OSS Tables支持服务端加密(Server-Side Encryption),使用AES256算法对存储的数据进行加密保护。加密配置支持Bucket级别和Table级别两种粒度。
功能概述
OSS Tables的服务端加密功能会在数据写入存储时自动进行加密,读取时自动解密,整个过程对用户透明。目前仅支持AES256算法。加密配置分为以下两个级别:
Bucket级别加密:作为Table Bucket下创建Table时的默认加密配置,对该Bucket下所有新创建的Table生效。创建Table Bucket时可选配置加密方式,创建后也支持随时修改或删除加密配置。
Table级别加密:在创建Table时指定加密方式,仅对该Table生效,未指定时使用 Bucket 级别加密配置。创建Table后,加密方式不可修改。
Bucket级别加密
控制台
创建Table Bucket时配置加密
登录OSS管理控制台,在左侧导航栏选择Table Bucket 列表。
单击创建 Table Bucket。
在创建面板中,服务端加密方式字段选择不加密或AES256。
完成其他配置后,单击确定。
修改已有Table Bucket的加密配置
登录OSS管理控制台,在左侧导航栏选择Table Bucket 列表。
单击目标Table Bucket名称,进入Table Bucket详情页。
在Table Bucket 基本信息区域,找到服务端加密方式字段,单击旁边的编辑链接。
选择不加密或AES256,单击保存。
ossutil
查询Bucket级别加密配置:
ossutil tables-api get-table-bucket-encryption --table-bucket-arn {ARN}设置Bucket级别加密:
ossutil tables-api put-table-bucket-encryption --table-bucket-arn {ARN} --encryption-configuration '{"sseAlgorithm":"AES256"}'删除Bucket级别加密配置:
ossutil tables-api delete-table-bucket-encryption --table-bucket-arn {ARN}SDK
Python
以下示例展示了如何设置Bucket级别加密配置。
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="put table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
parser.add_argument('--sse-algorithm', help='The server-side encryption algorithm.', required=True)
parser.add_argument('--kms-key-arn', help='The KMS key ARN for encryption.')
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
encryption_configuration = oss_tables.models.EncryptionConfiguration(
sse_algorithm=args.sse_algorithm,
key_arn=args.key_arn,
)
result = client.put_table_bucket_encryption(oss_tables.models.PutTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
encryption_configuration=encryption_configuration,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
print(f'successfully updated table bucket encryption for: {args.table_bucket_arn}')
if __name__ == "__main__":
main()以下示例展示了如何查询Bucket级别加密配置。
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="get table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.get_table_bucket_encryption(oss_tables.models.GetTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
if result.encryption_configuration:
print(f'sse algorithm: {result.encryption_configuration.sse_algorithm},'
f' kms key arn: {result.encryption_configuration.key_arn}')
if __name__ == "__main__":
main()以下示例展示了如何删除Bucket级别加密配置。
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="delete table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.delete_table_bucket_encryption(oss_tables.models.DeleteTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
print(f'successfully deleted table bucket encryption for: {args.table_bucket_arn}')
if __name__ == "__main__":
main()Go
以下示例展示了如何设置Bucket级别加密配置。
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.PutTableBucketEncryption(context.TODO(), &tables.PutTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
EncryptionConfiguration: &tables.EncryptionConfiguration{
SseAlgorithm: oss.Ptr("AES256"),
},
})
if err != nil {
log.Fatalf("failed to put table bucket encryption %v", err)
}
log.Printf("put table bucket encryption result:%#v\n", result)
}以下示例展示了如何查询Bucket级别加密配置。
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.GetTableBucketEncryption(context.TODO(), &tables.GetTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
})
if err != nil {
log.Fatalf("failed to get table bucket encryption %v", err)
}
log.Printf("get table bucket encryption result:%#v\n", result)
}以下示例展示了如何删除Bucket级别加密配置。
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.DeleteTableBucketEncryption(context.TODO(), &tables.DeleteTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
})
if err != nil {
log.Fatalf("failed to delete table bucket encryption %v", err)
}
log.Printf("delete table bucket encryption result:%#v\n", result)
}Java
以下示例展示了如何设置Bucket级别加密配置。
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class PutTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
String sseAlgorithm = "AES256";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
EncryptionConfiguration encryptionConfig = EncryptionConfiguration.newBuilder()
.sseAlgorithm(sseAlgorithm)
.build();
PutTableBucketEncryptionRequest request = PutTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.encryptionConfiguration(encryptionConfig)
.build();
PutTableBucketEncryptionResult result = client.putTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.printf("Successfully updated table bucket encryption for ARN: %s%n", tableBucketARN);
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}以下示例展示了如何查询Bucket级别加密配置。
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class GetTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
GetTableBucketEncryptionRequest request = GetTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.build();
GetTableBucketEncryptionResult result = client.getTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
if (result.encryptionConfiguration() != null) {
System.out.printf("Encryption Algorithm: %s%n", result.encryptionConfiguration().sseAlgorithm());
System.out.printf("Key ARN: %s%n", result.encryptionConfiguration().kmsKeyArn());
} else {
System.out.println("No encryption configuration found.");
}
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}以下示例展示了如何删除Bucket级别加密配置。
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class DeleteTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
DeleteTableBucketEncryptionRequest request = DeleteTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.build();
DeleteTableBucketEncryptionResult result = client.deleteTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.println("Encryption configuration deleted successfully.");
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}API
查询加密配置:GetTableBucketEncryption
删除加密配置:DeleteTableBucketEncryption
Table级别加密
控制台
创建Table时配置加密
登录OSS管理控制台,在左侧导航栏选择Table Bucket 列表。
单击目标Table Bucket名称,在Table 列表页签中单击创建 Table。
在创建Table面板中,服务端加密方式字段选择不加密或AES256。
完成其他配置(命名空间、Table格式、数据表名称、字段信息等)后,单击确定。
查看Table加密配置
在Table详情页的基本信息区域查看服务端加密方式字段,显示当前Table的加密算法。
ossutil
创建Table时指定加密(CreateTable)
ossutil tables-api create-table \
--table-bucket-arn acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket \
--namespace my_namespace \
--name my_table \
--format ICEBERG \
--encryption-configuration '{"sseAlgorithm":"AES256"}' \
--metadata '{"iceberg":{"schema":{"fields":[{"id":1,"name":"id","type":"long","required":true},{"id":2,"name":"data","type":"string"}]}}}'查询Table加密配置(GetTableEncryption)
ossutil tables-api get-table-encryption \
--table-bucket-arn acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket \
--namespace my_namespace \
--name my_tableSDK
Python
创建Table时指定加密(CreateTable)
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = 'cn-hangzhou'
client = oss_tables.Client(cfg)
# 定义Schema
schema = oss_tables.models.IcebergSchema(fields=[
oss_tables.models.SchemaField(id=1, name='id', type='long', required=True),
oss_tables.models.SchemaField(id=2, name='data', type='string'),
])
metadata = oss_tables.models.TableMetadata(
iceberg=oss_tables.models.IcebergMetadata(schema=schema))
# 指定AES256加密
encryption = oss_tables.models.EncryptionConfiguration(sse_algorithm='AES256')
result = client.create_table(oss_tables.models.CreateTableRequest(
table_bucket_arn='acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket',
namespace='my_namespace',
name='my_table',
format='ICEBERG',
metadata=metadata,
encryption_configuration=encryption,
))
print(f'Table ARN: {result.table_arn}')查询Table加密配置(GetTableEncryption)
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="get table encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
parser.add_argument('--namespace', help='The namespace of the table.', required=True)
parser.add_argument('--name', help='The name of the table.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.get_table_encryption(oss_tables.models.GetTableEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
namespace=args.namespace,
name=args.name,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
if result.encryption_configuration:
print(f'sse algorithm: {result.encryption_configuration.sse_algorithm},'
f'key arn: {result.encryption_configuration.key_arn}')
if __name__ == "__main__":
main()Go
创建Table时指定加密(CreateTable)
package main
import (
"context"
"fmt"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
func main() {
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion("cn-hangzhou")
client := tables.NewTablesClient(cfg)
result, err := client.CreateTable(context.TODO(), &tables.CreateTableRequest{
TableBucketARN: oss.Ptr("acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket"),
Namespace: oss.Ptr("my_namespace"),
Name: oss.Ptr("my_table"),
Format: oss.Ptr("ICEBERG"),
EncryptionConfiguration: &tables.EncryptionConfiguration{
SseAlgorithm: oss.Ptr("AES256"),
},
})
if err != nil {
panic(err)
}
fmt.Printf("Table ARN: %s\n", *result.TableARN)
}查询Table加密配置(GetTableEncryption)
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
namespace string
name string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
flag.StringVar(&namespace, "namespace", "", "The name of the namespace.")
flag.StringVar(&name, "name", "", "The name of the table.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(namespace) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, namespace name required")
}
if len(name) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table name required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.GetTableEncryption(context.TODO(), &tables.GetTableEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
Namespace: oss.Ptr(namespace),
Name: oss.Ptr(name),
})
if err != nil {
log.Fatalf("failed to get table encryption %v", err)
}
log.Printf("get table encryption result:%#v\n", result)
}Java
创建Table时指定加密(CreateTable)
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
import java.util.ArrayList;
import java.util.List;
public class CreateTableSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
String namespace = "my-namespace";
String name = "my-table";
String format = "iceberg";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
// Create schema fields
List<SchemaField> fields = new ArrayList<>();
fields.add(SchemaField.newBuilder()
.name("id")
.type("long")
.required(true)
.build());
fields.add(SchemaField.newBuilder()
.name("name")
.type("string")
.required(false)
.build());
fields.add(SchemaField.newBuilder()
.name("ts")
.type("timestamptz")
.required(false)
.build());
// Create schema
IcebergSchema icebergSchema = IcebergSchema.newBuilder()
.fields(fields)
.build();
// Create partition spec
IcebergPartitionField partitionField = IcebergPartitionField.newBuilder()
.sourceId(2)
.transform("identity")
.name("region")
.fieldId(1001)
.build();
List<IcebergPartitionField> partitionFields = new ArrayList<>();
partitionFields.add(partitionField);
IcebergPartitionSpec partitionSpec = IcebergPartitionSpec.newBuilder()
.specId(0)
.fields(partitionFields)
.build();
// Create iceberg metadata
IcebergMetadata icebergMetadata = IcebergMetadata.newBuilder()
.schema(icebergSchema)
.partitionSpec(partitionSpec)
.build();
// Set metadata
TableMetadata metadata = TableMetadata.newBuilder()
.iceberg(icebergMetadata)
.build();
// Add encryption configuration
EncryptionConfiguration encryptionConfig = EncryptionConfiguration.newBuilder()
.sseAlgorithm("AES256")
.build();
CreateTableRequest request = CreateTableRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.namespace(namespace)
.name(name)
.format(format)
.metadata(metadata)
.encryptionConfiguration(encryptionConfig)
.build();
CreateTableResult result = client.createTable(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.printf("Created table with ARN: %s%n", result.tableARN());
System.out.printf("Version token: %s%n", result.versionToken());
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}查询Table加密配置(GetTableEncryption)
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class GetTableEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
String namespace = "my-namespace";
String name = "my-table";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
GetTableEncryptionRequest request = GetTableEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.namespace(namespace)
.name(name)
.build();
GetTableEncryptionResult result = client.getTableEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
if (result.encryptionConfiguration() != null) {
System.out.printf("SSE Algorithm: %s%n", result.encryptionConfiguration().sseAlgorithm());
System.out.printf("Key ARN: %s%n", result.encryptionConfiguration().kmsKeyArn());
}
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}API
创建Table时指定加密:调用CreateTable接口通过encryptionConfiguration参数设置加密。
查询Table加密配置:GetTableEncryption
该文章对您有帮助吗?