Glue:Resource:aws_glue_data_catalog_encryption_settings

类型

Resource

标签

aws_glue_data_catalog_encryption_settings

AWS服务

Glue

说明

主要用于Glue Catalog 的加密设置。

样例

resource "aws_glue_data_catalog_encryption_settings" "example" {
  data_catalog_encryption_settings {
    connection_password_encryption {
      aws_kms_key_id                       = aws_kms_key.test.arn
      return_connection_password_encrypted = true
    }

    encryption_at_rest {
      catalog_encryption_mode = "SSE-KMS"
      sse_aws_kms_key_id      = aws_kms_key.test.arn
    }
  }
}

参数

• data_catalog_encryption_settings – (Required) The security configuration to set. see Data Catalog Encryption Settings.
• catalog_id – (Optional) The ID of the Data Catalog to set the security configuration for. If none is provided, the AWS account ID is used by default.

data_catalog_encryption_settings

• connection_password_encryption - (Required) When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption. see Connection Password Encryption.
• encryption_at_rest - (Required) Specifies the encryption-at-rest configuration for the Data Catalog. see Encryption At Rest.

connection_password_encryption

• return_connection_password_encrypted - (Required) When set to true, passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently of the catalog encryption.
• aws_kms_key_id - (Optional) A KMS key ARN that is used to encrypt the connection password. If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog.

encryption_at_rest

• catalog_encryption_mode - (Required) The encryption-at-rest mode for encrypting Data Catalog data. Valid values are DISABLED and SSE-KMS.
• sse_aws_kms_key_id - (Optional) The ARN of the AWS KMS key to use for encryption at rest.

属性引用

除上述所有参数外，还将访问该资源的以下属性：

• id - The ID of the Data Catalog to set the security configuration for.

资源导入

替换如下命令行中的参数${catalog_id}和${name}（在Resource配置中的第二个标签值）并运行，可以导入Glue 数据库：

$ terraform import aws_glue_data_catalog_encryption_settings.${name} ${catalog_id}