/* * Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with * the License. A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions * and limitations under the License. */ package com.amazonaws.services.sagemaker.model; import java.io.Serializable; import javax.annotation.Generated; import com.amazonaws.protocol.StructuredPojo; import com.amazonaws.protocol.ProtocolMarshaller; /** *

* The security configuration for OnlineStore. *

* * @see AWS API Documentation */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public class OnlineStoreSecurityConfig implements Serializable, Cloneable, StructuredPojo { /** *

* The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the * Amazon S3 objects at rest using Amazon S3 server-side encryption. *

* The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId: *

*
* "kms:Encrypt" *
*
*
* "kms:Decrypt" *
*
*
* "kms:DescribeKey" *
*
*
* "kms:CreateGrant" *
*
*
* "kms:RetireGrant" *
*
*
* "kms:ReEncryptFrom" *
*
*
* "kms:ReEncryptTo" *
*
*
* "kms:GenerateDataKey" *
*
*
* "kms:ListAliases" *
*
*
* "kms:ListGrants" *
*
*
* "kms:RevokeGrant" *
*

* The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, * DeleteRecord) must have the following permissions to the KmsKeyId: *

*
* "kms:Decrypt" *
*

*/ private String kmsKeyId; /** *

* The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the * Amazon S3 objects at rest using Amazon S3 server-side encryption. *

* The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId: *

*
* "kms:Encrypt" *
*
*
* "kms:Decrypt" *
*
*
* "kms:DescribeKey" *
*
*
* "kms:CreateGrant" *
*
*
* "kms:RetireGrant" *
*
*
* "kms:ReEncryptFrom" *
*
*
* "kms:ReEncryptTo" *
*
*
* "kms:GenerateDataKey" *
*
*
* "kms:ListAliases" *
*
*
* "kms:ListGrants" *
*
*
* "kms:RevokeGrant" *
*

* The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, * DeleteRecord) must have the following permissions to the KmsKeyId: *

*
* "kms:Decrypt" *
*

* * @param kmsKeyId * The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt * the Amazon S3 objects at rest using Amazon S3 server-side encryption.

* The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId: *

*
* "kms:Encrypt" *
*
*
* "kms:Decrypt" *
*
*
* "kms:DescribeKey" *
*
*
* "kms:CreateGrant" *
*
*
* "kms:RetireGrant" *
*
*
* "kms:ReEncryptFrom" *
*
*
* "kms:ReEncryptTo" *
*
*
* "kms:GenerateDataKey" *
*
*
* "kms:ListAliases" *
*
*
* "kms:ListGrants" *
*
*
* "kms:RevokeGrant" *
*

* The caller (either user or IAM role) to all DataPlane operations (PutRecord, * GetRecord, DeleteRecord) must have the following permissions to the * KmsKeyId: *

*
* "kms:Decrypt" *
*

* The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the * Amazon S3 objects at rest using Amazon S3 server-side encryption. *

* The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId: *

*
* "kms:Encrypt" *
*
*
* "kms:Decrypt" *
*
*
* "kms:DescribeKey" *
*
*
* "kms:CreateGrant" *
*
*
* "kms:RetireGrant" *
*
*
* "kms:ReEncryptFrom" *
*
*
* "kms:ReEncryptTo" *
*
*
* "kms:GenerateDataKey" *
*
*
* "kms:ListAliases" *
*
*
* "kms:ListGrants" *
*
*
* "kms:RevokeGrant" *
*

* The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, * DeleteRecord) must have the following permissions to the KmsKeyId: *

*
* "kms:Decrypt" *
*

* The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to * the OnlineStore KmsKeyId: *

*
* "kms:Encrypt" *
*
*
* "kms:Decrypt" *
*
*
* "kms:DescribeKey" *
*
*
* "kms:CreateGrant" *
*
*
* "kms:RetireGrant" *
*
*
* "kms:ReEncryptFrom" *
*
*
* "kms:ReEncryptTo" *
*
*
* "kms:GenerateDataKey" *
*
*
* "kms:ListAliases" *
*
*
* "kms:ListGrants" *
*
*
* "kms:RevokeGrant" *
*

* The caller (either user or IAM role) to all DataPlane operations (PutRecord, * GetRecord, DeleteRecord) must have the following permissions to the * KmsKeyId: *

*
* "kms:Decrypt" *
*

* The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the * Amazon S3 objects at rest using Amazon S3 server-side encryption. *

* The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId: *

*
* "kms:Encrypt" *
*
*
* "kms:Decrypt" *
*
*
* "kms:DescribeKey" *
*
*
* "kms:CreateGrant" *
*
*
* "kms:RetireGrant" *
*
*
* "kms:ReEncryptFrom" *
*
*
* "kms:ReEncryptTo" *
*
*
* "kms:GenerateDataKey" *
*
*
* "kms:ListAliases" *
*
*
* "kms:ListGrants" *
*
*
* "kms:RevokeGrant" *
*

* The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, * DeleteRecord) must have the following permissions to the KmsKeyId: *

*
* "kms:Decrypt" *
*

* The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the * OnlineStore KmsKeyId: *

*
* "kms:Encrypt" *
*
*
* "kms:Decrypt" *
*
*
* "kms:DescribeKey" *
*
*
* "kms:CreateGrant" *
*
*
* "kms:RetireGrant" *
*
*
* "kms:ReEncryptFrom" *
*
*
* "kms:ReEncryptTo" *
*
*
* "kms:GenerateDataKey" *
*
*
* "kms:ListAliases" *
*
*
* "kms:ListGrants" *
*
*
* "kms:RevokeGrant" *
*

* The caller (either user or IAM role) to all DataPlane operations (PutRecord, * GetRecord, DeleteRecord) must have the following permissions to the * KmsKeyId: *

*
* "kms:Decrypt" *
*