[ aws . cloudfront ]

update-field-level-encryption-profile

Description

Update a field-level encryption profile.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  update-field-level-encryption-profile
--field-level-encryption-profile-config <value>
--id <value>
[--if-match <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--field-level-encryption-profile-config (structure)

Request to update a field-level encryption profile.

Name -> (string)

Profile name for the field-level encryption profile.

CallerReference -> (string)

A unique number that ensures that the request can’t be replayed.

Comment -> (string)

An optional comment for the field-level encryption profile.

EncryptionEntities -> (structure)

A complex data type of encryption entities for the field-level encryption profile that include the public key ID, provider, and field patterns for specifying which fields to encrypt with this key.

Quantity -> (integer)

Number of field pattern items in a field-level encryption content type-profile mapping.

Items -> (list)

An array of field patterns in a field-level encryption content type-profile mapping.

(structure)

Complex data type for field-level encryption profiles that includes the encryption key and field pattern specifications.

PublicKeyId -> (string)

The public key associated with a set of field-level encryption patterns, to be used when encrypting the fields that match the patterns.

ProviderId -> (string)

The provider associated with the public key being used for encryption. This value must also be provided with the private key for applications to be able to decrypt data.

FieldPatterns -> (structure)

Field patterns in a field-level encryption content type profile specify the fields that you want to be encrypted. You can provide the full field name, or any beginning characters followed by a wildcard (*). You can’t overlap field patterns. For example, you can’t have both ABC* and AB*. Note that field patterns are case-sensitive.

Quantity -> (integer)

The number of field-level encryption field patterns.

Items -> (list)

An array of the field-level encryption field patterns.

(string)

JSON Syntax:

{
  "Name": "string",
  "CallerReference": "string",
  "Comment": "string",
  "EncryptionEntities": {
    "Quantity": integer,
    "Items": [
      {
        "PublicKeyId": "string",
        "ProviderId": "string",
        "FieldPatterns": {
          "Quantity": integer,
          "Items": ["string", ...]
        }
      }
      ...
    ]
  }
}

--id (string)

The ID of the field-level encryption profile request.

--if-match (string)

The value of the ETag header that you received when retrieving the profile identity to update. For example: E2QWRUHAPOMQZL .

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To update a CloudFront field-level encryption profile

The following example updates the field-level encryption profile with the ID PPK0UOSIF5WSV. This example updates the profile’s Name and Comment, and adds a second FieldPatterns item, by providing the parameters in a JSON file.

To update a field-level encryption profile, you must have the profile’s ID and ETag. The ID is returned in the output of the create-field-level-encryption-profile and list-field-level-encryption-profiles commands. To get the ETag, use the get-field-level-encryption-profile or get-field-level-encryption-profile-config command. Use the --if-match option to provide the profile’s ETag.

aws cloudfront update-field-level-encryption-profile \
    --id PPK0UOSIF5WSV \
    --if-match E1QQG65FS2L2GC \
    --field-level-encryption-profile-config file://fle-profile-config.json

The file fle-profile-config.json is a JSON document in the current directory that contains the following:

{
    "Name": "ExampleFLEProfileUpdated",
    "CallerReference": "cli-example",
    "Comment": "Updated FLE profile for AWS CLI example",
    "EncryptionEntities": {
        "Quantity": 1,
        "Items": [
            {
                "PublicKeyId": "K2K8NC4HVFE3M0",
                "ProviderId": "ExampleFLEProvider",
                "FieldPatterns": {
                    "Quantity": 2,
                    "Items": [
                        "ExampleSensitiveField",
                        "SecondExampleSensitiveField"
                    ]
                }
            }
        ]
    }
}

Output:

{
    "ETag": "EJETYFJ9CL66D",
    "FieldLevelEncryptionProfile": {
        "Id": "PPK0UOSIF5WSV",
        "LastModifiedTime": "2019-12-10T19:05:58.296Z",
        "FieldLevelEncryptionProfileConfig": {
            "Name": "ExampleFLEProfileUpdated",
            "CallerReference": "cli-example",
            "Comment": "Updated FLE profile for AWS CLI example",
            "EncryptionEntities": {
                "Quantity": 1,
                "Items": [
                    {
                        "PublicKeyId": "K2K8NC4HVFE3M0",
                        "ProviderId": "ExampleFLEProvider",
                        "FieldPatterns": {
                            "Quantity": 2,
                            "Items": [
                                "ExampleSensitiveField",
                                "SecondExampleSensitiveField"
                            ]
                        }
                    }
                ]
            }
        }
    }
}

Output

FieldLevelEncryptionProfile -> (structure)

Return the results of updating the profile.

Id -> (string)

The ID for a field-level encryption profile configuration which includes a set of profiles that specify certain selected data fields to be encrypted by specific public keys.

LastModifiedTime -> (timestamp)

The last time the field-level encryption profile was updated.

FieldLevelEncryptionProfileConfig -> (structure)

A complex data type that includes the profile name and the encryption entities for the field-level encryption profile.

Name -> (string)

Profile name for the field-level encryption profile.

CallerReference -> (string)

A unique number that ensures that the request can’t be replayed.

Comment -> (string)

An optional comment for the field-level encryption profile.

EncryptionEntities -> (structure)

A complex data type of encryption entities for the field-level encryption profile that include the public key ID, provider, and field patterns for specifying which fields to encrypt with this key.

Quantity -> (integer)

Number of field pattern items in a field-level encryption content type-profile mapping.

Items -> (list)

An array of field patterns in a field-level encryption content type-profile mapping.

(structure)

Complex data type for field-level encryption profiles that includes the encryption key and field pattern specifications.

PublicKeyId -> (string)

The public key associated with a set of field-level encryption patterns, to be used when encrypting the fields that match the patterns.

ProviderId -> (string)

The provider associated with the public key being used for encryption. This value must also be provided with the private key for applications to be able to decrypt data.

FieldPatterns -> (structure)

Field patterns in a field-level encryption content type profile specify the fields that you want to be encrypted. You can provide the full field name, or any beginning characters followed by a wildcard (*). You can’t overlap field patterns. For example, you can’t have both ABC* and AB*. Note that field patterns are case-sensitive.

Quantity -> (integer)

The number of field-level encryption field patterns.

Items -> (list)

An array of the field-level encryption field patterns.

(string)

ETag -> (string)

The result of the field-level encryption profile request.