Encrypted Service Resource

High-level helper class to provide a familiar interface to encrypted tables.

class dynamodb_encryption_sdk.encrypted.resource.EncryptedTablesCollectionManager(collection, materials_provider, attribute_actions, table_info_cache)[source]

Bases: object

Tables collection manager that provides EncryptedTable objects.

https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.ServiceResource.tables

Parameters:
  • collection (boto3.resources.collection.CollectionManager) – Pre-configured boto3 DynamoDB table collection manager
  • materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use
  • attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes
  • table_info_cache (TableInfoCache) – Local cache from which to obtain TableInfo data
class dynamodb_encryption_sdk.encrypted.resource.EncryptedResource(resource, materials_provider, attribute_actions=None, auto_refresh_table_indexes=True)[source]

Bases: object

High-level helper class to provide a familiar interface to encrypted tables.

>>> import boto3
>>> from dynamodb_encryption_sdk.encrypted.resource import EncryptedResource
>>> from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider
>>> resource = boto3.resource('dynamodb')
>>> aws_kms_cmp = AwsKmsCryptographicMaterialsProvider('alias/MyKmsAlias')
>>> encrypted_resource = EncryptedResource(
...     resource=resource,
...     materials_provider=aws_kms_cmp
... )

Note

This class provides a superset of the boto3 DynamoDB service resource API, so should work as a drop-in replacement once configured.

https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#service-resource

If you want to provide per-request cryptographic details, the batch_write_item and batch_get_item methods will also accept a crypto_config parameter, defining a custom CryptoConfig instance for this request.

Parameters:
  • resource (boto3.resources.base.ServiceResource) – Pre-configured boto3 DynamoDB service resource object
  • materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use
  • attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes
  • auto_refresh_table_indexes (bool) – Should we attempt to refresh information about table indexes? Requires dynamodb:DescribeTable permissions on each table. (default: True)
Table(name, **kwargs)[source]

Creates an EncryptedTable resource.

If any of the optional configuration values are not provided, the corresponding values for this EncryptedResource will be used.

https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.ServiceResource.Table

Parameters:
  • name – The table name.
  • materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use (optional)
  • table_info (TableInfo) – Information about the target DynamoDB table (optional)
  • attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes (optional)