feat(client-dsql): Features: support for customer managed encryption keys

Author: awstools

clients/client-dsql/src/commands/CreateClusterCommand.ts

@@ -101,6 +101,7 @@ export interface CreateClusterCommandOutput extends CreateClusterOutput, __Metad
  * const client = new DSQLClient(config);
  * const input = { // CreateClusterInput
  *   deletionProtectionEnabled: true || false,
+ *   kmsEncryptionKey: "STRING_VALUE",
  *   tags: { // TagMap
  *     "<keys>": "STRING_VALUE",
  *   },
@@ -125,6 +126,11 @@ export interface CreateClusterCommandOutput extends CreateClusterOutput, __Metad
  * //       "STRING_VALUE",
  * //     ],
  * //   },
+ * //   encryptionDetails: { // EncryptionDetails
+ * //     encryptionType: "AWS_OWNED_KMS_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required
+ * //     kmsKeyArn: "STRING_VALUE",
+ * //     encryptionStatus: "ENABLED" || "UPDATING" || "KMS_KEY_INACCESSIBLE" || "ENABLING", // required
+ * //   },
  * //   deletionProtectionEnabled: true || false, // required
  * // };
  *

clients/client-dsql/src/commands/GetClusterCommand.ts

@@ -55,6 +55,11 @@ export interface GetClusterCommandOutput extends GetClusterOutput, __MetadataBea
  * //   tags: { // TagMap
  * //     "<keys>": "STRING_VALUE",
  * //   },
+ * //   encryptionDetails: { // EncryptionDetails
+ * //     encryptionType: "AWS_OWNED_KMS_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required
+ * //     kmsKeyArn: "STRING_VALUE",
+ * //     encryptionStatus: "ENABLED" || "UPDATING" || "KMS_KEY_INACCESSIBLE" || "ENABLING", // required
+ * //   },
  * // };
  *
  * ```

clients/client-dsql/src/commands/UpdateClusterCommand.ts

@@ -124,6 +124,7 @@ export interface UpdateClusterCommandOutput extends UpdateClusterOutput, __Metad
  * const input = { // UpdateClusterInput
  *   identifier: "STRING_VALUE", // required
  *   deletionProtectionEnabled: true || false,
+ *   kmsEncryptionKey: "STRING_VALUE",
  *   clientToken: "STRING_VALUE",
  *   multiRegionProperties: { // MultiRegionProperties
  *     witnessRegion: "STRING_VALUE",

clients/client-dsql/src/models/models_0.ts

@@ -108,6 +108,12 @@ export interface CreateClusterInput {
    */
   deletionProtectionEnabled?: boolean | undefined;
 
+  /**
+   * <p>The KMS key that encrypts and protects the data on your cluster. You can specify the ARN, ID, or alias of an existing key or have Amazon Web Services create a default key for you.</p>
+   * @public
+   */
+  kmsEncryptionKey?: string | undefined;
+
   /**
    * <p>A map of key and value pairs to use to tag your cluster.</p>
    * @public
@@ -133,6 +139,60 @@ export interface CreateClusterInput {
   multiRegionProperties?: MultiRegionProperties | undefined;
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const EncryptionStatus = {
+  ENABLED: "ENABLED",
+  ENABLING: "ENABLING",
+  KMS_KEY_INACCESSIBLE: "KMS_KEY_INACCESSIBLE",
+  UPDATING: "UPDATING",
+} as const;
+
+/**
+ * @public
+ */
+export type EncryptionStatus = (typeof EncryptionStatus)[keyof typeof EncryptionStatus];
+
+/**
+ * @public
+ * @enum
+ */
+export const EncryptionType = {
+  AWS_OWNED_KMS_KEY: "AWS_OWNED_KMS_KEY",
+  CUSTOMER_MANAGED_KMS_KEY: "CUSTOMER_MANAGED_KMS_KEY",
+} as const;
+
+/**
+ * @public
+ */
+export type EncryptionType = (typeof EncryptionType)[keyof typeof EncryptionType];
+
+/**
+ * <p>Configuration details about encryption for the cluster including the KMS key ARN, encryption type, and encryption status.</p>
+ * @public
+ */
+export interface EncryptionDetails {
+  /**
+   * <p>The type of encryption that protects the data on your cluster.</p>
+   * @public
+   */
+  encryptionType: EncryptionType | undefined;
+
+  /**
+   * <p>The ARN of the KMS key that encrypts data in the cluster.</p>
+   * @public
+   */
+  kmsKeyArn?: string | undefined;
+
+  /**
+   * <p>The status of encryption for the cluster.</p>
+   * @public
+   */
+  encryptionStatus: EncryptionStatus | undefined;
+}
+
 /**
  * <p>The output of a created cluster.</p>
  * @public
@@ -168,6 +228,12 @@ export interface CreateClusterOutput {
    */
   multiRegionProperties?: MultiRegionProperties | undefined;
 
+  /**
+   * <p>The encryption configuration for the cluster that was specified during the creation process, including the KMS key identifier and encryption state.</p>
+   * @public
+   */
+  encryptionDetails?: EncryptionDetails | undefined;
+
   /**
    * <p>Whether deletion protection is enabled on this cluster.</p>
    * @public
@@ -510,6 +576,12 @@ export interface GetClusterOutput {
    * @public
    */
   tags?: Record<string, string> | undefined;
+
+  /**
+   * <p>The current encryption configuration details for the cluster.</p>
+   * @public
+   */
+  encryptionDetails?: EncryptionDetails | undefined;
 }
 
 /**
@@ -607,6 +679,12 @@ export interface UpdateClusterInput {
    */
   deletionProtectionEnabled?: boolean | undefined;
 
+  /**
+   * <p>The KMS key that encrypts and protects the data on your cluster. You can specify the ARN, ID, or alias of an existing key or have Amazon Web Services create a default key for you.</p>
+   * @public
+   */
+  kmsEncryptionKey?: string | undefined;
+
   /**
    * <p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the
    *          request. Idempotency ensures that an API request completes only once. With an idempotent

clients/client-dsql/src/protocols/Aws_restJson1.ts

@@ -70,6 +70,7 @@ export const se_CreateClusterCommand = async (
     take(input, {
       clientToken: [true, (_) => _ ?? generateIdempotencyToken()],
       deletionProtectionEnabled: [],
+      kmsEncryptionKey: [],
       multiRegionProperties: (_) => _json(_),
       tags: (_) => _json(_),
     })
@@ -224,6 +225,7 @@ export const se_UpdateClusterCommand = async (
     take(input, {
       clientToken: [true, (_) => _ ?? generateIdempotencyToken()],
       deletionProtectionEnabled: [],
+      kmsEncryptionKey: [],
       multiRegionProperties: (_) => _json(_),
     })
   );
@@ -249,6 +251,7 @@ export const de_CreateClusterCommand = async (
     arn: __expectString,
     creationTime: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     deletionProtectionEnabled: __expectBoolean,
+    encryptionDetails: _json,
     identifier: __expectString,
     multiRegionProperties: _json,
     status: __expectString,
@@ -299,6 +302,7 @@ export const de_GetClusterCommand = async (
     arn: __expectString,
     creationTime: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     deletionProtectionEnabled: __expectBoolean,
+    encryptionDetails: _json,
     identifier: __expectString,
     multiRegionProperties: _json,
     status: __expectString,
@@ -631,6 +635,8 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont
 
 // de_ClusterSummary omitted.
 
+// de_EncryptionDetails omitted.
+
 // de_MultiRegionProperties omitted.
 
 // de_TagMap omitted.

codegen/sdk-codegen/aws-models/dsql.json

@@ -58,6 +58,9 @@
         },
         "deletionProtectionEnabled": {
           "target": "com.amazonaws.dsql#DeletionProtectionEnabled"
+        },
+        "encryptionDetails": {
+          "target": "com.amazonaws.dsql#EncryptionDetails"
         }
       },
       "create": {
@@ -300,6 +303,13 @@
             "smithy.api#documentation": "<p>If enabled, you can't delete your cluster. You must first disable this property before\n         you can delete your cluster.</p>"
           }
         },
+        "kmsEncryptionKey": {
+          "target": "com.amazonaws.dsql#KmsEncryptionKey",
+          "traits": {
+            "smithy.api#documentation": "<p>The KMS key that encrypts and protects the data on your cluster. You can specify the ARN, ID, or alias of an existing key or have Amazon Web Services create a default key for you.</p>",
+            "smithy.api#notProperty": {}
+          }
+        },
         "tags": {
           "target": "com.amazonaws.dsql#TagMap",
           "traits": {
@@ -364,6 +374,13 @@
             "smithy.api#notProperty": {}
           }
         },
+        "encryptionDetails": {
+          "target": "com.amazonaws.dsql#EncryptionDetails",
+          "traits": {
+            "smithy.api#documentation": "<p>The encryption configuration for the cluster that was specified during the creation process, including the KMS key identifier and encryption state.</p>",
+            "smithy.api#notProperty": {}
+          }
+        },
         "deletionProtectionEnabled": {
           "target": "com.amazonaws.dsql#DeletionProtectionEnabled",
           "traits": {
@@ -870,6 +887,80 @@
         "smithy.api#documentation": "<p>Indicates whether deletion protection is enabled for a cluster.</p>"
       }
     },
+    "com.amazonaws.dsql#EncryptionDetails": {
+      "type": "structure",
+      "members": {
+        "encryptionType": {
+          "target": "com.amazonaws.dsql#EncryptionType",
+          "traits": {
+            "smithy.api#documentation": "<p>The type of encryption that protects the data on your cluster.</p>",
+            "smithy.api#required": {}
+          }
+        },
+        "kmsKeyArn": {
+          "target": "com.amazonaws.dsql#KmsKeyArn",
+          "traits": {
+            "smithy.api#documentation": "<p>The ARN of the KMS key that encrypts data in the cluster.</p>"
+          }
+        },
+        "encryptionStatus": {
+          "target": "com.amazonaws.dsql#EncryptionStatus",
+          "traits": {
+            "smithy.api#documentation": "<p>The status of encryption for the cluster.</p>",
+            "smithy.api#required": {}
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>Configuration details about encryption for the cluster including the KMS key ARN, encryption type, and encryption status.</p>"
+      }
+    },
+    "com.amazonaws.dsql#EncryptionStatus": {
+      "type": "enum",
+      "members": {
+        "ENABLED": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "ENABLED"
+          }
+        },
+        "UPDATING": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "UPDATING"
+          }
+        },
+        "KMS_KEY_INACCESSIBLE": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "KMS_KEY_INACCESSIBLE"
+          }
+        },
+        "ENABLING": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "ENABLING"
+          }
+        }
+      }
+    },
+    "com.amazonaws.dsql#EncryptionType": {
+      "type": "enum",
+      "members": {
+        "AWS_OWNED_KMS_KEY": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "AWS_OWNED_KMS_KEY"
+          }
+        },
+        "CUSTOMER_MANAGED_KMS_KEY": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "CUSTOMER_MANAGED_KMS_KEY"
+          }
+        }
+      }
+    },
     "com.amazonaws.dsql#GetCluster": {
       "type": "operation",
       "input": {
@@ -1015,6 +1106,13 @@
           "traits": {
             "smithy.api#notProperty": {}
           }
+        },
+        "encryptionDetails": {
+          "target": "com.amazonaws.dsql#EncryptionDetails",
+          "traits": {
+            "smithy.api#documentation": "<p>The current encryption configuration details for the cluster.</p>",
+            "smithy.api#notProperty": {}
+          }
         }
       },
       "traits": {
@@ -1138,6 +1236,24 @@
         "smithy.api#retryable": {}
       }
     },
+    "com.amazonaws.dsql#KmsEncryptionKey": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 2048
+        },
+        "smithy.api#pattern": "^[a-zA-Z0-9:/_-]+$"
+      }
+    },
+    "com.amazonaws.dsql#KmsKeyArn": {
+      "type": "string",
+      "traits": {
+        "aws.api#arnReference": {
+          "type": "AWS::KMS::Key"
+        }
+      }
+    },
     "com.amazonaws.dsql#ListClusters": {
       "type": "operation",
       "input": {
@@ -1696,6 +1812,13 @@
             "smithy.api#documentation": "<p>Specifies whether to enable deletion protection in your cluster.</p>"
           }
         },
+        "kmsEncryptionKey": {
+          "target": "com.amazonaws.dsql#KmsEncryptionKey",
+          "traits": {
+            "smithy.api#documentation": "<p>The KMS key that encrypts and protects the data on your cluster. You can specify the ARN, ID, or alias of an existing key or have Amazon Web Services create a default key for you.</p>",
+            "smithy.api#notProperty": {}
+          }
+        },
         "clientToken": {
           "target": "com.amazonaws.dsql#ClientToken",
           "traits": {