AWS X-Ray

2018/04/25 - AWS X-Ray - 2 new api methods

Changes  Added PutEncryptionConfig and GetEncryptionConfig APIs for managing data encryption settings. Use PutEncryptionConfig to configure X-Ray to use an AWS Key Management Service customer master key to encrypt trace data at rest.

GetEncryptionConfig (new) Link ¶

Retrieves the current encryption configuration for X-Ray data.

See also: AWS API Documentation

Request Syntax

client.get_encryption_config()
rtype

dict

returns

Response Syntax

{
    'EncryptionConfig': {
        'KeyId': 'string',
        'Status': 'UPDATING'|'ACTIVE',
        'Type': 'NONE'|'KMS'
    }
}

Response Structure

  • (dict) --

    • EncryptionConfig (dict) --

      The encryption configuration document.

      • KeyId (string) --

        The ID of the customer master key (CMK) used for encryption, if applicable.

      • Status (string) --

        The encryption status. After modifying encryption configuration with PutEncryptionConfig, the status can be UPDATING for up to one hour before X-Ray starts encrypting data with the new key.

      • Type (string) --

        The type of encryption. Set to KMS for encryption with CMKs. Set to NONE for default encryption.

PutEncryptionConfig (new) Link ¶

Updates the encryption configuration for X-Ray data.

See also: AWS API Documentation

Request Syntax

client.put_encryption_config(
    KeyId='string',
    Type='NONE'|'KMS'
)
type KeyId

string

param KeyId

An AWS KMS customer master key (CMK) in one of the following formats:

  • Alias - The name of the key. For example, alias/MyKey .

  • Key ID - The KMS key ID of the key. For example, ae4aa6d49-a4d8-9df9-a475-4ff6d7898456 .

  • ARN - The full Amazon Resource Name of the key ID or alias. For example, arn:aws:kms:us-east-2:123456789012:key/ae4aa6d49-a4d8-9df9-a475-4ff6d7898456 . Use this format to specify a key in a different account.

Omit this key if you set Type to NONE .

type Type

string

param Type

[REQUIRED]

The type of encryption. Set to KMS to use your own key for encryption. Set to NONE for default encryption.

rtype

dict

returns

Response Syntax

{
    'EncryptionConfig': {
        'KeyId': 'string',
        'Status': 'UPDATING'|'ACTIVE',
        'Type': 'NONE'|'KMS'
    }
}

Response Structure

  • (dict) --

    • EncryptionConfig (dict) --

      The new encryption configuration.

      • KeyId (string) --

        The ID of the customer master key (CMK) used for encryption, if applicable.

      • Status (string) --

        The encryption status. After modifying encryption configuration with PutEncryptionConfig, the status can be UPDATING for up to one hour before X-Ray starts encrypting data with the new key.

      • Type (string) --

        The type of encryption. Set to KMS for encryption with CMKs. Set to NONE for default encryption.