2024/12/12 - AWS Glue - 3 updated api methods
Changes To support customer-managed encryption in Data Quality to allow customers encrypt data with their own KMS key, we will add a DataQualityEncryption field to the SecurityConfiguration API where customers can provide their KMS keys.
{'EncryptionConfiguration': {'DataQualityEncryption': {'DataQualityEncryptionMode': 'DISABLED '
'| '
'SSE-KMS',
'KmsKeyArn': 'string'}}}
Creates a new security configuration. A security configuration is a set of security properties that can be used by Glue. You can use a security configuration to encrypt data at rest. For information about using security configurations in Glue, see Encrypting Data Written by Crawlers, Jobs, and Development Endpoints.
See also: AWS API Documentation
Request Syntax
client.create_security_configuration(
Name='string',
EncryptionConfiguration={
'S3Encryption': [
{
'S3EncryptionMode': 'DISABLED'|'SSE-KMS'|'SSE-S3',
'KmsKeyArn': 'string'
},
],
'CloudWatchEncryption': {
'CloudWatchEncryptionMode': 'DISABLED'|'SSE-KMS',
'KmsKeyArn': 'string'
},
'JobBookmarksEncryption': {
'JobBookmarksEncryptionMode': 'DISABLED'|'CSE-KMS',
'KmsKeyArn': 'string'
},
'DataQualityEncryption': {
'DataQualityEncryptionMode': 'DISABLED'|'SSE-KMS',
'KmsKeyArn': 'string'
}
}
)
string
[REQUIRED]
The name for the new security configuration.
dict
[REQUIRED]
The encryption configuration for the new security configuration.
S3Encryption (list) --
The encryption configuration for Amazon Simple Storage Service (Amazon S3) data.
(dict) --
Specifies how Amazon Simple Storage Service (Amazon S3) data should be encrypted.
S3EncryptionMode (string) --
The encryption mode to use for Amazon S3 data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
CloudWatchEncryption (dict) --
The encryption configuration for Amazon CloudWatch.
CloudWatchEncryptionMode (string) --
The encryption mode to use for CloudWatch data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
JobBookmarksEncryption (dict) --
The encryption configuration for job bookmarks.
JobBookmarksEncryptionMode (string) --
The encryption mode to use for job bookmarks data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
DataQualityEncryption (dict) --
The encryption configuration for Glue Data Quality assets.
DataQualityEncryptionMode (string) --
The encryption mode to use for encrypting Data Quality assets. These assets include data quality rulesets, results, statistics, anomaly detection models and observations.
Valid values are SSEKMS for encryption using a customer-managed KMS key, or DISABLED.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
dict
Response Syntax
{
'Name': 'string',
'CreatedTimestamp': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Name (string) --
The name assigned to the new security configuration.
CreatedTimestamp (datetime) --
The time at which the new security configuration was created.
{'SecurityConfiguration': {'EncryptionConfiguration': {'DataQualityEncryption': {'DataQualityEncryptionMode': 'DISABLED '
'| '
'SSE-KMS',
'KmsKeyArn': 'string'}}}}
Retrieves a specified security configuration.
See also: AWS API Documentation
Request Syntax
client.get_security_configuration(
Name='string'
)
string
[REQUIRED]
The name of the security configuration to retrieve.
dict
Response Syntax
{
'SecurityConfiguration': {
'Name': 'string',
'CreatedTimeStamp': datetime(2015, 1, 1),
'EncryptionConfiguration': {
'S3Encryption': [
{
'S3EncryptionMode': 'DISABLED'|'SSE-KMS'|'SSE-S3',
'KmsKeyArn': 'string'
},
],
'CloudWatchEncryption': {
'CloudWatchEncryptionMode': 'DISABLED'|'SSE-KMS',
'KmsKeyArn': 'string'
},
'JobBookmarksEncryption': {
'JobBookmarksEncryptionMode': 'DISABLED'|'CSE-KMS',
'KmsKeyArn': 'string'
},
'DataQualityEncryption': {
'DataQualityEncryptionMode': 'DISABLED'|'SSE-KMS',
'KmsKeyArn': 'string'
}
}
}
}
Response Structure
(dict) --
SecurityConfiguration (dict) --
The requested security configuration.
Name (string) --
The name of the security configuration.
CreatedTimeStamp (datetime) --
The time at which this security configuration was created.
EncryptionConfiguration (dict) --
The encryption configuration associated with this security configuration.
S3Encryption (list) --
The encryption configuration for Amazon Simple Storage Service (Amazon S3) data.
(dict) --
Specifies how Amazon Simple Storage Service (Amazon S3) data should be encrypted.
S3EncryptionMode (string) --
The encryption mode to use for Amazon S3 data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
CloudWatchEncryption (dict) --
The encryption configuration for Amazon CloudWatch.
CloudWatchEncryptionMode (string) --
The encryption mode to use for CloudWatch data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
JobBookmarksEncryption (dict) --
The encryption configuration for job bookmarks.
JobBookmarksEncryptionMode (string) --
The encryption mode to use for job bookmarks data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
DataQualityEncryption (dict) --
The encryption configuration for Glue Data Quality assets.
DataQualityEncryptionMode (string) --
The encryption mode to use for encrypting Data Quality assets. These assets include data quality rulesets, results, statistics, anomaly detection models and observations.
Valid values are SSEKMS for encryption using a customer-managed KMS key, or DISABLED.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
{'SecurityConfigurations': {'EncryptionConfiguration': {'DataQualityEncryption': {'DataQualityEncryptionMode': 'DISABLED '
'| '
'SSE-KMS',
'KmsKeyArn': 'string'}}}}
Retrieves a list of all security configurations.
See also: AWS API Documentation
Request Syntax
client.get_security_configurations(
MaxResults=123,
NextToken='string'
)
integer
The maximum number of results to return.
string
A continuation token, if this is a continuation call.
dict
Response Syntax
{
'SecurityConfigurations': [
{
'Name': 'string',
'CreatedTimeStamp': datetime(2015, 1, 1),
'EncryptionConfiguration': {
'S3Encryption': [
{
'S3EncryptionMode': 'DISABLED'|'SSE-KMS'|'SSE-S3',
'KmsKeyArn': 'string'
},
],
'CloudWatchEncryption': {
'CloudWatchEncryptionMode': 'DISABLED'|'SSE-KMS',
'KmsKeyArn': 'string'
},
'JobBookmarksEncryption': {
'JobBookmarksEncryptionMode': 'DISABLED'|'CSE-KMS',
'KmsKeyArn': 'string'
},
'DataQualityEncryption': {
'DataQualityEncryptionMode': 'DISABLED'|'SSE-KMS',
'KmsKeyArn': 'string'
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
SecurityConfigurations (list) --
A list of security configurations.
(dict) --
Specifies a security configuration.
Name (string) --
The name of the security configuration.
CreatedTimeStamp (datetime) --
The time at which this security configuration was created.
EncryptionConfiguration (dict) --
The encryption configuration associated with this security configuration.
S3Encryption (list) --
The encryption configuration for Amazon Simple Storage Service (Amazon S3) data.
(dict) --
Specifies how Amazon Simple Storage Service (Amazon S3) data should be encrypted.
S3EncryptionMode (string) --
The encryption mode to use for Amazon S3 data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
CloudWatchEncryption (dict) --
The encryption configuration for Amazon CloudWatch.
CloudWatchEncryptionMode (string) --
The encryption mode to use for CloudWatch data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
JobBookmarksEncryption (dict) --
The encryption configuration for job bookmarks.
JobBookmarksEncryptionMode (string) --
The encryption mode to use for job bookmarks data.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
DataQualityEncryption (dict) --
The encryption configuration for Glue Data Quality assets.
DataQualityEncryptionMode (string) --
The encryption mode to use for encrypting Data Quality assets. These assets include data quality rulesets, results, statistics, anomaly detection models and observations.
Valid values are SSEKMS for encryption using a customer-managed KMS key, or DISABLED.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.
NextToken (string) --
A continuation token, if there are more security configurations to return.