receiving the request, Amazon Kinesis returns immediately and sets the status of the stream to UPDATING
. After the update is complete, Amazon Kinesis sets the status of the stream back to ACTIVE
. Updating or applying encryption normally takes a few seconds to complete but it can take minutes. You can continue to read and write data to your stream while its status is UPDATING
. Once the status of the stream is ACTIVE
, records written to the stream will begin to be encrypted.
API Limits: You can successfully apply a new AWS KMS key for server-side encryption 25 times in a rolling 24 hour period.
Note: It can take up to 5 seconds after the stream is in an ACTIVE
status before all records written to the stream are encrypted. After you’ve enabled encryption, you can verify encryption was applied by inspecting the API response from PutRecord
or PutRecords
.
- startStreamEncryption :: Text -> EncryptionType -> Text -> StartStreamEncryption
- data StartStreamEncryption
- sStreamName :: Lens' StartStreamEncryption Text
- sEncryptionType :: Lens' StartStreamEncryption EncryptionType
- sKeyId :: Lens' StartStreamEncryption Text
- startStreamEncryptionResponse :: StartStreamEncryptionResponse
- data StartStreamEncryptionResponse
Creating a Request
startStreamEncryption Source #
Creates a value of StartStreamEncryption
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sStreamName
- The name of the stream for which to start encrypting records.sEncryptionType
- The encryption type to use. This parameter can be one of the following values: *NONE
: Not valid for this operation. AnInvalidOperationException
will be thrown. *KMS
: Use server-side encryption on the records in the stream using a customer-managed KMS key.sKeyId
- The GUID for the customer-managed KMS key to use for encryption. You can also use a Kinesis-owned master key by specifying the aliasaws/kinesis
.
data StartStreamEncryption Source #
See: startStreamEncryption
smart constructor.
Request Lenses
sStreamName :: Lens' StartStreamEncryption Text Source #
The name of the stream for which to start encrypting records.
sEncryptionType :: Lens' StartStreamEncryption EncryptionType Source #
The encryption type to use. This parameter can be one of the following values: * NONE
: Not valid for this operation. An InvalidOperationException
will be thrown. * KMS
: Use server-side encryption on the records in the stream using a customer-managed KMS key.
sKeyId :: Lens' StartStreamEncryption Text Source #
The GUID for the customer-managed KMS key to use for encryption. You can also use a Kinesis-owned master key by specifying the alias aws/kinesis
.
Destructuring the Response
startStreamEncryptionResponse :: StartStreamEncryptionResponse Source #
Creates a value of StartStreamEncryptionResponse
with the minimum fields required to make a request.
data StartStreamEncryptionResponse Source #
See: startStreamEncryptionResponse
smart constructor.