[ aws . redshift ]

create-snapshot-copy-grant

Description

Creates a snapshot copy grant that permits Amazon Redshift to use a customer master key (CMK) from Key Management Service (KMS) to encrypt copied snapshots in a destination region.

For more information about managing snapshot copy grants, go to Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide .

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  create-snapshot-copy-grant
--snapshot-copy-grant-name <value>
[--kms-key-id <value>]
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--snapshot-copy-grant-name (string)

The name of the snapshot copy grant. This name must be unique in the region for the Amazon Web Services account.

Constraints:

  • Must contain from 1 to 63 alphanumeric characters or hyphens.

  • Alphabetic characters must be lowercase.

  • First character must be a letter.

  • Cannot end with a hyphen or contain two consecutive hyphens.

  • Must be unique for all clusters within an Amazon Web Services account.

--kms-key-id (string)

The unique identifier of the customer master key (CMK) to which to grant Amazon Redshift permission. If no key is specified, the default key is used.

--tags (list)

A list of tag instances.

(structure)

A tag consisting of a name/value pair for a resource.

Key -> (string)

The key, or name, for the resource tag.

Value -> (string)

The value for the resource tag.

Shorthand Syntax:

Key=string,Value=string ...

JSON Syntax:

[
  {
    "Key": "string",
    "Value": "string"
  }
  ...
]

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To create a snapshot copy grant

The following create-snapshot-copy-grant example creates a snapshot copy grant and encrypts copied snapshots in a destination AWS Region.

aws redshift create-snapshot-copy-grant \
    --snapshot-copy-grant-name mysnapshotcopygrantname

Output:

{
    "SnapshotCopyGrant": {
        "SnapshotCopyGrantName": "mysnapshotcopygrantname",
        "KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/bPxRfih3yCo8nvbEXAMPLEKEY",
        "Tags": []
    }
}

For more information, see Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide.

Output

SnapshotCopyGrant -> (structure)

The snapshot copy grant that grants Amazon Redshift permission to encrypt copied snapshots with the specified customer master key (CMK) from Amazon Web Services KMS in the destination region.

For more information about managing snapshot copy grants, go to Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide .

SnapshotCopyGrantName -> (string)

The name of the snapshot copy grant.

KmsKeyId -> (string)

The unique identifier of the customer master key (CMK) in Amazon Web Services KMS to which Amazon Redshift is granted permission.

Tags -> (list)

A list of tag instances.

(structure)

A tag consisting of a name/value pair for a resource.

Key -> (string)

The key, or name, for the resource tag.

Value -> (string)

The value for the resource tag.