class SecurityConfiguration (construct)
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Glue.Alpha.SecurityConfiguration |
![]() | github.com/aws/aws-cdk-go/awscdkgluealpha/v2#SecurityConfiguration |
![]() | software.amazon.awscdk.services.glue.alpha.SecurityConfiguration |
![]() | aws_cdk.aws_glue_alpha.SecurityConfiguration |
![]() | @aws-cdk/aws-glue-alpha ยป SecurityConfiguration |
Implements
IConstruct
, IDependable
, IResource
, ISecurity
A security configuration is a set of security properties that can be used by AWS Glue to encrypt data at rest.
The following scenarios show some of the ways that you can use a security configuration.
- Attach a security configuration to an AWS Glue crawler to write encrypted Amazon CloudWatch Logs.
- Attach a security configuration to an extract, transform, and load (ETL) job to write encrypted Amazon Simple Storage Service (Amazon S3) targets and encrypted CloudWatch Logs.
- Attach a security configuration to an ETL job to write its jobs bookmarks as encrypted Amazon S3 data.
- Attach a security configuration to a development endpoint to write encrypted Amazon S3 targets.
Example
import * as cdk from 'aws-cdk-lib';
import * as iam from 'aws-cdk-lib/aws-iam';
declare const stack: cdk.Stack;
declare const role: iam.IRole;
declare const script: glue.Code;
new glue.RayJob(stack, 'ImportedJob', {
role,
script,
jobName: 'RayCustomJobName',
description: 'This is a description',
workerType: glue.WorkerType.Z_2X,
numberOfWorkers: 5,
runtime: glue.Runtime.RAY_TWO_FOUR,
maxRetries: 3,
maxConcurrentRuns: 100,
timeout: cdk.Duration.hours(2),
connections: [glue.Connection.fromConnectionName(stack, 'Connection', 'connectionName')],
securityConfiguration: glue.SecurityConfiguration.fromSecurityConfigurationName(stack, 'SecurityConfig', 'securityConfigName'),
tags: {
FirstTagName: 'FirstTagValue',
SecondTagName: 'SecondTagValue',
XTagName: 'XTagValue',
},
});
Initializer
new SecurityConfiguration(scope: Construct, id: string, props?: SecurityConfigurationProps)
Parameters
- scope
Construct
- id
string
- props
Security
Configuration Props
Construct Props
Name | Type | Description |
---|---|---|
cloud | Cloud | The encryption configuration for Amazon CloudWatch Logs. |
job | Job | The encryption configuration for Glue Job Bookmarks. |
s3 | S3 | The encryption configuration for Amazon Simple Storage Service (Amazon S3) data. |
security | string | The name of the security configuration. |
cloudWatchEncryption?
Type:
Cloud
(optional, default: no cloudwatch logs encryption.)
The encryption configuration for Amazon CloudWatch Logs.
jobBookmarksEncryption?
Type:
Job
(optional, default: no job bookmarks encryption.)
The encryption configuration for Glue Job Bookmarks.
s3Encryption?
Type:
S3
(optional, default: no s3 encryption.)
The encryption configuration for Amazon Simple Storage Service (Amazon S3) data.
securityConfigurationName?
Type:
string
(optional, default: generated by CDK.)
The name of the security configuration.
Properties
Name | Type | Description |
---|---|---|
env | Resource | The environment this resource belongs to. |
node | Node | The tree node. |
security | string | The name of the security configuration. |
stack | Stack | The stack in which this resource is defined. |
cloud | IKey | The KMS key used in CloudWatch encryption if it requires a kms key. |
job | IKey | The KMS key used in job bookmarks encryption if it requires a kms key. |
s3 | IKey | The KMS key used in S3 encryption if it requires a kms key. |
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
securityConfigurationName
Type:
string
The name of the security configuration.
stack
Type:
Stack
The stack in which this resource is defined.
cloudWatchEncryptionKey?
Type:
IKey
(optional)
The KMS key used in CloudWatch encryption if it requires a kms key.
jobBookmarksEncryptionKey?
Type:
IKey
(optional)
The KMS key used in job bookmarks encryption if it requires a kms key.
s3EncryptionKey?
Type:
IKey
(optional)
The KMS key used in S3 encryption if it requires a kms key.
Methods
Name | Description |
---|---|
apply | Apply the given removal policy to this resource. |
to | Returns a string representation of this construct. |
static from | Creates a Connection construct that represents an external security configuration. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
Removal
Policy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromSecurityConfigurationName(scope, id, securityConfigurationName)
public static fromSecurityConfigurationName(scope: Construct, id: string, securityConfigurationName: string): ISecurityConfiguration
Parameters
- scope
Construct
โ The scope creating construct (usuallythis
). - id
string
โ The construct's id. - securityConfigurationName
string
โ name of external security configuration.
Returns
Creates a Connection construct that represents an external security configuration.