Creates a snapshot copy grant that permits Amazon Redshift to use an encrypted symmetric key from Key Management Service (KMS) to encrypt copied snapshots in a destination region.
For more information about managing snapshot copy grants, go to Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
create-snapshot-copy-grant
--snapshot-copy-grant-name <value>
[--kms-key-id <value>]
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--snapshot-copy-grant-name
(string)
The name of the snapshot copy grant. This name must be unique in the region for the Amazon Web Services account.
Constraints:
Must contain from 1 to 63 alphanumeric characters or hyphens.
Alphabetic characters must be lowercase.
First character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
Must be unique for all clusters within an Amazon Web Services account.
--kms-key-id
(string)
The unique identifier of the encrypted symmetric key to which to grant Amazon Redshift permission. If no key is specified, the default key is used.
--tags
(list)
A list of tag instances.
(structure)
A tag consisting of a name/value pair for a resource.
Key -> (string)
The key, or name, for the resource tag.
Value -> (string)
The value for the resource tag.
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To create a snapshot copy grant
The following create-snapshot-copy-grant
example creates a snapshot copy grant and encrypts copied snapshots in a destination AWS Region.
aws redshift create-snapshot-copy-grant \
--snapshot-copy-grant-name mysnapshotcopygrantname
Output:
{
"SnapshotCopyGrant": {
"SnapshotCopyGrantName": "mysnapshotcopygrantname",
"KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/bPxRfih3yCo8nvbEXAMPLEKEY",
"Tags": []
}
}
For more information, see Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide.
SnapshotCopyGrant -> (structure)
The snapshot copy grant that grants Amazon Redshift permission to encrypt copied snapshots with the specified encrypted symmetric key from Amazon Web Services KMS in the destination region.
For more information about managing snapshot copy grants, go to Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide .
SnapshotCopyGrantName -> (string)
The name of the snapshot copy grant.
KmsKeyId -> (string)
The unique identifier of the encrypted symmetric key in Amazon Web Services KMS to which Amazon Redshift is granted permission.
Tags -> (list)
A list of tag instances.
(structure)
A tag consisting of a name/value pair for a resource.
Key -> (string)
The key, or name, for the resource tag.
Value -> (string)
The value for the resource tag.