Encrypted Service Resource

High-level helper class to provide a familiar interface to encrypted tables.

class dynamodb_encryption_sdk.encrypted.resource.EncryptedResource(resource: boto3.resources.base.ServiceResource, materials_provider: dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProvider, attribute_actions: Optional[dynamodb_encryption_sdk.structures.AttributeActions] = None, auto_refresh_table_indexes: Optional[bool] = True)[source]

Bases: object

High-level helper class to provide a familiar interface to encrypted tables.

>>> import boto3
>>> from dynamodb_encryption_sdk.encrypted.resource import EncryptedResource
>>> from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider
>>> resource = boto3.resource('dynamodb')
>>> aws_kms_cmp = AwsKmsCryptographicMaterialsProvider('alias/MyKmsAlias')
>>> encrypted_resource = EncryptedResource(
...     resource=resource,
...     materials_provider=aws_kms_cmp
... )

Note

This class provides a superset of the boto3 DynamoDB service resource API, so should work as a drop-in replacement once configured.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/index.html

If you want to provide per-request cryptographic details, the batch_write_item and batch_get_item methods will also accept a crypto_config parameter, defining a custom CryptoConfig instance for this request.

Parameters

  • resource (boto3.resources.base.ServiceResource) – Pre-configured boto3 DynamoDB service resource object

  • materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use

  • attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes

  • auto_refresh_table_indexes (bool) – Should we attempt to refresh information about table indexes? Requires dynamodb:DescribeTable permissions on each table. (default: True)

Table(name, **kwargs)[source]

Creates an EncryptedTable resource.

If any of the optional configuration values are not provided, the corresponding values for this EncryptedResource will be used.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/index.html#DynamoDB.Table

Parameters

  • name – The table name.

  • materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use (optional)

  • table_info (TableInfo) – Information about the target DynamoDB table (optional)

  • attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes (optional)

class dynamodb_encryption_sdk.encrypted.resource.EncryptedTablesCollectionManager(collection: boto3.resources.collection.CollectionManager, materials_provider: dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProvider, attribute_actions: dynamodb_encryption_sdk.structures.AttributeActions, table_info_cache: dynamodb_encryption_sdk.internal.utils.TableInfoCache)[source]

Bases: object

Tables collection manager that provides EncryptedTable objects.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html

Parameters

  • collection (boto3.resources.collection.CollectionManager) – Pre-configured boto3 DynamoDB table collection manager

  • materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use

  • attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes

  • table_info_cache (TableInfoCache) – Local cache from which to obtain TableInfo data