Copyright | (c) 2013-2018 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Enables or updates server-side encryption using an AWS KMS key for a specified stream.
Starting encryption is an asynchronous operation. Upon receiving the request, Kinesis Data Streams returns immediately and sets the status of the stream to UPDATING
. After the update is complete, Kinesis Data Streams sets the status of the stream back to ACTIVE
. Updating or applying encryption normally takes a few seconds to complete, but it can take minutes. You can continue to read and write data to your stream while its status is UPDATING
. Once the status of the stream is ACTIVE
, encryption begins for records written to the stream.
API Limits: You can successfully apply a new AWS KMS key for server-side encryption 25 times in a rolling 24-hour period.
Note: It can take up to five seconds after the stream is in an ACTIVE
status before all records written to the stream are encrypted. After you enable encryption, you can verify that encryption is applied by inspecting the API response from PutRecord
or PutRecords
.
- startStreamEncryption :: Text -> EncryptionType -> Text -> StartStreamEncryption
- data StartStreamEncryption
- sStreamName :: Lens' StartStreamEncryption Text
- sEncryptionType :: Lens' StartStreamEncryption EncryptionType
- sKeyId :: Lens' StartStreamEncryption Text
- startStreamEncryptionResponse :: StartStreamEncryptionResponse
- data StartStreamEncryptionResponse
Creating a Request
startStreamEncryption Source #
Creates a value of StartStreamEncryption
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sStreamName
- The name of the stream for which to start encrypting records.sEncryptionType
- The encryption type to use. The only valid value isKMS
.sKeyId
- The GUID for the customer-managed AWS KMS key to use for encryption. This value can be a globally unique identifier, a fully specified Amazon Resource Name (ARN) to either an alias or a key, or an alias name prefixed by "alias".You can also use a master key owned by Kinesis Data Streams by specifying the alias @awskinesis. * Key ARN example:
arn:aws:kms:us-east-1:123456789012:key12345678-1234-1234-1234-123456789012* Alias ARN example:
arn:aws:kms:us-east-1:123456789012:aliasMyAliasName* Globally unique key ID example:
12345678-1234-1234-1234-123456789012* Alias name example:
aliasMyAliasName* Master key owned by Kinesis Data Streams:
aliasaws/kinesis@
data StartStreamEncryption Source #
See: startStreamEncryption
smart constructor.
Request Lenses
sStreamName :: Lens' StartStreamEncryption Text Source #
The name of the stream for which to start encrypting records.
sEncryptionType :: Lens' StartStreamEncryption EncryptionType Source #
The encryption type to use. The only valid value is KMS
.
sKeyId :: Lens' StartStreamEncryption Text Source #
The GUID for the customer-managed AWS KMS key to use for encryption. This value can be a globally unique identifier, a fully specified Amazon Resource Name (ARN) to either an alias or a key, or an alias name prefixed by "alias".You can also use a master key owned by Kinesis Data Streams by specifying the alias @awskinesis . * Key ARN example:
arn:aws:kms:us-east-1:123456789012:key12345678-1234-1234-1234-123456789012 * Alias ARN example:
arn:aws:kms:us-east-1:123456789012:aliasMyAliasName * Globally unique key ID example:
12345678-1234-1234-1234-123456789012 * Alias name example:
aliasMyAliasName * Master key owned by Kinesis Data Streams:
aliasaws/kinesis@
Destructuring the Response
startStreamEncryptionResponse :: StartStreamEncryptionResponse Source #
Creates a value of StartStreamEncryptionResponse
with the minimum fields required to make a request.
data StartStreamEncryptionResponse Source #
See: startStreamEncryptionResponse
smart constructor.