[ aws . cloudfront ]
update-field-level-encryption-profile¶
Description¶
Update a field-level encryption profile.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
Synopsis¶
update-field-level-encryption-profile
--field-level-encryption-profile-config <value>
--id <value>
[--if-match <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]
Options¶
--field-level-encryption-profile-config (structure)
Request to update a field-level encryption profile.
Name -> (string)
Profile name for the field-level encryption profile.
CallerReference -> (string)
A unique number that ensures that the request can’t be replayed.
Comment -> (string)
An optional comment for the field-level encryption profile.
EncryptionEntities -> (structure)
A complex data type of encryption entities for the field-level encryption profile that include the public key ID, provider, and field patterns for specifying which fields to encrypt with this key.
Quantity -> (integer)
Number of field pattern items in a field-level encryption content type-profile mapping.
Items -> (list)
An array of field patterns in a field-level encryption content type-profile mapping.
(structure)
Complex data type for field-level encryption profiles that includes the encryption key and field pattern specifications.
PublicKeyId -> (string)
The public key associated with a set of field-level encryption patterns, to be used when encrypting the fields that match the patterns.
ProviderId -> (string)
The provider associated with the public key being used for encryption. This value must also be provided with the private key for applications to be able to decrypt data.
FieldPatterns -> (structure)
Field patterns in a field-level encryption content type profile specify the fields that you want to be encrypted. You can provide the full field name, or any beginning characters followed by a wildcard (*). You can’t overlap field patterns. For example, you can’t have both ABC* and AB*. Note that field patterns are case-sensitive.
Quantity -> (integer)
The number of field-level encryption field patterns.
Items -> (list)
An array of the field-level encryption field patterns.
(string)
JSON Syntax:
{
"Name": "string",
"CallerReference": "string",
"Comment": "string",
"EncryptionEntities": {
"Quantity": integer,
"Items": [
{
"PublicKeyId": "string",
"ProviderId": "string",
"FieldPatterns": {
"Quantity": integer,
"Items": ["string", ...]
}
}
...
]
}
}
--id (string)
The ID of the field-level encryption profile request.
--if-match (string)
The value of the
ETagheader that you received when retrieving the profile identity to update. For example:E2QWRUHAPOMQZL.
--cli-input-json | --cli-input-yaml (string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.
--generate-cli-skeleton (string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.
--cli-auto-prompt (boolean)
Automatically prompt for CLI input parameters.
See ‘aws help’ for descriptions of global parameters.
Examples¶
To update a CloudFront field-level encryption profile
The following example updates the field-level encryption profile with the ID
PPK0UOSIF5WSV. This example updates the profile’s Name and Comment,
and adds a second FieldPatterns item, by providing the parameters in a JSON
file.
To update a field-level encryption profile, you must have the profile’s ID and ETag. The ID is returned in the output of the
create-field-level-encryption-profile and
list-field-level-encryption-profiles commands.
To get the ETag, use the
get-field-level-encryption-profile or
get-field-level-encryption-profile-config command.
Use the --if-match option to provide the profile’s ETag.
aws cloudfront update-field-level-encryption-profile \
--id PPK0UOSIF5WSV \
--if-match E1QQG65FS2L2GC \
--field-level-encryption-profile-config file://fle-profile-config.json
The file fle-profile-config.json is a JSON document in the current
directory that contains the following:
{
"Name": "ExampleFLEProfileUpdated",
"CallerReference": "cli-example",
"Comment": "Updated FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 2,
"Items": [
"ExampleSensitiveField",
"SecondExampleSensitiveField"
]
}
}
]
}
}
Output:
{
"ETag": "EJETYFJ9CL66D",
"FieldLevelEncryptionProfile": {
"Id": "PPK0UOSIF5WSV",
"LastModifiedTime": "2019-12-10T19:05:58.296Z",
"FieldLevelEncryptionProfileConfig": {
"Name": "ExampleFLEProfileUpdated",
"CallerReference": "cli-example",
"Comment": "Updated FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 2,
"Items": [
"ExampleSensitiveField",
"SecondExampleSensitiveField"
]
}
}
]
}
}
}
}
Output¶
FieldLevelEncryptionProfile -> (structure)
Return the results of updating the profile.
Id -> (string)
The ID for a field-level encryption profile configuration which includes a set of profiles that specify certain selected data fields to be encrypted by specific public keys.
LastModifiedTime -> (timestamp)
The last time the field-level encryption profile was updated.
FieldLevelEncryptionProfileConfig -> (structure)
A complex data type that includes the profile name and the encryption entities for the field-level encryption profile.
Name -> (string)
Profile name for the field-level encryption profile.
CallerReference -> (string)
A unique number that ensures that the request can’t be replayed.
Comment -> (string)
An optional comment for the field-level encryption profile.
EncryptionEntities -> (structure)
A complex data type of encryption entities for the field-level encryption profile that include the public key ID, provider, and field patterns for specifying which fields to encrypt with this key.
Quantity -> (integer)
Number of field pattern items in a field-level encryption content type-profile mapping.
Items -> (list)
An array of field patterns in a field-level encryption content type-profile mapping.
(structure)
Complex data type for field-level encryption profiles that includes the encryption key and field pattern specifications.
PublicKeyId -> (string)
The public key associated with a set of field-level encryption patterns, to be used when encrypting the fields that match the patterns.
ProviderId -> (string)
The provider associated with the public key being used for encryption. This value must also be provided with the private key for applications to be able to decrypt data.
FieldPatterns -> (structure)
Field patterns in a field-level encryption content type profile specify the fields that you want to be encrypted. You can provide the full field name, or any beginning characters followed by a wildcard (*). You can’t overlap field patterns. For example, you can’t have both ABC* and AB*. Note that field patterns are case-sensitive.
Quantity -> (integer)
The number of field-level encryption field patterns.
Items -> (list)
An array of the field-level encryption field patterns.
(string)
ETag -> (string)
The result of the field-level encryption profile request.