-
Notifications
You must be signed in to change notification settings - Fork 17
/
awsdynamodb_TableEncryption.go
40 lines (36 loc) · 1.5 KB
/
awsdynamodb_TableEncryption.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package awsdynamodb
// What kind of server-side encryption to apply to this table.
//
// Example:
// table := dynamodb.NewTable(this, jsii.String("MyTable"), &tableProps{
// partitionKey: &attribute{
// name: jsii.String("id"),
// type: dynamodb.attributeType_STRING,
// },
// encryption: dynamodb.tableEncryption_CUSTOMER_MANAGED,
// })
//
// // You can access the CMK that was added to the stack on your behalf by the Table construct via:
// tableEncryptionKey := table.encryptionKey
//
// Experimental.
type TableEncryption string
const (
// Server-side KMS encryption with a master key owned by AWS.
// Experimental.
TableEncryption_DEFAULT TableEncryption = "DEFAULT"
// Server-side KMS encryption with a customer master key managed by customer.
//
// If `encryptionKey` is specified, this key will be used, otherwise, one will be defined.
//
// > **NOTE**: if `encryptionKey` is not specified and the `Table` construct creates
// > a KMS key for you, the key will be created with default permissions. If you are using
// > CDKv2, these permissions will be sufficient to enable the key for use with DynamoDB tables.
// > If you are using CDKv1, make sure the feature flag `@aws-cdk/aws-kms:defaultKeyPolicies`
// > is set to `true` in your `cdk.json`.
// Experimental.
TableEncryption_CUSTOMER_MANAGED TableEncryption = "CUSTOMER_MANAGED"
// Server-side KMS encryption with a master key managed by AWS.
// Experimental.
TableEncryption_AWS_MANAGED TableEncryption = "AWS_MANAGED"
)