/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace Firehose { namespace Model { /** *

Specifies the type and Amazon Resource Name (ARN) of the CMK to use for * Server-Side Encryption (SSE).

*/ class AWS_FIREHOSE_API DeliveryStreamEncryptionConfigurationInput { public: DeliveryStreamEncryptionConfigurationInput(); DeliveryStreamEncryptionConfigurationInput(Aws::Utils::Json::JsonView jsonValue); DeliveryStreamEncryptionConfigurationInput& operator=(Aws::Utils::Json::JsonView jsonValue); Aws::Utils::Json::JsonValue Jsonize() const; /** *

If you set KeyType to CUSTOMER_MANAGED_CMK, you * must specify the Amazon Resource Name (ARN) of the CMK. If you set * KeyType to AWS_OWNED_CMK, Kinesis Data Firehose uses a * service-account CMK.

*/ inline const Aws::String& GetKeyARN() const{ return m_keyARN; } /** *

*/ inline bool KeyARNHasBeenSet() const { return m_keyARNHasBeenSet; } /** *

*/ inline void SetKeyARN(const Aws::String& value) { m_keyARNHasBeenSet = true; m_keyARN = value; } /** *

*/ inline void SetKeyARN(Aws::String&& value) { m_keyARNHasBeenSet = true; m_keyARN = std::move(value); } /** *

*/ inline void SetKeyARN(const char* value) { m_keyARNHasBeenSet = true; m_keyARN.assign(value); } /** *

*/ inline DeliveryStreamEncryptionConfigurationInput& WithKeyARN(const Aws::String& value) { SetKeyARN(value); return *this;} /** *

*/ inline DeliveryStreamEncryptionConfigurationInput& WithKeyARN(Aws::String&& value) { SetKeyARN(std::move(value)); return *this;} /** *

*/ inline DeliveryStreamEncryptionConfigurationInput& WithKeyARN(const char* value) { SetKeyARN(value); return *this;} /** *

Indicates the type of customer master key (CMK) to use for encryption. The * default setting is AWS_OWNED_CMK. For more information about CMKs, * see Customer * Master Keys (CMKs). When you invoke CreateDeliveryStream or * StartDeliveryStreamEncryption with KeyType set to * CUSTOMER_MANAGED_CMK, Kinesis Data Firehose invokes the Amazon KMS operation CreateGrant * to create a grant that allows the Kinesis Data Firehose service to use the * customer managed CMK to perform encryption and decryption. Kinesis Data Firehose * manages that grant.

When you invoke StartDeliveryStreamEncryption * to change the CMK for a delivery stream that is encrypted with a customer * managed CMK, Kinesis Data Firehose schedules the grant it had on the old CMK for * retirement.

You can use a CMK of type CUSTOMER_MANAGED_CMK to encrypt up * to 500 delivery streams. If a CreateDeliveryStream or * StartDeliveryStreamEncryption operation exceeds this limit, Kinesis Data * Firehose throws a LimitExceededException.

To * encrypt your delivery stream, use symmetric CMKs. Kinesis Data Firehose doesn't * support asymmetric CMKs. For information about symmetric and asymmetric CMKs, * see About * Symmetric and Asymmetric CMKs in the AWS Key Management Service developer * guide.

*/ inline const KeyType& GetKeyType() const{ return m_keyType; } /** *

*/ inline bool KeyTypeHasBeenSet() const { return m_keyTypeHasBeenSet; } /** *

*/ inline void SetKeyType(const KeyType& value) { m_keyTypeHasBeenSet = true; m_keyType = value; } /** *

*/ inline void SetKeyType(KeyType&& value) { m_keyTypeHasBeenSet = true; m_keyType = std::move(value); } /** *

*/ inline DeliveryStreamEncryptionConfigurationInput& WithKeyType(const KeyType& value) { SetKeyType(value); return *this;} /** *

*/ inline DeliveryStreamEncryptionConfigurationInput& WithKeyType(KeyType&& value) { SetKeyType(std::move(value)); return *this;} private: Aws::String m_keyARN; bool m_keyARNHasBeenSet; KeyType m_keyType; bool m_keyTypeHasBeenSet; }; } // namespace Model } // namespace Firehose } // namespace Aws

See Also: