Encrypted Service Resource
High-level helper class to provide a familiar interface to encrypted tables.
- class dynamodb_encryption_sdk.encrypted.resource.EncryptedResource(resource: boto3.resources.base.ServiceResource, materials_provider: dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProvider, attribute_actions: Optional[dynamodb_encryption_sdk.structures.AttributeActions] = None, auto_refresh_table_indexes: Optional[bool] = True)[source]
Bases:
object
High-level helper class to provide a familiar interface to encrypted tables.
>>> import boto3 >>> from dynamodb_encryption_sdk.encrypted.resource import EncryptedResource >>> from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider >>> resource = boto3.resource('dynamodb') >>> aws_kms_cmp = AwsKmsCryptographicMaterialsProvider('alias/MyKmsAlias') >>> encrypted_resource = EncryptedResource( ... resource=resource, ... materials_provider=aws_kms_cmp ... )
Note
This class provides a superset of the boto3 DynamoDB service resource API, so should work as a drop-in replacement once configured.
If you want to provide per-request cryptographic details, the
batch_write_item
andbatch_get_item
methods will also accept acrypto_config
parameter, defining a customCryptoConfig
instance for this request.- Parameters
resource (boto3.resources.base.ServiceResource) – Pre-configured boto3 DynamoDB service resource object
materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use
attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes
auto_refresh_table_indexes (bool) – Should we attempt to refresh information about table indexes? Requires
dynamodb:DescribeTable
permissions on each table. (default: True)
- Table(name, **kwargs)[source]
Creates an EncryptedTable resource.
If any of the optional configuration values are not provided, the corresponding values for this
EncryptedResource
will be used.- Parameters
name – The table name.
materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use (optional)
table_info (TableInfo) – Information about the target DynamoDB table (optional)
attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes (optional)
- class dynamodb_encryption_sdk.encrypted.resource.EncryptedTablesCollectionManager(collection: boto3.resources.collection.CollectionManager, materials_provider: dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProvider, attribute_actions: dynamodb_encryption_sdk.structures.AttributeActions, table_info_cache: dynamodb_encryption_sdk.internal.utils.TableInfoCache)[source]
Bases:
object
Tables collection manager that provides
EncryptedTable
objects.- Parameters
collection (boto3.resources.collection.CollectionManager) – Pre-configured boto3 DynamoDB table collection manager
materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use
attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes
table_info_cache (TableInfoCache) – Local cache from which to obtain TableInfo data