Skip to content

/AWS1/CL_MDCS3ENCSETTINGS

Settings for how your job outputs are encrypted as they are uploaded to Amazon S3.

CONSTRUCTOR

IMPORTING

Optional arguments:

iv_encryptiontype TYPE /AWS1/MDCS3SERVERSIDEENCTYPE /AWS1/MDCS3SERVERSIDEENCTYPE

Specify how you want your data keys managed. AWS uses data keys to encrypt your content. AWS also encrypts the data keys themselves, using a customer master key (CMK), and then stores the encrypted data keys alongside your encrypted content. Use this setting to specify which AWS service manages the CMK. For simplest set up, choose Amazon S3. If you want your master key to be managed by AWS Key Management Service (KMS), choose AWS KMS. By default, when you choose AWS KMS, KMS uses the AWS managed customer master key (CMK) associated with Amazon S3 to encrypt your data keys. You can optionally choose to specify a different, customer managed CMK. Do so by specifying the Amazon Resource Name (ARN) of the key for the setting KMS ARN.

iv_kmsencryptioncontext TYPE /AWS1/MDC__STRINGPATAZAZ0902 /AWS1/MDC__STRINGPATAZAZ0902

Optionally, specify the encryption context that you want to use alongside your KMS key. AWS KMS uses this encryption context as additional authenticated data (AAD) to support authenticated encryption. This value must be a base64-encoded UTF-8 string holding JSON which represents a string-string map. To use this setting, you must also set Server-side encryption to AWS KMS. For more information about encryption context, see: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context.

iv_kmskeyarn TYPE /AWS1/MDC__STRPATARNAWSUSGOV00 /AWS1/MDC__STRPATARNAWSUSGOV00

Optionally, specify the customer master key (CMK) that you want to use to encrypt the data key that AWS uses to encrypt your output content. Enter the Amazon Resource Name (ARN) of the CMK. To use this setting, you must also set Server-side encryption to AWS KMS. If you set Server-side encryption to AWS KMS but don't specify a CMK here, AWS uses the AWS managed CMK associated with Amazon S3.

Queryable Attributes

EncryptionType

Specify how you want your data keys managed. AWS uses data keys to encrypt your content. AWS also encrypts the data keys themselves, using a customer master key (CMK), and then stores the encrypted data keys alongside your encrypted content. Use this setting to specify which AWS service manages the CMK. For simplest set up, choose Amazon S3. If you want your master key to be managed by AWS Key Management Service (KMS), choose AWS KMS. By default, when you choose AWS KMS, KMS uses the AWS managed customer master key (CMK) associated with Amazon S3 to encrypt your data keys. You can optionally choose to specify a different, customer managed CMK. Do so by specifying the Amazon Resource Name (ARN) of the key for the setting KMS ARN.

Accessible with the following methods

Method Description
GET_ENCRYPTIONTYPE() Getter for ENCRYPTIONTYPE, with configurable default
ASK_ENCRYPTIONTYPE() Getter for ENCRYPTIONTYPE w/ exceptions if field has no valu
HAS_ENCRYPTIONTYPE() Determine if ENCRYPTIONTYPE has a value

KmsEncryptionContext

Optionally, specify the encryption context that you want to use alongside your KMS key. AWS KMS uses this encryption context as additional authenticated data (AAD) to support authenticated encryption. This value must be a base64-encoded UTF-8 string holding JSON which represents a string-string map. To use this setting, you must also set Server-side encryption to AWS KMS. For more information about encryption context, see: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context.

Accessible with the following methods

Method Description
GET_KMSENCRYPTIONCONTEXT() Getter for KMSENCRYPTIONCONTEXT, with configurable default
ASK_KMSENCRYPTIONCONTEXT() Getter for KMSENCRYPTIONCONTEXT w/ exceptions if field has n
HAS_KMSENCRYPTIONCONTEXT() Determine if KMSENCRYPTIONCONTEXT has a value

KmsKeyArn

Optionally, specify the customer master key (CMK) that you want to use to encrypt the data key that AWS uses to encrypt your output content. Enter the Amazon Resource Name (ARN) of the CMK. To use this setting, you must also set Server-side encryption to AWS KMS. If you set Server-side encryption to AWS KMS but don't specify a CMK here, AWS uses the AWS managed CMK associated with Amazon S3.

Accessible with the following methods

Method Description
GET_KMSKEYARN() Getter for KMSKEYARN, with configurable default
ASK_KMSKEYARN() Getter for KMSKEYARN w/ exceptions if field has no value
HAS_KMSKEYARN() Determine if KMSKEYARN has a value