[ aws . cloudfront ]
Create a field-level encryption profile.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
create-field-level-encryption-profile
--field-level-encryption-profile-config <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--field-level-encryption-profile-config
(structure)
The request to create a field-level encryption profile.
Name -> (string)
Profile name for the field-level encryption profile.
CallerReference -> (string)
A unique number that ensures that the request can’t be replayed.
Comment -> (string)
An optional comment for the field-level encryption profile. The comment cannot be longer than 128 characters.
EncryptionEntities -> (structure)
A complex data type of encryption entities for the field-level encryption profile that include the public key ID, provider, and field patterns for specifying which fields to encrypt with this key.
Quantity -> (integer)
Number of field pattern items in a field-level encryption content type-profile mapping.
Items -> (list)
An array of field patterns in a field-level encryption content type-profile mapping.
(structure)
Complex data type for field-level encryption profiles that includes the encryption key and field pattern specifications.
PublicKeyId -> (string)
The public key associated with a set of field-level encryption patterns, to be used when encrypting the fields that match the patterns.
ProviderId -> (string)
The provider associated with the public key being used for encryption. This value must also be provided with the private key for applications to be able to decrypt data.
FieldPatterns -> (structure)
Field patterns in a field-level encryption content type profile specify the fields that you want to be encrypted. You can provide the full field name, or any beginning characters followed by a wildcard (*). You can’t overlap field patterns. For example, you can’t have both ABC* and AB*. Note that field patterns are case-sensitive.
Quantity -> (integer)
The number of field-level encryption field patterns.
Items -> (list)
An array of the field-level encryption field patterns.
(string)
JSON Syntax:
{
"Name": "string",
"CallerReference": "string",
"Comment": "string",
"EncryptionEntities": {
"Quantity": integer,
"Items": [
{
"PublicKeyId": "string",
"ProviderId": "string",
"FieldPatterns": {
"Quantity": integer,
"Items": ["string", ...]
}
}
...
]
}
}
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To create a CloudFront field-level encryption profile
The following example creates a field-level encryption profile by providing the
parameters in a JSON file named fle-profile-config.json
. Before you can
create a field-level encryption profile, you must have a CloudFront public key.
To create a CloudFront public key, see the create-public-key command.
For more information about CloudFront field-level encryption, see Using Field-Level Encryption to Help Protect Sensitive Data in the Amazon CloudFront Developer Guide.
aws cloudfront create-field-level-encryption-profile \
--field-level-encryption-profile-config file://fle-profile-config.json
The file fle-profile-config.json
is a JSON document in the current folder
that contains the following:
{
"Name": "ExampleFLEProfile",
"CallerReference": "cli-example",
"Comment": "FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 1,
"Items": [
"ExampleSensitiveField"
]
}
}
]
}
}
Output:
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/field-level-encryption-profile/PPK0UOSIF5WSV",
"ETag": "E2QWRUHEXAMPLE",
"FieldLevelEncryptionProfile": {
"Id": "PPK0UOSIF5WSV",
"LastModifiedTime": "2019-12-10T01:03:16.537Z",
"FieldLevelEncryptionProfileConfig": {
"Name": "ExampleFLEProfile",
"CallerReference": "cli-example",
"Comment": "FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 1,
"Items": [
"ExampleSensitiveField"
]
}
}
]
}
}
}
}
FieldLevelEncryptionProfile -> (structure)
Returned when you create a new field-level encryption profile.
Id -> (string)
The ID for a field-level encryption profile configuration which includes a set of profiles that specify certain selected data fields to be encrypted by specific public keys.
LastModifiedTime -> (timestamp)
The last time the field-level encryption profile was updated.
FieldLevelEncryptionProfileConfig -> (structure)
A complex data type that includes the profile name and the encryption entities for the field-level encryption profile.
Name -> (string)
Profile name for the field-level encryption profile.
CallerReference -> (string)
A unique number that ensures that the request can’t be replayed.
Comment -> (string)
An optional comment for the field-level encryption profile. The comment cannot be longer than 128 characters.
EncryptionEntities -> (structure)
A complex data type of encryption entities for the field-level encryption profile that include the public key ID, provider, and field patterns for specifying which fields to encrypt with this key.
Quantity -> (integer)
Number of field pattern items in a field-level encryption content type-profile mapping.
Items -> (list)
An array of field patterns in a field-level encryption content type-profile mapping.
(structure)
Complex data type for field-level encryption profiles that includes the encryption key and field pattern specifications.
PublicKeyId -> (string)
The public key associated with a set of field-level encryption patterns, to be used when encrypting the fields that match the patterns.
ProviderId -> (string)
The provider associated with the public key being used for encryption. This value must also be provided with the private key for applications to be able to decrypt data.
FieldPatterns -> (structure)
Field patterns in a field-level encryption content type profile specify the fields that you want to be encrypted. You can provide the full field name, or any beginning characters followed by a wildcard (*). You can’t overlap field patterns. For example, you can’t have both ABC* and AB*. Note that field patterns are case-sensitive.
Quantity -> (integer)
The number of field-level encryption field patterns.
Items -> (list)
An array of the field-level encryption field patterns.
(string)
Location -> (string)
The fully qualified URI of the new profile resource just created.
ETag -> (string)
The current version of the field level encryption profile. For example:
E2QWRUHAPOMQZL
.