/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace SageMaker { namespace Model { /** *

The security configuration for OnlineStore.

See * Also:

AWS * API Reference

*/ class OnlineStoreSecurityConfig { public: AWS_SAGEMAKER_API OnlineStoreSecurityConfig(); AWS_SAGEMAKER_API OnlineStoreSecurityConfig(Aws::Utils::Json::JsonView jsonValue); AWS_SAGEMAKER_API OnlineStoreSecurityConfig& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_SAGEMAKER_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker * Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 * server-side encryption.

The caller (either user or IAM role) of * CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId:

* "kms:Encrypt"
"kms:Decrypt"
*
"kms:DescribeKey"
* "kms:CreateGrant"
* "kms:RetireGrant"
* "kms:ReEncryptFrom"
* "kms:ReEncryptTo"
* "kms:GenerateDataKey"
* "kms:ListAliases"
"kms:ListGrants" *
"kms:RevokeGrant"

The * caller (either user or IAM role) to all DataPlane operations * (PutRecord, GetRecord, DeleteRecord) must * have the following permissions to the KmsKeyId:

* "kms:Decrypt"

*/ inline const Aws::String& GetKmsKeyId() const{ return m_kmsKeyId; } /** *

The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker * Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 * server-side encryption.

The caller (either user or IAM role) of * CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId:

* "kms:Encrypt"
"kms:Decrypt"
*
"kms:DescribeKey"
* "kms:CreateGrant"
* "kms:RetireGrant"
* "kms:ReEncryptFrom"
* "kms:ReEncryptTo"
* "kms:GenerateDataKey"
* "kms:ListAliases"
"kms:ListGrants" *
"kms:RevokeGrant"

The * caller (either user or IAM role) to all DataPlane operations * (PutRecord, GetRecord, DeleteRecord) must * have the following permissions to the KmsKeyId:

* "kms:Decrypt"

*/ inline bool KmsKeyIdHasBeenSet() const { return m_kmsKeyIdHasBeenSet; } /** *

The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker * Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 * server-side encryption.

The caller (either user or IAM role) of * CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId:

* "kms:Encrypt"
"kms:Decrypt"
*
"kms:DescribeKey"
* "kms:CreateGrant"
* "kms:RetireGrant"
* "kms:ReEncryptFrom"
* "kms:ReEncryptTo"
* "kms:GenerateDataKey"
* "kms:ListAliases"
"kms:ListGrants" *
"kms:RevokeGrant"

The * caller (either user or IAM role) to all DataPlane operations * (PutRecord, GetRecord, DeleteRecord) must * have the following permissions to the KmsKeyId:

* "kms:Decrypt"

*/ inline void SetKmsKeyId(const Aws::String& value) { m_kmsKeyIdHasBeenSet = true; m_kmsKeyId = value; } /** *

The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker * Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 * server-side encryption.

The caller (either user or IAM role) of * CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId:

* "kms:Encrypt"
"kms:Decrypt"
*
"kms:DescribeKey"
* "kms:CreateGrant"
* "kms:RetireGrant"
* "kms:ReEncryptFrom"
* "kms:ReEncryptTo"
* "kms:GenerateDataKey"
* "kms:ListAliases"
"kms:ListGrants" *
"kms:RevokeGrant"

The * caller (either user or IAM role) to all DataPlane operations * (PutRecord, GetRecord, DeleteRecord) must * have the following permissions to the KmsKeyId:

* "kms:Decrypt"

*/ inline void SetKmsKeyId(Aws::String&& value) { m_kmsKeyIdHasBeenSet = true; m_kmsKeyId = std::move(value); } /** *

The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker * Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 * server-side encryption.

The caller (either user or IAM role) of * CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId:

* "kms:Encrypt"
"kms:Decrypt"
*
"kms:DescribeKey"
* "kms:CreateGrant"
* "kms:RetireGrant"
* "kms:ReEncryptFrom"
* "kms:ReEncryptTo"
* "kms:GenerateDataKey"
* "kms:ListAliases"
"kms:ListGrants" *
"kms:RevokeGrant"

The * caller (either user or IAM role) to all DataPlane operations * (PutRecord, GetRecord, DeleteRecord) must * have the following permissions to the KmsKeyId:

* "kms:Decrypt"

*/ inline void SetKmsKeyId(const char* value) { m_kmsKeyIdHasBeenSet = true; m_kmsKeyId.assign(value); } /** *

The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker * Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 * server-side encryption.

The caller (either user or IAM role) of * CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId:

* "kms:Encrypt"
"kms:Decrypt"
*
"kms:DescribeKey"
* "kms:CreateGrant"
* "kms:RetireGrant"
* "kms:ReEncryptFrom"
* "kms:ReEncryptTo"
* "kms:GenerateDataKey"
* "kms:ListAliases"
"kms:ListGrants" *
"kms:RevokeGrant"

The * caller (either user or IAM role) to all DataPlane operations * (PutRecord, GetRecord, DeleteRecord) must * have the following permissions to the KmsKeyId:

* "kms:Decrypt"

*/ inline OnlineStoreSecurityConfig& WithKmsKeyId(const Aws::String& value) { SetKmsKeyId(value); return *this;} /** *

The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker * Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 * server-side encryption.

The caller (either user or IAM role) of * CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId:

* "kms:Encrypt"
"kms:Decrypt"
*
"kms:DescribeKey"
* "kms:CreateGrant"
* "kms:RetireGrant"
* "kms:ReEncryptFrom"
* "kms:ReEncryptTo"
* "kms:GenerateDataKey"
* "kms:ListAliases"
"kms:ListGrants" *
"kms:RevokeGrant"

The * caller (either user or IAM role) to all DataPlane operations * (PutRecord, GetRecord, DeleteRecord) must * have the following permissions to the KmsKeyId:

* "kms:Decrypt"

*/ inline OnlineStoreSecurityConfig& WithKmsKeyId(Aws::String&& value) { SetKmsKeyId(std::move(value)); return *this;} /** *

The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker * Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 * server-side encryption.

The caller (either user or IAM role) of * CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId:

* "kms:Encrypt"
"kms:Decrypt"
*
"kms:DescribeKey"
* "kms:CreateGrant"
* "kms:RetireGrant"
* "kms:ReEncryptFrom"
* "kms:ReEncryptTo"
* "kms:GenerateDataKey"
* "kms:ListAliases"
"kms:ListGrants" *
"kms:RevokeGrant"

The * caller (either user or IAM role) to all DataPlane operations * (PutRecord, GetRecord, DeleteRecord) must * have the following permissions to the KmsKeyId:

* "kms:Decrypt"

*/ inline OnlineStoreSecurityConfig& WithKmsKeyId(const char* value) { SetKmsKeyId(value); return *this;} private: Aws::String m_kmsKeyId; bool m_kmsKeyIdHasBeenSet = false; }; } // namespace Model } // namespace SageMaker } // namespace Aws